Horizon3.ai
Horizon3.ai

Fortifying the Defense Industrial Base (DIB): NodeZero for Supply Chain Security

 

NSA Cybersecurity Collaboration Center and Horizon3.ai are working together to elevate the security posture of the Defense Industrial Base (DIB) suppliers.

Learn More

What is the CAPT program?

The NSA’s Continuous Autonomous Penetration Testing (CAPT) program, powered by Horizon3.ai’s NodeZero™, identifies exploitable vulnerabilities across DIB suppliers’ IT infrastructures. With ongoing, intelligence-driven cyber risk assessments, NodeZero reinforces critical infrastructures, bolstering national supply chain security.

How does the program work?

Horizon3.ai manages enrollment, onboarding, and activation onto the NodeZero platform, enabling DIB suppliers to quickly launch self-service pentests. These tests help meet compliance, strengthen security, and eliminate costly consulting engagements. This benefits the taxpayer, DoD, and DIB suppliers alike.

Download Whitepaper

Before the NSA launched CAPT, the DIB was dangerously exposed, with many critical vulnerabilities unchecked. Now, program participants have closed 71% of critical findings within 30 days, moving from 1-2 pentests a year to several each month. This isn’t just compliance; it’s ownership of national security. The DIB is now proactively defending the nation’s safety.

– Snehal Antani, CEO and Co-Founder Horizon3.ai

How does this benefit my business?

Free, world-class pentesting to help you uncover your most vulnerable areas

User-friendly interface with simplified remediation guidance and reporting

Continuous and safe risk assessments that complete in hours, not days

Prioritized pentest findings so you know what to fix first

Proof that risks have been remediated with one-click verification

Demonstrates your ability to reduce vulnerabilities and ensure continuity

Aligns with CMMC, SOC2, and other key cybersecurity standards

NodeZero UI: Phishing Summary
6
NodeZero simplifies the process of pinpointing and addressing vulnerabilities that expose suppliers to cyber threats. Its ease of use, accurate vulnerability prioritization, and clear remediation guidance significantly enhance security for DIB suppliers enrolled in this no-cost program.

Positive outcomes with real risk reduction

  • One DIB firm completed 70+ bi-weekly pentests with NodeZero in the last four months with limited effort other than to set up and launch the tests. 
  • Another DIB firm conducted its first pentests two days after onboarding and NodeZero proved it could exploit a known vulnerable software product in use.
  • Another DIB firm discovered that NodeZero was able to gain access to testing data, manuals, and other sensitive information stored in the supplier’s network.

Latest NodeZero + DIB Supplier Statistics

Number of Participants: 290
Number of Pentests: 3,111 ops with at least 1 host
Number of Endpoints: 332,730
Number of Critical Issues Mitigated: 4.615
Percentage of Critical Issues Mitigated: 52%
Percentage of High Weakness Mitigated: 52%
Duration of Operations: 31,187 hours

NodeZero UI: Phishing weaknesses

Number of Exploitable Weaknesses and Vulnerabilities Detected: 61,111

What do DIB suppliers have to say about the program?

“Node Zero provides our small team with an advantage by showcasing what an attacker can do within our network. The team responsible for Node Zero is actively engaged in safeguarding your network against both internal and external threats. This enables our team to have peace of mind, knowing that our efforts to fix vulnerabilities are focused on addressing actively exploited issues. Every DIB supplier should consider augmenting this tool to their cyber team.”

– Information System Security Officer – Maritime Electronic Systems

 

“We have been using Horizon3.ai’s NodeZero platform for over a year, and it has been an invaluable tool for our cybersecurity efforts. The autonomous penetration testing is incredibly thorough, providing us with detailed insights into our vulnerabilities from both internal and external perspectives. The auto-reports are particularly impressive, clearly identifying the issues and offering comprehensive steps to resolve them. This has not only helped us strengthen our defenses but also saved us time and resources by prioritizing the most critical risks. Horizon3.ai has truly enhanced our security posture, and we highly recommend their service to any organization looking to proactively manage their cybersecurity."

Cybersecurity Analyst – Manufacturer of Machined Components for the Defense Industry

 

The NSA does not endorse any commercial product or service provided by Horizon3.ai. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by NSA.