Horizon3.ai Unveils Pentesting Services for Compliance Ahead of PCI DSS v4.0 Rollout

Horizon3.ai

Horizon3.ai, a pioneer in autonomous security solutions, announced the availability of the Horizon3.ai Pentesting Services for Compliance. Horizon3.ai recognizes that demand for pentesting expertise is at an all-time high, and organizations may be struggling to meet their compliance-driven pentesting needs. This advanced, tailored service is designed to fulfill the internal and external pentesting requirements for rigorous regulatory standards that require manual penetration testing to uncover complex logic errors and unknown vulnerabilities.

The demand for manual penetration testing ranges from the Payment Card Industry Data Security Standard (PCI DSS) v4.0 and the updated Self-Assessment Questionnaires (SAQs) to System and Organization Controls (SOC), Digital Operational Resilience Act (DORA), General Data Protection Regulation (GDPR), Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), Cybersecurity Maturity Model Certification (CMMC), and many organizations’ internal requirements.

Horizon3.ai Pentesting Services for Compliance embraces the concept of Human-Machine teaming, where a world-class team of Offensive Security Certified Professional (OSCP) pentesters conduct their pentests to the methodologies specified in each standard, e.g., authenticated and unauthenticated, internal and external perspectives, segmentation checks, and so on. They are equipped with the NodeZero™ autonomous pentesting platform, which leverages artificial intelligence to identify exploitable attack paths that go far beyond the capabilities of vulnerability scanners to add scale, speed, contextual relevance, and consistency to their penetration tests.

Also Read: Coming Soon: Minitab Statistical Software with Enhanced AI Capabilities

The combination of expert human analysis and NodeZero’s autonomous testing results in a comprehensive and actionable evaluation of the network infrastructure being examined. With the service, clients receive a meticulous Pentesting Report and a Fix Action Report with detailed and prioritized guidance. They also have access to their pentest results on the NodeZero platform for 12 months to help guide and streamline their remediation efforts. Clients can even confirm that their corrections are effective with NodeZero’s 1-click verify tool. 1-click verify is targeted retesting of identified weaknesses that the client can execute repeatedly after they remediate to check that an issue is in fact resolved. When the remediation is verified, clients can download an associated report to share with their auditors as essential evidence. That means clients no longer have to schedule additional consulting engagements to verify issues have been remediated. As an additional benefit, the service encompasses rapid response alerts from Horizon3.ai’s accomplished Attack Team about emerging zero-day and N-day vulnerabilities that could impact their environment.

“Horizon3.ai gives its customers an unprecedented benefit with the 1-click verify tool in NodeZero. It’s often the case that a client doesn’t have the expertise to easily interpret or act on the list of corrections they receive after a thorough pentest. Horizon3.ai delivers detailed and prioritized remediation guidance and then goes far beyond that with the 1-click verify tool. With a click of a button, the customer can instigate a targeted retest that generates proof of remediation for their audit,” said James T. Flowers, CISSP, CISM, Security & Compliance Expert, Auditor, and Consultant.

Organizations can also opt to integrate their pentesting engagement with a bundled subscription to NodeZero for continuous security testing, both to move beyond mere “point-in-time” compliance and also to alleviate the remediation burdens of upcoming audit cycles. This allows organizations to assess and improve their security posture with a number of operations beyond internal and external pentesting, such as AD password audit, Phishing Impact testing, N-day testing, and more.

Horizon3.ai Pentesting Services for Compliance are tuned to meet the needs of organizations subject to annual compliance with the PCI DSS v4.0 or the updated SAQs. As of 31 March 2024, PCI DSS v3.2.1 will be retired and v4.0, which introduces more rigorous, continuous security practices, will become the only active version of the standard.

“Security of an organization’s cardholder data environment is of supreme importance to the organization and to its consumers. We are excited to offer our new service tailored to the pentesting methodology specified by the PCI Security Standards Council. We deliver timely world-class penetration testing and implement our services in a way that helps our clients speed and improve their remediations and move toward continuous security testing,” said Horizon3.ai Co-Founder and CEO Snehal Antani.

SOURCE: BusinessWire