No more typing reviews! Try our Samantha, our new voice AI agent.
reviewer2855973 - PeerSpot reviewer
Manager, Cybersecurity Operations at a transportation company with 1,001-5,000 employees
Real User
Top 20
Jun 12, 2026
Continuous autonomous testing has improved security posture and reduces exploitable vulnerabilities
Pros and Cons
  • "The NodeZero Platform by Horizon3.ai has positively impacted our organization by definitely increasing our security posture significantly."
  • "The NodeZero Platform by Horizon3.ai could be improved by speeding up the time from initializing a test to actually starting the test, as the deployment of the underlying infrastructure can take several minutes, sometimes over 10 minutes."

What is our primary use case?

My main use case for The NodeZero Platform by Horizon3.ai is autonomous and continuous penetration testing.

A specific example of how I use The NodeZero Platform by Horizon3.ai for autonomous and continuous penetration testing is testing web applications for vulnerabilities as new releases come out. I run these tests weekly or depending upon when it is necessary for different applications.

What is most valuable?

The best features The NodeZero Platform by Horizon3.ai offers are ease of deployment, intuitive interface, and the extremely useful and phenomenal data that it provides as an outcome.

The interface of The NodeZero Platform by Horizon3.ai is intuitive for me because it provides us with actionable data, and it is very easy to use and straightforward, not requiring much of a learning curve to pick up.

The NodeZero Platform by Horizon3.ai has positively impacted our organization by definitely increasing our security posture significantly.

Since using The NodeZero Platform by Horizon3.ai, I have noticed specific improvements such as a decrease in identified vulnerabilities, with fewer critical and high vulnerabilities over time.

What needs improvement?

The NodeZero Platform by Horizon3.ai could be improved by speeding up the time from initializing a test to actually starting the test, as the deployment of the underlying infrastructure can take several minutes, sometimes over 10 minutes.

For how long have I used the solution?

I have been using The NodeZero Platform by Horizon3.ai for four years.

Buyer's Guide
The NodeZero Platform by Horizon3.ai
June 2026
Learn what your peers think about The NodeZero Platform by Horizon3.ai. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.

What do I think about the stability of the solution?

The NodeZero Platform by Horizon3.ai is stable.

What do I think about the scalability of the solution?

The scalability of The NodeZero Platform by Horizon3.ai is very good.

How are customer service and support?

The customer support is very good. On a scale of 1 to 10, I would rate the customer support a 10.

Which solution did I use previously and why did I switch?

I did not use a previous solution before using The NodeZero Platform by Horizon3.ai.

What was our ROI?

I have seen a return on investment with The NodeZero Platform by Horizon3.ai but cannot share any relevant metrics.

Which other solutions did I evaluate?

I evaluated other options before choosing The NodeZero Platform by Horizon3.ai, specifically Pentera.

What other advice do I have?

My advice to others looking into using The NodeZero Platform by Horizon3.ai is to use it to its full potential, as it is very easy to use and has very powerful features; just make sure you're using them all.

Regarding The NodeZero Platform by Horizon3.ai's AI capabilities, I have no preference about its governance and security. I think its accuracy and reliability of output are very good.

The NodeZero Platform by Horizon3.ai is deployed in my organization on a public cloud, as it is a Software as a Service solution. I use AWS as my cloud provider. I did not purchase The NodeZero Platform by Horizon3.ai through the AWS Marketplace.

My impression of the solution's feature that allows security teams to fix and retest vulnerabilities instantly is that it is phenomenal.

The platform's real attack capabilities have helped in identifying actual exploitable vulnerabilities in my on-premises systems compared to a vulnerability management solution, which only gives me theoretically exploitable vulnerabilities.

The NodeZero Platform by Horizon3.ai's endpoint security effectiveness feature impacts my understanding of potential security threats by showing what can actually be exploited.

I would assess The NodeZero Platform by Horizon3.ai's impact on my organization's remediation time as very high.

The NodeZero Platform by Horizon3.ai has not necessarily reduced my penetration testing costs, but it could; however, it has certainly increased our security posture, which could essentially allow me to reduce my penetration testing costs.

I would rate this review a 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jun 12, 2026
Flag as inappropriate
PeerSpot user
Laura Halonen - PeerSpot reviewer
Offensive Security Analyst at a tech services company with 201-500 employees
Real User
Top 5
Mar 23, 2026
Automated pentests have improved remediation priorities and now reveal real business impact
Pros and Cons
  • "Otherwise, the solution itself is very fine and I would recommend it as an MSP partner or as a user of the tool to pretty much any company."
  • "If we have had problems, that is with the actual licensing style they are using."

What is our primary use case?

The main use case for The NodeZero Platform by Horizon3.ai is internal network testing, as we put up a few runners in the customer environment and then we scan and test the environment.

How has it helped my organization?

The main benefits that The NodeZero Platform by Horizon3.ai brings to the table or how it helps to improve the way the organization functions is that it is very easy to read the pentest results from when it comes to prioritizing the fixing order of things, because now companies can actually see what the critical part is, how it affects the business, not just the system or one device, but the business impact is the question here, which is why companies take autonomous pentesting instead of a few manual pentests a year or vulnerability management.

What is most valuable?

The best features in The NodeZero Platform by Horizon3.ai are that it is a very easy environment to maintain, as we can pretty easily set up new pentests or add new assets there to be tested. We have a good connection with the actual company behind it, Horizon3.ai, so they help us whenever we ask pretty quickly.

My impression of The NodeZero Platform by Horizon3.ai's feature that allows security teams to fix and retest vulnerabilities instantly is that it is one of the core elements our customers use and it might even be the reason why they choose this tool over traditional vulnerability scanning. Of course, they get the pentest results on top of vulnerability scanning, but its crucial part is that they can test the especially critical findings and high-level findings immediately after they have fixed them.

The NodeZero Platform by Horizon3.ai has helped my clients reduce pentest costs, as for some companies, the cost has raised a bit, but they get a bigger area tested with just a slightly bigger price. A usual case is when they move from vulnerability scanning to pentesting, the price does not actually go up except maybe just slightly.

What needs improvement?

Apart from the licenses, specifically the tenant-based licenses that were mentioned, I would like to see more deep investigation of different environments in The NodeZero Platform by Horizon3.ai, especially in cloud. A proper mapping of assets and maybe some kind of map where I can actually see what devices or accounts are connected to each other would help a lot with the investigation and prioritization of things.

There are missing features in The NodeZero Platform by Horizon3.ai that I would like to see included in the next release or some functionality that I would like to see enhanced in it in the future, as they have already spoken of web application testing, so that is something I am looking forward to. API testing would be nice to see. I think it is coming right after the web application testing. However, the one thing that is very much asked from us as a service provider is DAST testing, so when a company is building a software, they could see their current security status while they are building the application.

For how long have I used the solution?

I have been working with The NodeZero Platform by Horizon3.ai for about two years now.

How are customer service and support?

I evaluate customer service and technical support for The NodeZero Platform by Horizon3.ai as good. If we have had problems, that is with the actual licensing style they are using. When we have customers, like midterm, let us say six months after our own contract starts, we get the pricing for the next six months, but then we have to negotiate again. What I would like to see from them is a tenant-based licensing for our customers also, not just us. Overall, we have good contacts, we get answers to questions we ask them very quickly. Support has been pretty quick also.

On a scale of one to ten, I would rate the tech support for The NodeZero Platform by Horizon3.ai as nine.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Prior to adopting The NodeZero Platform by Horizon3.ai, I did not work with any other solution of the same kind, as mentioned, I have done manual pentesting. Burp Suite has some automatic scanning and testing extensions, but I have mostly been a manual tester and bug hunter. I have read a lot about Aikido solution or Pentera, but that is just on a common level of knowledge gathered from the internet, not anything too deep or technically deep.

What's my experience with pricing, setup cost, and licensing?

Regarding the pricing aspect of The NodeZero Platform by Horizon3.ai, my experience with the pricing, setup cost, and licensing part of it is that the setup cost was very minimal. I do not know if we even had that to be sure. The pricing is not on my responsibility, but what I have heard from our salespersons and the business executive whose responsibility it is, is that related to traditional vulnerability scanning, it is even cheap. The pricing is not the point why it would be hard to sell, so I guess it is on a good level now.

Which other solutions did I evaluate?

I did evaluate other options before going with The NodeZero Platform by Horizon3.ai, as I was not myself in the process of choosing between The NodeZero Platform by Horizon3.ai and others, but I know that we chose it because it is cloud-based, so it is easy to set up. There is no need for a customer to purchase on-prem servers or anything like that. They just need a little runner on some laptop or server or virtual machine, so it is easy to maintain. It is not too pricey for the customers we planned it for. Currently, it supports very well our offensive security offerings.

What other advice do I have?

With our customer, I review the results of The NodeZero Platform by Horizon3.ai and we see what they should do to improve their security maturity.

NodeZero's endpoint security effectiveness feature impacts the understanding of potential security threats, as I must say that I do not have so much results yet in that area. It is quite new to me and I am looking forward to having more testing on endpoints on both our own environment and customers. What I have seen so far, I would say currently is good, but I personally need to know more before I can say anything in any direction.

I assess The NodeZero Platform by Horizon3.ai's impact on the organization's remediation time as much better than in traditional vulnerability management because now they actually see what has been caused and what the business impact is. They actually have already a pretty prioritized list of what needs to be fixed first. The so-called false positive noise has been reduced to almost zero. It has affected that part very much.

The advice I would share regarding organizations considering The NodeZero Platform by Horizon3.ai is that, as mentioned earlier, if there is a company that should choose whether they go to pentesting or vulnerability management. Pentesting can be a very nice test, one which does not cause any issues or show to users anyway. They can also choose the stress test mode, which may even lock out accounts or crash a computer, but we can adapt and configure the test for any environment customer needs. As a technical implementation or technical tool, it is very straightforward to set it up and schedule the scans or tests and see the results. Of course, the results could be more; now it is just a list of assets pretty much and another list for findings. There could be some maps of what accounts and devices are connected to each other, which would help. Otherwise, the solution itself is very fine and I would recommend it as an MSP partner or as a user of the tool to pretty much any company. I rate The NodeZero Platform by Horizon3.ai a nine out of ten overall.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Last updated: Mar 23, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
The NodeZero Platform by Horizon3.ai
June 2026
Learn what your peers think about The NodeZero Platform by Horizon3.ai. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.
Security Engineer at Herjavec Group
MSP
Top 20
Mar 27, 2026
Automated penetration testing has reduced remediation time and provides clear attack evidence
Pros and Cons
  • "The NodeZero Platform by Horizon3.ai is better than manual penetration test scans, definitely worth trying if you are considering using it because it reduces the time and cost associated with manual scans and presents the data in a very clear way that even non-technical people can understand."
  • "I feel there could be improvements in scalability, although at this point I have no specific negative points to report."

What is our primary use case?

I use The NodeZero Platform by Horizon3.ai for internal and external pentest scans, and it also provides Kubernetes scanning and scanning of GitHub accounts. Primarily, I use it for internal and external pentest scans.

Regarding on-premises systems, I have executed pentest scans on externally located and internally located systems, but I have not tried much with on-premises servers. I honestly do not have significant exposure in that area and cannot provide feedback on that part at this time.

What is most valuable?

The best features of The NodeZero Platform by Horizon3.ai are that it does not require much effort compared to manual penetration testing. You simply configure the scan and modify the requirements you need, and it scans and provides quite good results. The platform presents the data in a very clear way that even non-technical people can understand the dashboard and read through it.

The user interface is significantly more user-friendly than other tools I have used. The data and evidence gathered from the penetration test scan is excellent. It shows any compromised accounts and devices, demonstrating exactly how The NodeZero Platform by Horizon3.ai executed the attack. This is considerably better than any other tools I have used. 

The NodeZero Platform by Horizon3.ai incorporates technologies that go beyond traditional testing and scanning methods for vulnerabilities, such as Nessus, Qualys, and Rapid7. While those tools focus on finding vulnerabilities, The NodeZero Platform by Horizon3.ai not only finds the vulnerabilities but also attempts to exploit them, gathers available evidence, and provides possible ways to fix them. This is one of the greatest features of The NodeZero Platform by Horizon3.ai.

When we run the penetration test scans, The NodeZero Platform by Horizon3.ai definitely identifies all negative points and the external attack surface related to them, showing what those external attack surfaces are and how we could fix them.

What needs improvement?

I feel there could be improvements in scalability, although at this point I have no specific negative points to report.

For how long have I used the solution?

I have used the NodeZero Platform by Horizon3.ai for approximately eight or nine months.

How are customer service and support?

The customer support is fantastic. I personally reached out to them, and The NodeZero Platform by Horizon3.ai provides sufficient evidence needed to understand the attacks it attempted, gathering relevant information regarding compromised accounts.

Which solution did I use previously and why did I switch?

For automated scans, I have not used any other tools apart from manual scanning. I have been using The NodeZero Platform by Horizon3.ai for the first time, and it feels good and easy to work with.

What was our ROI?

I do not know exactly in terms of the client because I work for the client, but personally I feel the remediation time is significantly reduced compared to what we used to do with manual testing. I would estimate approximately thirty to forty percent reduction.

What's my experience with pricing, setup cost, and licensing?

The NodeZero Platform by Horizon3.ai is better than manual penetration test scans. Usually, manual penetration test scans take considerable time and money, but I believe The NodeZero Platform by Horizon3.ai is definitely worth trying if you are considering using it, because it reduces the time and cost associated with manual scans.

I do not have detailed knowledge about specific costs, but I definitely feel that investing in manual penetration test scans is much higher than the automated scans of The NodeZero Platform by Horizon3.ai. Although I have no idea about the exact cost difference, I definitely believe there is a significant difference in favor of The NodeZero Platform by Horizon3.ai in terms of lower cost.

What other advice do I have?

Regarding deployment, it is quite easy if you are talking about the cloud environment and configuring the scan. I do not find it too complex. The setup should be very quick, almost instantaneous, comparable to logging into any other portal.

The NodeZero Platform by Horizon3.ai offers options in both directions, but I personally used it in a cloud environment, and I feel it is much easier than an on-premises environment. It is easy to install, but it takes a little bit of time. Once you log in and share your targets, you can configure your scan and run it, making it much easier overall.

I would certainly recommend The NodeZero Platform by Horizon3.ai to others. I am sure they would appreciate how it presents the data and reports. It does not just provide a technical report; it presents multiple reports of various attacks that may be useful for management who might not understand technical terms. It definitely helps to have those kinds of reports as well, allowing anyone to understand what is happening in the environment and what can be done about it.

Based on my work experience over seven to eight months of using The NodeZero Platform by Horizon3.ai, I am still learning more about the product, and there is much more to explore. I would give this product a rating of eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer. partner
Last updated: Mar 27, 2026
Flag as inappropriate
PeerSpot user
Principal Consultant at JTI Cybersecurity
Consultant
Top 20
Oct 21, 2025
Has allowed me to increase testing coverage and focus on remediation by automating repetitive tasks
Pros and Cons
  • "My favorite feature about The NodeZero Platform is that it's autonomous, and it truly delivers on that promise—it can be set and forgotten while it performs its tasks, and it does exactly what it claims to do."
  • "They've added a chatbot which isn't particularly useful, but when it can't answer questions, it forwards messages to human support."

What is our primary use case?

I use The NodeZero Platform as a consultant on penetration testing engagements for various customers. This might be different than some of their more common use cases where companies use it internally. The primary use case is for penetration testing engagements, and the main driver for having The NodeZero Platform is that it's a force multiplier for me as an individual to perform more penetration testing without additional human resources.

What is most valuable?

My favorite feature about The NodeZero Platform is that it's autonomous, and it truly delivers on that promise. It can be set and forgotten while it performs its tasks. It does exactly what it claims to do.

What needs improvement?

I started with The NodeZero Platform when it was less mature. Anytime I encountered something annoying or identified a gap that needed attention, they had already fixed or added it by the time I would have requested it. The product is being rapidly developed at this stage. There really isn't anything feature-wise that I would request or change because it's a good product. It does what it claims and excels at finding issues and covering large environments so humans don't have to perform repetitive tasks for extended periods. This allows us to focus on what's important: fixing and protecting systems. If there was one thing I would change, I would want their consulting licensing to return to being unlimited.

For how long have I used the solution?

I have been using The NodeZero Platform for four years this month.

What do I think about the stability of the solution?

In the early stages, I experienced issues with large penetration tests where things might get delayed or require intervention, but I cannot remember the last time that occurred. While one of their main selling points is that it's safe to run in production, we might still try to avoid unnecessary risk. For companies operating during normal business hours, we might conduct penetration testing at night. When using SaaS-based products at night, maintenance windows can cause downtime, but I haven't encountered any of these issues with The NodeZero Platform. I cannot recall any instances of downtime or the platform being offline.

What do I think about the scalability of the solution?

I have used it for tests ranging from tens to thousands to tens of thousands of assets, and I haven't encountered any trouble scaling. While I wouldn't say it's infinitely scalable, it certainly handles scaling effectively.

How are customer service and support?

The support currently is really good. When I have questions or concerns, I receive responses promptly. They've added a chatbot which isn't particularly useful, but when it can't answer questions, it forwards messages to human support. I typically receive human responses within 12 hours, usually the same day or next day. Previously, with time-sensitive engagements, I would worry about resolving issues before deadlines. That concern has diminished as they've become more responsive and require less escalation to engineering. Support cases are now handled more efficiently, either by directing to documentation or providing workarounds for project completion.

How was the initial setup?

The setup process is extremely straightforward. It has become even easier with the addition of Runners feature, which allows for automatic setup of repeated tests throughout the year. The initial setup takes approximately 30 minutes, mostly spent reading documentation, as the process is primarily point-and-click.

Which other solutions did I evaluate?

I have used three alternatives: Pentera, Core Impact, and Metasploit Professional. Core Impact and Metasploit Professional aren't direct competitors as they are penetration testing toolkits with built-in automation. Pentera markets itself similarly to The NodeZero Platform. Compared to Pentera, The NodeZero Platform requires less setup and delivers higher quality results. Pentera follows a consistent pattern of running vulnerability scans and attempting exploits, producing results similar to vulnerability scans. The NodeZero Platform varies its approach and continues exploring potential vulnerabilities more thoroughly, similar to a real threat actor.

What other advice do I have?

The NodeZero Platform has helped identify vulnerabilities with on-premises systems effectively. They handle all technical aspects internally. I have given The NodeZero Platform a rating of 9 out of 10.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Last updated: Oct 21, 2025
Flag as inappropriate
PeerSpot user
Mike Bulyk - PeerSpot reviewer
Senior Director IT Security at a wellness & fitness company with 1,001-5,000 employees
Real User
Top 5
Oct 8, 2025
Has provided deep visibility into offensive tooling and improved trust through transparent command execution
Pros and Cons
  • "The NodeZero Platform's real attack capabilities help identify vulnerabilities on my on-premise systems by adding an element of validation and offensive security testing on top of known vulnerabilities. The feature that allows security teams to fix and retest vulnerabilities instantly is very useful, even though it may not happen literally 'instantly.' It's a necessary tool for any organization to understand whether vulnerabilities are genuinely exploitable by attackers. With its near-real-time testing capabilities, it's an essential part of any security portfolio."
  • "The areas for improvement for The NodeZero Platform involve integration and automation. It would be beneficial if it could integrate directly with vulnerability management tools that would allow the platform to automatically import data, identify vulnerable systems, and test targets immediately, potentially even enabling automated feedback loops for rescanning since the process is currently manual."

What is our primary use case?

My use cases for The NodeZero Platform involve using the tool as a validation tool on top of existing vulnerability management processes. The general idea is that if I identify a subset of vulnerabilities that might be of interest to an attacker, I use The NodeZero Platform to validate my assumptions. Essentially, I'm using it as a red team validation tool to test and validate blue team findings.

What is most valuable?

The NodeZero Platform's real attack capabilities help identify vulnerabilities on my on-premise systems by adding an element of validation and offensive security testing on top of known vulnerabilities. That's the main use case and the consistent configuration purpose.

The feature that allows security teams to fix and retest vulnerabilities instantly is very useful, even though it may not happen literally 'instantly.' It's a necessary tool for any organization to understand whether vulnerabilities are genuinely exploitable by attackers. With its near-real-time testing capabilities, it's an essential part of any security portfolio.

The Endpoint Security Effectiveness feature impacts my understanding of potential security threats by providing validation through endpoint testing. The NodeZero Platform deploys a script to verify whether endpoint protection tools such as EDR or EPP can detect and prevent attacks. This validation ensures that endpoint protection is configured correctly, revealing that default settings often don't work as expected. This makes the feature unique, as no other vendor seems to offer such validation capabilities.

What needs improvement?

The areas for improvement for The NodeZero Platform involve integration and automation. It would be beneficial if it could integrate directly with vulnerability management tools such as Rapid7, Tenable, or Qualys. Such integration would allow the platform to automatically import data, identify vulnerable systems, and test targets immediately, potentially even enabling automated feedback loops for rescanning. Currently, this process is manual. Native API-based integration would make the workflow far more efficient.

For how long have I used the solution?

I have been using The NodeZero Platform in my career for about two and a half years, and I think it's coming up on the third year.

What do I think about the stability of the solution?

My thoughts about the stability of The NodeZero Platform are that it's not an issue in production. During initial testing in a VirtualBox virtual machine, it was less stable due to insufficient resources. The system requires fast SSD storage, at least 16 GB of RAM, and a 1G network interface. Once properly provisioned, it runs stably without issues.

What do I think about the scalability of the solution?

The scalability of The NodeZero Platform is limited by our license to 1,000 IPs, so my experience beyond that is limited. However, we successfully tested multiple NodeZero scanners running concurrently without any concerns. The system scales well within the licensed range.

How are customer service and support?

I have contacted The NodeZero Platform's technical support once in two and a half years. The issue was related to the reporting process getting stuck during telemetry capture and report generation. The support team resolved it quickly by restarting the process. I rate the support experience as 10 out of 10.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial deployment of The NodeZero Platform has two components: external and internal. For the external scanner, which uses AWS hosting, setup takes just minutes once the cloud space is provisioned. The tool performs domain and IP validation (whois, DNS lookup, etc.) before allowing scans, which can take up to 24 hours.

For internal deployment, it depends on corporate practices. Our process took about two weeks due to our sprint cycle and change management procedures. For larger or more complex network environments, deployment may take longer. Ideally, a NodeZero scanner should be positioned in each segmented subnet for full coverage.

What's my experience with pricing, setup cost, and licensing?

Regarding pricing for The NodeZero Platform, I can say it's reasonable and the vendor is flexible. When discussing licensing, they were initially limited to 10,000 IPs, but agreed to let us target 1,000 IPs instead. That flexibility allowed us to use the tool effectively despite a smaller license count. While managing subsets of IPs introduces some overhead, the flexibility and support make the pricing worthwhile.

What other advice do I have?

The NodeZero Platform requires minimal maintenance. The NodeZero scanner is a small Linux wrapper with scripts that need occasional package updates. Although it auto-updates before scans, it's safer to manually update dependencies beforehand to prevent issues during testing.

Overall, I think The NodeZero Platform is a necessity in any security portfolio. With 15 years in the industry, I see it as an essential tool for organizations of any size to determine whether vulnerabilities are truly exploitable. The product works well, is stable, and provides unique validation capabilities. I would rate it a 10 out of 10 for everything.

I am a customer of The NodeZero Platform.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Brian Burnett - PeerSpot reviewer
Director of Enterprise Security at a energy/utilities company with 51-200 employees
Real User
Top 20
Oct 31, 2025
Has improved internal and co-op security validation through detailed reporting and continuous vulnerability detection
Pros and Cons
  • "After the third party conducts the pen test, The NodeZero Platform is run, and it finds the same things they found and sometimes a few other things that they did not even identify."
  • "The speed of the scans takes some time, but in my opinion, it is not surprising for what it is doing."

What is our primary use case?

The NodeZero Platform is used internally every month, aligned with the patch cycle, to run the pen test and validate the patching that was done previously and find anything new in the environment. It is run at least monthly, and if something else comes up, it is run between those times. Additionally, The NodeZero Platform is used to perform pen testing for co-ops. Since some internet infrastructure is shared with co-ops, the platform can be deployed and a virtual machine can be spun up in their environment. They provide IP ranges, the pen test is deployed, the report comes back, and it is shared with them. This has been a great capability to provide to co-ops.

What is most valuable?

My favorite feature of The NodeZero Platform is that all of it has been really good. The reporting piece is very clear and very useful, which was a big piece from the start. The reporting is huge, and the fact that it learns the environment on an ongoing basis is impressive. An external third-party pen tester is brought in every two years, and the plan is to move it to every three years. After the third party conducts the pen test, The NodeZero Platform is run, and it finds the same things they found and sometimes a few other things that they did not even identify. It has stood up against that test every time.

The feature that allows security teams to fix and retest vulnerabilities instantly adds a lot of quick mitigation and the ability to fix issues on the fly. Everything that has been added and modified and improved since acquiring the tool has worked seamlessly.

The Real Attack Capabilities help in identifying vulnerabilities in on-premises systems because if patching was missed, it will identify that. With deployment across the system, any recent vulnerability will be found. The way it learns the environment makes it an easy-to-use tool. It does what it says it is going to do, which is finding vulnerabilities as they appear.

The Endpoint Security Effectiveness feature helps in understanding potential security threats better because everything that it identifies improves things on an ongoing basis. It ensures that everything is kept current, so it adds an extra layer to what is being done with the main EDR solution.

What needs improvement?

The speed of the scans takes some time, but in my opinion, it is not surprising for what it is doing. It could be a little quicker, but speed does not necessarily mean it is going to be better, since speed does not equate to doing what it needs to do.

For how long have I used the solution?

The NodeZero Platform has been used for about close to four years.

What do I think about the stability of the solution?

Regarding stability, it has never crashed, and there has not been any lagging from deployment or running. It is sometimes run randomly to see if managed service personnel will get alerted, and it has performed as expected. There has not been anything with lag or alerts, it has not crashed, and it has not caused issues.

What do I think about the scalability of the solution?

The scalability of The NodeZero Platform has been great because it is offered out to the 26 co-ops that are worked with, and over half of those have had it run on their environment, and it has worked out great.

How are customer service and support?

Technical support has never been contacted because there have never been any issues that required reaching out to them.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

There have not been any alternatives encountered that can be compared with The NodeZero Platform. After conversations with people and they have looked at it, nothing has stood out as being worth even trying to test. There is nothing that compares to it from everything that has been seen.

How was the initial setup?

The initial deployment of The NodeZero Platform was easy, from what is remembered, as that was about four years ago.

What about the implementation team?

The networking team was involved in this type of job, and it was probably just one of the networking team members and a senior engineer.

What was our ROI?

A reduction in remediation time has been seen because it is finding things before they happen. Much time is not being spent on remediation since acquiring it because it is finding things before they become an issue. Even if there is a zero-day and patching is done and then run, it verifies that, so it is preventing a lot of remediation time with anything.

What's my experience with pricing, setup cost, and licensing?

The pricing has been good, as it has not made huge leaps. Contracts and renewals are handled, so the changes have not been astronomical. It has stayed typically below what was expected for the changes as contracts are renewed, so it has all been fine.

What other advice do I have?

The overall rating given to The NodeZero Platform is ten out of ten.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Oct 31, 2025
Flag as inappropriate
PeerSpot user
reviewer2761140 - PeerSpot reviewer
Works at a hospitality company with 201-500 employees
Real User
Top 20
Oct 2, 2025
Streamlines vulnerability validation through automation and also tells us how to resolve issues
Pros and Cons
  • "The NodeZero Platform is amazing; what I love most about it is that it's automated and comparable to the manual pen testing we did with a third-party company, but with the added benefit of unlimited retesting to validate fixes."
  • "You need to be cautious about what it scans, as it could potentially cause issues."

How has it helped my organization?

The NodeZero Platform has been instrumental in identifying vulnerabilities across our entire network. Its automated scanning capabilities provide detailed insights and alert me to issues, which is exactly what we need from a security tool.

The interface is intuitive and easy to use, and the reporting features are excellent—offering both high-level executive summaries and in-depth technical reports. What stands out is that it not only tells you what's wrong but also explains how to fix it, complete with step-by-step instructions and the exact commands it used during the scan. This transparency is incredibly helpful, especially when validating fixes.

Even when vulnerabilities are detected, they may not always be exploitable in our specific environment. But knowing what's there—and having guidance on remediation—lets me act confidently. I use FortiClient and patch regularly, but NodeZero adds an extra layer of assurance by catching things that might slip through. I don’t have the budget for a dozen expensive tools, but with NodeZero, I get significant value without overspending.

What is most valuable?

The automation is by far the most valuable feature. NodeZero performs tasks comparable to what we used to get from a manual penetration testing firm—at a similar or even lower cost. The big difference? I can retest whenever I want, without waiting weeks or paying extra fees.

IT environments are dynamic, and things change quickly. In one case, I assumed a group policy was fixing an SMB issue across the network, but NodeZero revealed a few devices were still vulnerable. That allowed us to go back, identify the gap, and validate the fix—all using the platform.

The learning curve was minimal. Setup took just a couple of hours at most. Once installed, I simply choose the endpoints and let it run. There are safety warnings for potentially disruptive scans, which I appreciate—it helps prevent unintended issues like system crashes.

What needs improvement?

As someone who isn’t a dedicated security engineer, I find the platform comprehensive. However, I’d benefit from additional training on specific features, like their honeypot and tripwire system. Deeper education on these would help me take fuller advantage of the tool.


For how long have I used the solution?

I’ve been using NodeZero for one year.

What do I think about the stability of the solution?

The platform has been stable overall. It did crash our phone system once, but that was due to a Mitel vulnerability—not NodeZero itself. That incident actually led us to strengthen our firewall rules by eliminating “any-any” configurations and narrowing down allowed ports.

What do I think about the scalability of the solution?

NodeZero is highly scalable. I have around 1,000 public IPs and about 20 internal VLANs that can be scanned. The IP-based pricing can add up, but it’s manageable and worth the investment.

Scheduling scans is simple. I run external tests every Saturday at 3:30 AM and receive detailed notifications about any issues. It gives me confidence knowing the system is being continuously evaluated.

How are customer service and support?

Customer support has been excellent. The team is responsive, knowledgeable, and eager to walk me through any questions or features. I’d give them a perfect 10 out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Before NodeZero, I relied solely on manual penetration testing. The switch was driven by the need for more frequent, flexible, and cost-effective testing.

How was the initial setup?

Initial setup was straightforward. I downloaded an OVA file, deployed it in Hyper-V, powered it on, and used a few simple CLI commands via SSH. Monthly maintenance is easy too—just a quick update command and it's done in seconds.

What's my experience with pricing, setup cost, and licensing?

Pricing is competitive and aligns with what I paid for manual testing—but with more flexibility. Traditional pen tests usually limit you to a few subnets, while NodeZero lets me scan a much broader range without added cost.

What other advice do I have?

I’d rate the NodeZero Platform a 10 out of 10. It’s a powerful, cost-effective, and reliable tool that gives me peace of mind in maintaining a secure IT environment.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Timothy Rice - PeerSpot reviewer
Chief Information Security Officer at a construction company with 1,001-5,000 employees
Real User
Top 5
Oct 22, 2025
One-click re-testing has validated remediations and improved threat visibility
Pros and Cons
  • "The NodeZero Platform's real attack capabilities help in identifying vulnerabilities on our on-prem systems because it provides actual vulnerabilities by attacking our systems."
  • "I think The NodeZero Platform could improve by leveraging GPUs for password cracking, which would be pretty good."

What is our primary use case?

We use The NodeZero Platform for control validation and we are also looking for the likelihood of vulnerabilities.

What is most valuable?

I think the one-click feature to fix and re-test vulnerabilities is great. This feature allows us to validate whether the remediation actually resolved the issue. It's pretty easy. You click it and it starts scanning. This is super helpful. I don't think anybody else has anything like that.

The NodeZero Platform's real attack capabilities help in identifying vulnerabilities on our on-prem systems because it provides actual vulnerabilities by attacking our systems. It shows us whether it really was able to do or meet the objectives that a threat actor could do. It really helps identify the likelihood instead of simply indicating a potential vulnerability.

The NodeZero Platform impacts my understanding of potential security threats in an eye-opening way. It provides validation of the actual security flaw, and it also provides remediation steps. Usually, it's an article that's written up, but it also shows proof as well.

I haven't seen much of an impact on my remediation time from using The NodeZero Platform. I think what it does is it justifies a vulnerable aspect. For the most part, it does speed up remediation because we have proof that there is a vulnerability. We classify those vulnerabilities as a POF or a Pants on Fire and they have to be remediated within 72 hours. It does help remediate.

What needs improvement?

I think The NodeZero Platform could improve by leveraging GPUs for password cracking, which would be pretty good.

For how long have I used the solution?

I have used the solution for about two and a half years.

What do I think about the stability of the solution?

I haven't seen any stability issues such as crashing, lagging, or downtime. I have seen that their portal has been inaccessible for probably about 30 minutes one time.

What do I think about the scalability of the solution?

The NodeZero Platform is very scalable.

How are customer service and support?

I have never had to contact their technical support or customer support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We've used Pantera, Symptom and Attack IQ.

How was the initial setup?

The initial deployment was so easy. It only took us about five minutes.

What's my experience with pricing, setup cost, and licensing?

I think the pricing could be a little bit more competitive. For example, Centerra had a little bit more flexible pricing than NodeZero.

Which other solutions did I evaluate?

I would say Pentera is the closest competitor to The NodeZero Platform. When I compare them, I think the flexibility of scanning is where Horizon 3 edges Pentera. Pentera does a better job at cracking passwords, but deploying remote nodes is very difficult. It's kind of convoluted, so it makes it difficult to operate. The NodeZero Platform's pricing is competitive. I think it could be a little bit more competitive. For example, Pentera had a little bit more flexible pricing than The NodeZero Platform.

What other advice do I have?

Based on everything we've looked at and used in the past, I would rate The NodeZero Platform a 10 out of 10 as they are the best.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Oct 22, 2025
Flag as inappropriate
PeerSpot user
reviewer2827158 - PeerSpot reviewer
Cybersecurity Engineer 1 at a non-profit with 51-200 employees
Real User
Top 20
Apr 24, 2026
Automated pen tests have strengthened our security posture and reduced assessment effort
Pros and Cons
  • "The NodeZero Platform by Horizon3.ai has positively impacted my organization by catching vulnerabilities and exploits that we wouldn't otherwise be able to find as easily or as quickly, so I'd say it helps better our cybersecurity posture."
  • "The NodeZero Platform by Horizon3.ai can be improved in some ways, particularly regarding the test scan sometimes."

What is our primary use case?

My main use case for The NodeZero Platform by Horizon3.ai is performing quarterly pen tests on our enterprise and OT networks.

For those quarterly pen tests, we usually run them in the actual web UI interface, selecting what subnets we want to hit for pen tests, what vulnerabilities we want to use, and the whitelists that we have in place. We don't step on any sensitive devices, and then afterwards, we review the findings and remedy the problems.

What is most valuable?

The best features that The NodeZero Platform by Horizon3.ai offers include its set it and forget it type pen testing. You configure it once and then set it to automatically run during certain days, which is particularly useful, especially when you're a thin IT department.

That set-it-and-forget-it feature helps my team day-to-day by saving a lot of time, as we can set the pen test and then divert our attention to other things while the pen test is ongoing.

The NodeZero Platform by Horizon3.ai has positively impacted my organization by catching vulnerabilities and exploits that we wouldn't otherwise be able to find as easily or as quickly, so I'd say it helps better our cybersecurity posture.

What needs improvement?

The NodeZero Platform by Horizon3.ai can be improved in some ways, particularly regarding the test scan sometimes.

When the test scan doesn't work as expected, the runner sometimes acts up, and we usually have to run a command on it to fix it or sometimes reboot it. Other than that, the product works great.

For how long have I used the solution?

I have been using The NodeZero Platform by Horizon3.ai for about a year and a half.

What do I think about the stability of the solution?

The NodeZero Platform by Horizon3.ai is stable.

What do I think about the scalability of the solution?

The scalability of The NodeZero Platform by Horizon3.ai is pretty good, as you can throw in any number of subnets in the pen test, so I'd say it's very scalable.

How are customer service and support?

We have had no issues with their customer support; it seemed pretty solid.

I would rate the customer support of The NodeZero Platform by Horizon3.ai as an eight.

Which solution did I use previously and why did I switch?

We did not have a different solution before using The NodeZero Platform by Horizon3.ai.

How was the initial setup?

I wasn't involved in the pricing, setup cost, and licensing, but I've heard that it's pretty simple and easy.

Which other solutions did I evaluate?

We did not evaluate any other options before choosing The NodeZero Platform by Horizon3.ai.

What other advice do I have?

My impression of the solution's feature that allows security teams to fix and retest vulnerabilities instantly is that it's a very useful feature, and I highly appreciate that feature.

The platform's real attack capabilities have helped in identifying vulnerabilities in my on-prem systems by giving us a real-world example of what we should be prioritizing, which helps during the vulnerability management process, so it's helped us significantly.

We don't necessarily use the endpoint security effectiveness feature; we don't really pay attention to it.

The NodeZero Platform by Horizon3.ai has reduced our pen testing costs, but I don't have a specific number.

My advice to others looking into using The NodeZero Platform by Horizon3.ai is to utilize the one-click vulnerability or rescan feature for NodeZero.

I think they're also the reseller for the product.

I would rate this solution an eight overall.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Last updated: Apr 24, 2026
Flag as inappropriate
PeerSpot user
reviewer2817003 - PeerSpot reviewer
Managing Director Chief Technology Officer And CISO at a insurance company with 51-200 employees
Real User
Top 10
Apr 14, 2026
Automated security testing has improved risk prioritization and reduced remediation efforts
Pros and Cons
  • "The NodeZero Platform by Horizon3.ai has positively impacted my organization by allowing my security team to be more efficient and focus on the most valuable work at the highest criticality."
  • "The NodeZero Platform by Horizon3.ai could be improved by reducing the elapsed time from identifying a zero-day vulnerability from their QA environment to their production environment."

What is our primary use case?

My main use case for The NodeZero Platform by Horizon3.ai includes pen testing and vulnerability management. I use The NodeZero Platform by Horizon3.ai to run weekly external and internal scans to identify configuration issues, software vulnerabilities, or misconfigurations.

How has it helped my organization?

The NodeZero Platform by Horizon3.ai has positively impacted my organization by allowing my security team to be more efficient and focus on the most valuable work at the highest criticality. My team's efficiency has improved by identifying what is truly a cybersecurity risk, allowing us to filter out vulnerabilities that are not exploitable and not worth the time and effort to remediate.

What is most valuable?

The best features The NodeZero Platform by Horizon3.ai offers include addressing security threats introduced by misconfigurations, identity, and vulnerability.

The NodeZero Platform by Horizon3.ai helps me identify security threats from misconfigurations or identity issues by conducting weekly scans of my entire environment to identify issues as an attacker would perceive them, starting from a patient zero.

What needs improvement?

The NodeZero Platform by Horizon3.ai could be improved by reducing the elapsed time from identifying a zero-day vulnerability from their QA environment to their production environment.

For how long have I used the solution?

I have been using The NodeZero Platform by Horizon3.ai for four years.

What do I think about the stability of the solution?

The NodeZero Platform by Horizon3.ai is stable.

What do I think about the scalability of the solution?

The NodeZero Platform by Horizon3.ai is very scalable.

How are customer service and support?

The customer support is excellent.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

What's my experience with pricing, setup cost, and licensing?

I had a very good experience with pricing, setup cost, and licensing.

Which other solutions did I evaluate?

I evaluated other options before choosing The NodeZero Platform by Horizon3.ai, specifically Pantera.

What other advice do I have?

My advice to others looking into using The NodeZero Platform by Horizon3.ai is to do yourself a favor and see what the product will find. The platform's real attack capabilities have helped in identifying vulnerabilities in my on-premises systems by allowing us to find even systems that made it off inventory; there is nowhere to hide from The NodeZero Platform by Horizon3.ai.

The NodeZero Platform by Horizon3.ai's endpoint security effectiveness feature impacts my understanding of potential security threats by allowing me to assess the efficacy of the EDR solution. The NodeZero Platform by Horizon3.ai has improved my remediation times in a meaningful way and has helped reduce my pen testing costs by approximately 25 percent. I would rate this product 8 out of 10.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Apr 14, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free The NodeZero Platform by Horizon3.ai Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free The NodeZero Platform by Horizon3.ai Report and get advice and tips from experienced pros sharing their opinions.