NodeZero Analytics exposes attack paths
March 15, 2023 No CommentsSOURCE: Horizon3.ai
Advances pentesting usability, integrates with defensive tools to harden networks
Autonomous penetration testing leader Horizon3.ai doubled down on its commitment to help organizations continuously verify their security posture with the introduction of NodeZero Analytics, bringing “train like you fight” preparedness and new pentesting usability to security teams and MSSPs.
NodeZero™ Analytics yields deeper insights, and answers the top questions every CISO and security team ask:
“What’s exposed?”
“What needs to be fixed first?”
“How will we do more with less?”
“Our product investments focused on 3 key areas: first, to increase our attack surface coverage, which spans on-prem, multi-cloud, and perimeter, but now also includes advanced capabilities to ‘live off the land’ just as attackers do; second, to improve our AI explainability so that defenders (aka ‘Blue Teams’) can quickly understand how we successfully compromised their organization and focus their remediation efforts on security weaknesses that are actually exploitable; and finally, an API interface that allows users to integrate pentest results into existing security processes and workflows, including integration with their defensive tools to quickly identify potential blind spots in their detection and response,” said Snehal Antani, CEO and co-founder of Horizon3.ai.
A key aspect of Horizon3.ai’s philosophy is to use offense to inform defense, a derivative of the military principle to “train like you fight” in order to optimize readiness for a real cyber attack. NodeZero, Horizon3.ai’s continuous penetration testing platform, enables organizations to test their infrastructure at scale by chaining together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to achieve critical impacts like domain compromise and sensitive data exposure.
“NodeZero was able to compromise a financial services organization in 7 minutes and 19 seconds. This customer purchased best-in-class security tools, yet few alerts were triggered, and defenders were unable to react fast enough to stop the attack. Security effectiveness is the critical initiative every enterprise should undertake to ensure they are getting the most impact out of their security investments, and the best way to verify that effectiveness is through continuous penetration testing. The alternative is to wait for a real breach to find out that you forgot to enable OS Credential Dumping in your EDR,” said Antani.
“There are less than 5,000 OSCP-certified ethical hackers in the United States, and it takes 10 years of hands-on experience to become a senior penetration tester. Meanwhile demand for security testing has increased exponentially, so we have a fundamental supply versus demand problem – a spike in demand for security testing but an extreme shortage in the supply of experienced ethical hackers. This is where NodeZero fits in. Defenders have the power of self-service pentesting to harden their networks proactively, and red teams can use NodeZero to conduct reconnaissance and exploitation at scale so that they can focus on attack paths that humans are uniquely gifted to uncover,” said Tony Pillitiere, founding engineer at Horizon3.ai.
Leading by example: During a recent autonomous pentest of a large enterprise, NodeZero successfully elevated privileges to become a domain administrator while also compromising the organization’s business email system. The autonomous attack took 30 minutes to execute, with no humans involved, and chained together a variety of techniques including:
1. User enumeration combined with password spraying to compromise a domain user
2. Dumping the SAM database by exploiting local admin privileges assigned to the domain user
3. Reusing local admin credentials across multiple machines
4. Discovering a domain administrator credential by dumping credentials in LSA on a neighboring machine
5. Pivoting from domain admin to the Microsoft Azure Active Directory infrastructure (AzureAD)
6. Gaining access to the domain administrator’s email, which did not have multi-factor authentication (MFA) enabled
“The sequence of events in this attack path are typical of APT’s and ransomware organizations,” said Naveen Sunkavally, chief architect at Horizon3.ai. “What’s incredible is that this attack path isn’t hard coded as a runbook or predefined scripts anywhere in the product. Our machine learning techniques were able to figure out how to combine these different steps into an exploitable attack sequence safely in a production environment.”
KEY FEATURES OF NodeZero:
1. Attack paths that clearly explain the exact sequence of events that lead to a critical impact, with proof of exploitation and detailed descriptions for exactly what to fix.
2. Leverage scoring that helps organizations prioritize and fix actions based on risk to the organization as well as return on effort. For example, leverage scoring can help an IT admin determine that fixing a single issue will eliminate 70% of all exploitable attack paths discovered in the pentest.
3. Automatically generating compliance reports required for SOC2, HIPAA, GDPR, and other common compliance requirements.
4. Surfacing systemic issues and policy recommendations to help organizations identify the true root cause for their exploitable attack surface. For example, poor credential policies can lead to systemically weak passwords that can be easily cracked by attackers. Compare Pentest Feature helps teams easily complete the Find-Fix-Verify Cycle by confirming that weaknesses and vulnerabilities identified in previous tests have been fixed.
5. Self-service user experience that makes pentesting conveniently accessible to all types of users, from early career IT professionals to 20-year pentesting experts.
6. Features specifically valuable for MSSP’s and MSP’s, including white labeled reporting, multi-client management, and auto-generating statements of work for remediation services.
The user experience puts powerful new insights into security teams’ hands, including detailed attack paths with proof of exploitation, prioritized fix actions, and 1-click verification that the remediation was successful. The upshot is that autonomous pentesting becomes a force multiplier for security teams and their organizations.
View infographic below for more information!
Sorry, the comment form is closed at this time.