For enterprise cybersecurity initiatives to be effective today, they must be continuous and proactive. Organizations simply can’t risk a real breach to test their security mettle. But what does it take for cybersecurity strategies to be deemed proactive? Usually, it implies a balanced mix of observability and continuous verification.
Penetration testing has emerged as one way to continuously test the fidelity of networking and data infrastructures by mirroring an actual malicious attack. Horizon3 AI Inc. offers pentesting as a service through its NodeZero platform. NodeZero’s growing popularity and appeal across a global user base, in addition to Horizon3’s channel-based go-to-market strategy was the focus of a recent livestream event.
Industry analyst John Furrier, host of theCUBE, SilicionANGLE Media’s livestreaming studio, hosted the “Horizon3.ai Drives Global Partner-First Approach With Expansion of Partner Program” event. In three separate interviews, Furrier spoke with Horizon3’s Rainer M. Richter, vice president of EMEA and APAC; Chris Hill, sector head for strategic accounts/federal; and Jennifer Lee, head of channel sales, Americas lead. They discussed enterprise use cases and topics on how organizations can maintain agile cybersecurity structures. (* Disclosure below.)
Here are three insights you might have missed:
1.) Bring in the right data.
Data is the enterprise’s currency, and often it’s the target or conduit of a malicious attack. With companies constantly ingesting and processing unprecedented swathes of data, such an entry point must be a security priority. This call for better care extends to solutions providers especially, as they are often the direct custodians of multiple customers’ data. The Horizon3/Splunk partnership perfectly exemplifies this concept, according to Hill.
“What we’ve been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data,” Hill said. “So, Splunk itself is an ingest engine, and the great reason people buy it is to build these really fast dashboards and grab intelligence out of it. With NodeZero, sure we do pentesting, but because we’re an autonomous pentesting tool, we do it continuously.”
In platform partnerships, results are the preeminent measure of value. And, yet again, the Splunk example is handy for determining NodeZero’s true enterprise value. Alongside enabling multi-tier users to glean their exposed areas, it has also created visibility to high-impact data logs and enabled asset discovery, according to Hill.
“One of the cool things that we can do is actually create this low-code, no-code environment. So Splunk customers, for instance, can use Splunk SOAR to actually triage events and prioritize that event,” he said.
Here’s Chris Hill’s complete video session:
2.) Horizon builds on a channel-driven ideology, expands partner ecosystem.
Horizon3 has carved a niche that caters to managed service providers, managed security service providers and consultancy partner ecosystems. That spectrum is much wider, however, as the company is also entrenching itself with resale, systems integrators, technology and cloud partners.
“Then we’ve got our cloud partners. We are in Amazon Web Services Marketplace … and we’re part of the ISV Accelerate Program,” Lee said. “So we’re doing a lot there with our cloud partners. And, of course, we go to market with distribution partners as well.”
Horizon’s NodeZero continuous autonomous penetration testing platform offers a certification program, including separate seller and operator portions — both of which are offered virtually and at no extra cost to partners, according to Lee.
“It’s live virtually but not self-paced. And we also have in-person sessions as well. We also can customize these to any partners that have a large group of people. And we can do one in-person or virtual just specifically for that partner,” Lee added.
Here’s Jennifer Lee’s complete video session:
3.) NodeZero is not designed to kill traditional pentesting.
Horizon3 serves a diverse range of partner sizes, but it appears the smaller-sized early adapters account for a considerable share of the buzz around NodeZero, according to Richter.
“They immediately understand where the value is and that they can change their offering,” he explained. “They’re changing their offering in terms of penetration testing because they can do more pentests and they can then add other ones.”
From previously having to source pentesting experts to get the pentest at a particular customer done, they can now do that independently with NodeZero, according to Richter. More importantly, NodeZero isn’t thought of as a replacement for the traditional pentester’s job, but rather as a tool with which to do pentesting’s “foundational work.”
“We are providing with NodeZero something like the foundational work of having an ongoing penetration testing of the infrastructure and operating system. And the pentesters by themselves can concentrate in the future on things like application pentesting, for example. So we are not killing the pentest,” Richter stated.
Here’s Rainer M. Richter’s complete video session:
You can also watch the entire “Horizon3.ai Drives Global Partner-First Approach” event on-demand below, or visit theCUBE’s exclusive event website:
(* Disclosure: TheCUBE is a paid media partner for the “Horizon3.ai Drives Global Partner-First Approach” livestream event. Neither Horizon3 AI Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)