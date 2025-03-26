Horizon3.ai Releases 2025 Cybersecurity Insights Report
Key Findings from Over 50,000 NodeZero® Pentests
London (ots) - Keith Poyser, Vice President for EMEA: "This report offers a
groundbreaking analysis based on real-world cyberattack techniques conducted at
organisations across the globe, delivering invaluable insights."
Horizon3.ai (https://www.horizon3.ai/) , a global leader in offensive security,
today released its 2025 Cybersecurity Insights Report, revealing the common
security gaps organisations struggle to close. By analysing exploit trends from
50,000 NodeZero® autonomous security tests run in 2024, along with insights from
a survey sample of nearly 800 security leaders and practitioners, the report
presents clear evidence of how current security strategies are failing, and what
organisations must change to stay ahead of evolving threats.
groundbreaking analysis based on real-world cyberattack techniques conducted at
organisations across the globe, delivering invaluable insights."
Horizon3.ai (https://www.horizon3.ai/) , a global leader in offensive security,
today released its 2025 Cybersecurity Insights Report, revealing the common
security gaps organisations struggle to close. By analysing exploit trends from
50,000 NodeZero® autonomous security tests run in 2024, along with insights from
a survey sample of nearly 800 security leaders and practitioners, the report
presents clear evidence of how current security strategies are failing, and what
organisations must change to stay ahead of evolving threats.
Horizon3.ai defines offensive security as using real-world attacker techniques
to identify and exploit weaknesses across IT environments-proving what's truly
at risk. Unlike passive security, which relies on layered defences with
unverified effectiveness, NodeZero autonomously conducts safe, full-scale tests
that demonstrate exactly how attackers could compromise critical systems. The
result: clear, actionable proof that enables teams to find, fix, and verify
vulnerabilities-before adversaries strike.
Horizon3.ai highlights key findings from the report:
- Vulnerability Scanning Falls Short - Despite 98% of organisations using
vulnerability scanning, only 34% find it highly effective due to false
positives that hinder teams from focusing on real risks.
- Credential-Based Attacks Remain a Major Risk - NodeZero successfully performed
credential dumping in over 28,000 cases, demonstrating the widespread risk of
weak credential practices and policies.
- Patch Management Delays Leave Systems Exposed - Over half of practitioners
(53%) and more than a third of security leaders (36%) admit to delaying
patches due to operational constraints, leaving critical vulnerabilities open.
- Known Vulnerabilities Remain Unpatched - NodeZero exploited 229 known
vulnerabilities nearly 100,000 times in customer environments, demonstrating
that many organisations struggle to remediate even widely recognized threats.
"Security isn't about reacting-it's about outpacing your adversary," said Snehal
Antani, CEO & Co-Founder of Horizon3.ai. "Too many organisations still confuse
compliance for security, falling back on outdated assumptions and annual testing
cycles. This report shows what modern defenders already know: you have to think
like an attacker, validate like an operator, and build a security program that
stands up to real-world pressure."
to identify and exploit weaknesses across IT environments-proving what's truly
at risk. Unlike passive security, which relies on layered defences with
unverified effectiveness, NodeZero autonomously conducts safe, full-scale tests
that demonstrate exactly how attackers could compromise critical systems. The
result: clear, actionable proof that enables teams to find, fix, and verify
vulnerabilities-before adversaries strike.
Horizon3.ai highlights key findings from the report:
- Vulnerability Scanning Falls Short - Despite 98% of organisations using
vulnerability scanning, only 34% find it highly effective due to false
positives that hinder teams from focusing on real risks.
- Credential-Based Attacks Remain a Major Risk - NodeZero successfully performed
credential dumping in over 28,000 cases, demonstrating the widespread risk of
weak credential practices and policies.
- Patch Management Delays Leave Systems Exposed - Over half of practitioners
(53%) and more than a third of security leaders (36%) admit to delaying
patches due to operational constraints, leaving critical vulnerabilities open.
- Known Vulnerabilities Remain Unpatched - NodeZero exploited 229 known
vulnerabilities nearly 100,000 times in customer environments, demonstrating
that many organisations struggle to remediate even widely recognized threats.
"Security isn't about reacting-it's about outpacing your adversary," said Snehal
Antani, CEO & Co-Founder of Horizon3.ai. "Too many organisations still confuse
compliance for security, falling back on outdated assumptions and annual testing
cycles. This report shows what modern defenders already know: you have to think
like an attacker, validate like an operator, and build a security program that
stands up to real-world pressure."
Autor folgen