Rapid Response

with NodeZero

Get Ahead of Emerging Threats

When emerging vulnerabilities are identified, time is your enemy. Horizon3.ai’s Rapid Response service gives NodeZero users a strategic advantage with early, actionable intelligence to counteract nascent stage cyber exploits that are newly discovered and not yet widely known or addressed.

CISA reports that while only 4% of all CVEs have ever been exploited in the wild, 50% of those are exploited by attackers within the first two days of disclosure.

Your ability to swiftly identify and remediate the emerging threats that pose an actual risk to your organization is key to your cyber resilience. With the Horizon3.ai Rapid Response service— provided as a unique benefit to NodeZero users— you are alerted if your assets are known to be affected. Based on the impact priority, you can initiate action to the emerging threat directly from the NodeZero Rapid Response center.

Get Ahead of Adversaries

Begin finding, fixing, and verifying N-day vulnerabilities in your environment before they are widely exploited. If the Horizon3.ai team discovers a zero day, you will be notified PRIOR to public disclosure if your environment is impacted. Read the white paper for a full overview of the Rapid Response service.


You can toggle between Alerts for threats verified to impact your organization and Activity for updates about all the emerging threats the Horizon3.ai Attack Team is tracking.

NodeZero N-Day Testing Segmentation

Complete N-Day Testing in 24 Hours

You can shorten the critical timeframe for testing for N-day exposure even in large organizations by pre-configuring runners for each of your major network segments. Then when a widespread N-day emerges, you can run those preconfigured segments concurrently, so that your full environment is tested within 24 hours. The NodeZero platform scales to support the largest networks and can run 100+ N-day tests concurrently.

Rapid Response in Action:

NodeZero Users Notified 57 Days Before CVE Cataloged

Horizon3.ai’s Attack Team consists of former US nation-state hackers and OSCP practitioners, who use their experience and extensive cyber threat intelligence sources to deliver advance notice of emerging exploitable vulnerabilities affecting any assets organizations have previously tested on the NodeZero platform.

In the PaperCut example, NodeZero customers benefited from unique threat intelligence unavailable to anyone else in the world. Users were notified 26 days before a patch was publicly available and 57 days before a CVE for the zero day was officially issued and cataloged.


Horizon3.ai Discloses Zero Day to PaperCut


Zero Day Verified by Vendor


Rapid Response Program Notifies Affected Customers

Mitigation: Take assets offline ASAP

NodeZero users notified 26 days before a patch was available and 57 days before a CVE was cataloged.


PaperCut Releases Patch


Exploit Added to NodeZero


Zero Day Added to CVE Catalog



Users have easy access to the latest research and progress of an emerging threat in the Rapid Response center.

To test for PaperCut in your environment, you simply select it from the menu in the Rapid Response center.

What are zero days?

A vulnerability or security flaw in software or systems that is unknown to the vendor or developer.

It is called “zero day” because the vendor has had zero days to fix or patch the unknown vulnerability. Zero day vulnerabilities are valuable to attackers because they can be used to launch targeted attacks without detection.

What are N-days?

An N-day is a software or hardware vulnerability that is already publicly known, (n days since disclosure) but there may or may not be a security update available to remediate the vulnerability.

The goal of vendors, distributors, and administrators is to have systems patched as quickly as possible to avoid N-day attacks.

Rapid Response in Action:

NodeZero Users Get Early Alert to FortiClient EMS N-Day

24 hours after Fortinet issued a critical advisory regarding a structured query language (SQL) vulnerability of FortiClient Enterprise Management Server (EMS), Horizon3.ai’s Attack Team was able to reverse-engineer it and get first blood on the proof-of-concept exploit for the vulnerability that allows for unauthenticated code execution.

Within the first 72 hours of Fortinet’s advisory, all NodeZero customers who were opted-in to Rapid Response were alerted of specific assets in their organizations that were manually verified as exploitable to this breaking N-day. They also received mitigation recommendations a full 10 days before the vulnerability was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.


Fortinet Announces Critical Advisory


Horizon3.ai Achieves First Blood on PoC Exploit

NodeZero users were notified if the vulnerability impacted them within 72 hours


Exploit Added to NodeZero, Rapid Response Program Notifies Exploitable Users

Mitigation: Patch ASAP

They received mitigation recommendations 10 days before the vulnerability was added to the KEV.


Horizon3.ai Discloses PoC Exploit w/ Technical Blog


Vulnerability Added to CISA KEV


Horizon3.ai helps you get ahead of emerging threats in these key ways:

Early identification of N-days and zero days:

The Horizon3.ai Attack Team proactively researches potential zero days and N-days and identifies which vulnerabilities are likely to be exploited in the wild — even if they haven’t made the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. See Disclosures for the list of zero days found to date.

Emerging Threats are Verified:

NodeZero users receive tailored threat intelligence on emerging vulnerabilities. This includes a manual verification by the Horizon3.ai Attack Team of the exploitability and impact of the threat in question, unique to your organization.

Prioritizes threats by impact:

When they identify vulnerabilities that are likely to be exploited, the Horizon3.ai Attack Team reverse-engineers them and creates a proof of concept exploit to understand the impact of the vulnerability. This understanding is embedded into NodeZero and is paired with contextual understanding of your environment to modify the ratings from the The National Vulnerability Database (NVD) when appropriate. This helps you prioritize your remediations and understand when you should patch outside of your regular cycle for a particular threat.

N-day testing is part of standard operating procedure:

NodeZero pentests identify emerging N-days within your environment as part of the autonomous internal and external pentesting process. The NodeZero Rapid Response Center also enables targeted N-day testing on demand.

Run targeted N-day tests to get detailed remediation guidance on assets that are affected.

N-day exploits are continually added to NodeZero

The Rapid Response center shows you exactly where your organization is vulnerable to new threats, what the outcome would be if a system was exploited, and how to best mitigate or remediate the N-day in question. Use the growing list of targeted tests to test the impact of a specific vulnerability on your environment.

Our Process Helps You Find, Fix and Verify Nascent Threats

Nascent threats identified

The Horizon3.ai Attack Team continually researches the global threat environment to identify new N-days that have been exploited in the wild or are likely to be exploited in the wild.

Users alerted

The Horizon3.ai team determines if NodeZero users are affected by the zero day or N-day. Users are alerted even before the new exploit is added to NodeZero.

N-Day Test Added to NodeZero

The Horizon3.ai Attack Team develops a new attack module for the zero day or N-day, using a production-safe variant of a proof of concept if one exists or developing one from scratch if it does not. A new N-day test for the vulnerability is added to NodeZero. Users can initiate an N-day test directly from the Rapid Response center to assess if any of their assets are exploitable.

New exploits are also run automatically as part of NodeZero's standard internal and external pentests.

Users understand impact and priority

Users get immediate visibility to which assets in their organization are impacted. For maximum efficiency and scale, you can set up pre-configured tests ahead of time in all your network segments.

Users quickly fix or mitigate

If your organization is impacted, you receive detailed remediation guidance from NodeZero for each weakness. If a patch isn’t yet available, NodeZero will offer guidance about mitigating controls, such as quarantining the server, changing your firewall rules, or increased monitoring.

Users verify fixes

Once you’ve remediated the vulnerability, use NodeZero to run a quick verification test to ensure the vulnerability is no longer present.

N-Day Test Added to NodeZero

Testing your environment whenever you have infrastructure changes enables the Horizon3.ai Attack Team to better detect if you are impacted by emerging threats.

To learn more about the benefits of the Horizon3.ai Rapid Response service:

RESEARCH: The Long Tail of Log4Shell Exploitation

Log4Shell is far from dead.

RESEARCH: MOVEit Transfer CVE-2023-34362

Deep Dive and Indicators of Compromise

RESEARCH: PaperCut CVE-2023-27350

Deep Dive and Indicators of Compromise

RESEARCH: Veeam Backup and Replication

CVE-2023-27532 Deep Dive