Horizon3.ai Introduces New Pentesting Services for Compliance in Preparation for PCI DSS v4.0 Release


SAN FRANCISCO, March 5, 2024 –Horizon3.ai, a pioneer in autonomous security solutions, today made public the launch of the Horizon3.ai Pentesting Services for Compliance. Horizon3.ai recognizes that there is a high demand for pentesting expertise, and organizations might be facing challenges in meeting their compliance-driven pentesting requirements. This advanced, customized service is crafted to fulfill the internal and external pentesting needs for stringent regulatory standards that mandate manual penetration testing to discover intricate logic errors and undiscovered vulnerabilities.

The need for manual penetration testing spans across various compliance frameworks, including the Payment Card Industry Data Security Standard (PCI DSS) v4.0 and the revised Self-Assessment Questionnaires (SAQs), as well as System and Organization Controls (SOC), Digital Operational Resilience Act (DORA), General Data Protection Regulation (GDPR), Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), Cybersecurity Maturity Model Certification (CMMC), and numerous internal organizational requirements.

Horizon3.ai Pentesting Services for Compliance adopts the concept of Human-Machine collaboration, where a top-tier team of Offensive Security Certified Professional (OSCP) pentesters carry out their pentests following the methodologies specified in each standard, like authenticated and unauthenticated, internal and external perspectives, segmentation checks, and more. Equipped with the NodeZeroTM autonomous pentesting platform, they utilize artificial intelligence to pinpoint exploitable attack paths that go beyond what vulnerability scanners can identify, thereby adding scale, speed, contextual relevance, and consistency to their penetration tests.

The fusion of expert human analysis and NodeZero’s autonomous testing leads to a comprehensive and actionable evaluation of the network infrastructure under examination. Through this service, clients obtain a thorough Pentesting Report and a Fix Action Report with detailed and prioritized recommendations. They also gain access to their pentest results on the NodeZero platform for 12 months to assist in guiding and streamlining their remediation efforts. Clients can validate the effectiveness of their corrections through NodeZero’s 1-click verify tool. This tool allows for targeted retesting of identified weaknesses, enabling clients to verify that an issue has indeed been addressed. Once the remediation is confirmed, clients can download a corresponding report to present to their auditors as crucial evidence. This eliminates the need for clients to schedule additional consulting sessions to verify remediation efforts. Additionally, the service provides prompt response alerts from Horizon3.ai’s experienced Attack Team regarding emerging zero-day and N-day vulnerabilities that could impact the client’s environment.

“Horizon3.ai offers its clients an unparalleled advantage with the 1-click verify tool in NodeZero. It is often the case that a client lacks the expertise to interpret or act on the list of remediations received following a thorough pentest. Horizon3.ai provides detailed and prioritized guidance for remediation, and goes a step further with the 1-click verify tool. With just a click, the client can initiate a targeted retest that generates proof of remediation for their audit,” stated James T. Flowers, CISSP, CISM, Security & Compliance Expert, Auditor, and Consultant.

Organizations also have the option to integrate their pentesting engagement with a combined subscription to NodeZero for ongoing security testing. This allows organizations to go beyond mere “point-in-time” compliance and alleviate the remediation burdens of upcoming audit cycles. It enables organizations to evaluate and enhance their security posture with various operations beyond internal and external pentesting, such as AD password audit, Phishing Impact testing, N-day testing, and more.

Horizon3.ai Pentesting Services for Compliance are tailored to meet the requirements of organizations subject to annual compliance with the PCI DSS v4.0 or the updated SAQs. Starting March 31, 2024, PCI DSS v3.2.1 will be phased out, making v4.0 the sole active version of the standard, introducing more rigorous and continuous security practices.

“The security of an organization’s cardholder data environment is of paramount importance to the organization and its consumers. We are thrilled to introduce our new service tailored to the pentesting methodology specified by the PCI Security Standards Council. We deliver timely, world-class penetration testing and implement our services in a manner that helps our clients expedite and enhance their remediation efforts and move closer to continuous security testing,” expressed Horizon3.ai Co-Founder and CEO Snehal Antani.

Discover more about the Horizon3.ai Pentesting Services for Compliance. 

For additional details, send your inquiry to [email protected] 

About Horizon3.ai

Horizon3.ai was established in 2019 by former industry and U.S. National Security veterans. Our goal is to assist organizations in viewing their networks from the perspective of an attacker, proactively addressing critical issues, enhancing the efficacy of their security initiatives, and ensuring readiness to combat real cyber threats.

Leave a Reply

Your email address will not be published. Required fields are marked *