Rapid Response

with NodeZero

Get Ahead of Emerging Threats

Schedule a Demo

When emerging vulnerabilities are identified, time is your enemy. Horizon3.ai’s Rapid Response service gives NodeZero users a strategic advantage with early, actionable intelligence to counteract nascent stage cyber exploits that are newly discovered and not yet widely known or addressed.

CISA reports that while only 4% of all CVEs have ever been exploited in the wild, 50% of those are exploited by attackers within the first two days of disclosure.

Your ability to swiftly identify and remediate the emerging threats that pose an actual risk to your organization is key to your cyber resilience. With the Horizon3.ai Rapid Response service— provided as a unique benefit to NodeZero users— you are alerted if your assets are known to be affected. Based on the impact priority, you can initiate action to the emerging threat directly from the NodeZero Rapid Response center.

Laptop Launch Streamline Icon: https://streamlinehq.com

Get Ahead of Adversaries

Begin finding, fixing, and verifying N-day vulnerabilities in your environment before they are widely exploited. If the Horizon3.ai team discovers a zero day, you will be notified PRIOR to public disclosure if your environment is impacted. Read the white paper for a full overview of the Rapid Response service.
Download the Whitepaper

You can toggle between Alerts for threats verified to impact your organization and Activity for updates about all the emerging threats the Horizon3.ai Attack Team is tracking.

NodeZero N-Day Testing Segmentation

Complete N-Day Testing in 24 Hours

You can shorten the critical timeframe for testing for N-day exposure even in large organizations by pre-configuring runners for each of your major network segments. Then when a widespread N-day emerges, you can run those preconfigured segments concurrently, so that your full environment is tested within 24 hours. The NodeZero platform scales to support the largest networks and can run 100+ N-day tests concurrently.

Rapid Response in Action:

NodeZero Users Notified 57 Days Before CVE Cataloged

Horizon3.ai’s Attack Team consists of former US nation-state hackers and OSCP practitioners, who use their experience and extensive cyber threat intelligence sources to deliver advance notice of emerging exploitable vulnerabilities affecting any assets organizations have previously tested on the NodeZero platform.

In the PaperCut example, NodeZero customers benefited from unique threat intelligence unavailable to anyone else in the world. Users were notified 26 days before a patch was publicly available and 57 days before a CVE for the zero day was officially issued and cataloged.

5/30/23
Astronomy Comet Streamline Icon: https://streamlinehq.com

Horizon3.ai Discloses Zero Day to PaperCut

6/08/23
Insurance Document Clipboard Streamline Icon: https://streamlinehq.com

Zero Day Verified by Vendor

6/30/23
Alarm Bell Ring Streamline Icon: https://streamlinehq.com

Rapid Response Program Notifies Affected Customers

Mitigation: Take assets offline ASAP

NodeZero users notified 26 days before a patch was available and 57 days before a CVE was cataloged.

7/25/23
Retouch Patch Streamline Icon: https://streamlinehq.com

PaperCut Releases Patch

7/26/23
Add Circle Streamline Icon: https://streamlinehq.com

Exploit Added to NodeZero

8/04/23
Common File Text Search Streamline Icon: https://streamlinehq.com

Zero Day Added to CVE Catalog

CVE-2023-39143

Run targeted N-day tests to get detailed remediation guidance on assets that are affected.

To test for PaperCut in your environment, you simply select it from the menu in the Rapid Response center.

Run a Pentest for Papercut
Zero Content Sign Streamline Icon: https://streamlinehq.com
What are zero days?

A vulnerability or security flaw in software or systems that is unknown to the vendor or developer.

It is called “zero day” because the vendor has had zero days to fix or patch the unknown vulnerability. Zero day vulnerabilities are valuable to attackers because they can be used to launch targeted attacks without detection.

Calendar 3 Streamline Icon: https://streamlinehq.com
What are N-days?

An N-day is a software or hardware vulnerability that is already publicly known, (days since disclosure) but there may or may not be a security update available to remediate the vulnerability.

The goal of vendors, distributors, and administrators is to have systems patched as quickly as possible to avoid N-day attacks.

Rapid Response in Action:

NodeZero Users Get Early Alert to FortiClient EMS N-Day

24 hours after Fortinet issued a critical advisory regarding a structured query language (SQL) vulnerability of FortiClient Enterprise Management Server (EMS), Horizon3.ai’s Attack Team was able to reverse-engineer it and get first blood on the proof-of-concept exploit for the vulnerability that allows for unauthenticated code execution.

Within the first 72 hours of Fortinet’s advisory, all NodeZero customers who were opted-in to Rapid Response were alerted of specific assets in their organizations that were manually verified as exploitable to this breaking N-day. They also received mitigation recommendations a full 10 days before the vulnerability was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

3/12/24
Megaphone 1 Streamline Icon: https://streamlinehq.com

Fortinet Announces Critical Advisory

3/13/24
Skull Streamline Icon: https://streamlinehq.com

Horizon3.ai Achieves First Blood on PoC Exploit

NodeZero users were notified if the vulnerability impacted them within 72 hours

3/15/24
Add Circle Streamline Icon: https://streamlinehq.com

Exploit Added to NodeZero, Rapid Response Program Notifies Exploitable Users

Mitigation: Patch ASAP

They received mitigation recommendations 10 days before the vulnerability was added to the KEV.

3/21/24
Lock Unlock 1 Streamline Icon: https://streamlinehq.com

Horizon3.ai Discloses PoC Exploit w/ Technical Blog

3/25/24
Common File Text Search Streamline Icon: https://streamlinehq.com

Vulnerability Added to CISA KEV

CVE-2023-48788

Horizon3.ai helps you get ahead of emerging threats in these key ways:

Time Clock Circle 1 Streamline Icon: https://streamlinehq.com
Early identification of N-days and zero days:
The Horizon3.ai Attack Team proactively researches potential zero days and N-days and identifies which vulnerabilities are likely to be exploited in the wild — even if they haven’t made the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. See Disclosures for the list of zero days found to date.
Bomb Streamline Icon: https://streamlinehq.com
Prioritizes threats by impact:

When they identify vulnerabilities that are likely to be exploited, the Horizon3.ai Attack Team reverse-engineers them and creates a proof of concept exploit to understand the impact of the vulnerability. This understanding is embedded into NodeZero and is paired with contextual understanding of your environment to modify the ratings from the The National Vulnerability Database (NVD) when appropriate. This helps you prioritize your remediations and understand when you should patch outside of your regular cycle for a particular threat.

Skull Streamline Icon: https://streamlinehq.com
Emerging Threats are Verified:

NodeZero users receive tailored threat intelligence on emerging vulnerabilities. This includes a manual verification by the Horizon3.ai Attack Team of the exploitability and impact of the threat in question, unique to your organization.

Cog Double Streamline Icon: https://streamlinehq.com
N-day testing is part of standard operating procedure:

NodeZero pentests identify emerging N-days within your environment as part of the autonomous internal and external pentesting process. The NodeZero Rapid Response Center also enables targeted N-day testing on demand.

Run targeted N-day tests to get detailed remediation guidance on assets that are affected.

N-day exploits are continually added to NodeZero

The Rapid Response center shows you exactly where your organization is vulnerable to new threats, what the outcome would be if a system was exploited, and how to best mitigate or remediate the N-day in question. Use the growing list of targeted tests to test the impact of a specific vulnerability on your environment.

Our Process Helps You Find, Fix and Verify Nascent Threats

Ready to connect with Horizon3.ai?

Submit the form below.