Year in Review 2022

Through the Eyes of the Attacker

Pentests Run

Assets Assessed

Of Which

Of Which

Of Which

Related to Critical Impacts

As Part Of

As Part Of

Attack Paths to Impact

Print Report


In the end, we have seen that Horizon3.ai customers both large and small have found exploitable critical vulnerabilities, misconfigurations, and weaknesses in their environments thanks to NodeZero. We have also seen that these vulnerabilities, misconfigurations, and weaknesses fall into three general themes.

  • Weak credential policies and poor policy enforcement, not sophisticated exploits, lead to most of the common vulnerabilities experienced by customers. Credential-based attacks are the most common method for cyber threat actors to gain a foothold in your environment, and yet they are easily fixed.
  • Patching is rare and misconfiguration fixes are even rarer. Companies and organizations should have patching policies in place to ensure that their environment is up to date, while ensuring that technologies within that environment are configured appropriately.
  • Cybersecurity tools require proper oversight and fine-tuning to be effective.

It is not enough to simply employ a security stack and think that those tools will prevent the next cyberattack. Companies and organizations should ensure that their cybersecurity tools are set up properly so that their security teams can detect, alert, stop and log the threat.

We have also found that taking the hacker’s perspective by continuously attacking our own environments with NodeZero and running the find, fix, verify loop is essential to understanding if we are truly secure or not.

NodeZero allows our customers to take the necessary steps to prioritize and fix or mitigate those vulnerabilities, misconfigurations, and weaknesses that lead to critical impacts. This includes pointing our customers to the latest patches and mitigation actions by individual vendors. Once the vulnerabilities are believed to be fixed or mitigated, our customers are then asked to run another pentest or 1-click verify. This ensures that the fix actions and mitigation steps were applied correctly.

Over the Horizon

What’s Next for NodeZero?

We believe we should always be iterating, learning, and adapting as cybersecurity professionals to meet new threats. Our approach to building NodeZero is no different. Our engineers, customer success, and analytics teams at Horizon3.ai have been hard at work assessing the cyber threat landscape, pouring over customer feedback, and developing new content. In 2023, we will remain committed as we put out new internal and external attack content, and improve our user experience for our customers.

Contact Information

Would you like to see how Horizon3.ai and NodeZero can help your company or organization? Head on over to horizon3.ai to sign up for a free trial or contact us at info@horizon3.ai to schedule a demo. We’d love to hear from you!


Customer Threat Analytics Team