下载PDF
Horizon3.ai
概述
公司介绍
物联网应用简介
技术栈
Horizon3.ai的技术栈描绘了Horizon3.ai在网络安全和隐私, 和 可穿戴设备等物联网技术方面的实践。
-
设备层
-
边缘层
-
云层
-
应用层
-
配套技术
技术能力:
无
弱
中等
强
实例探究.
Case Study
Overcoming Misreporting Tools: A Case Study on Patch Management in a Teaching Hospital
A teaching hospital, despite having a diligent IT team that tracked security updates and promptly patched critical issues using industry-leading tools, found itself in a precarious situation. The team was confident that they had patched a critical vulnerability, known as ZeroLogon, months earlier. They even had reports from Qualys and Microsoft DISM, both industry-leading tools, to back up their claim. However, when NodeZero exploited this supposedly patched vulnerability in under a day on several of their Active Directory domain controllers, the IT team insisted it was a false positive. NodeZero, on the other hand, had evidence of a detailed attack chain showing each step taken to get credentials, escalate privileges, and gain administrative rights to Active Directory. This discrepancy led to the hospital reapplying the patch and repeating the NodeZero autonomous pen test.
Case Study
Maximizing Security with Minimum Effort: A Case Study on Horizon3.ai and NodeZero
The IT technical champion at a global manufacturing company was aware of the organization's security vulnerabilities despite having no existing compliance issues. The team was limited by budget constraints, only able to afford one penetration test per year. This was a significant challenge as the company's attack surface was expanding due to their growing IoT footprint. The organization needed a solution that could identify and address these vulnerabilities effectively and efficiently, without requiring significant resources or disrupting their operations.
Case Study
Enhancing Security in Medical Clinic with NodeZero
A medical clinic with over 120 providers was facing a significant security challenge. Despite using best-in-class endpoint detection and response (EDR) software, the clinic was still vulnerable to cyber threats. NodeZero, a security solution, was able to identify a device’s Local Security Authority Subsystem Service Process (LSASS), dump and crack user credentials, move laterally, and gain Windows Domain Administrator privileges. This resulted in full domain rights, a situation that should have been detected and blocked by the EDR. Upon investigation, it was discovered that the EDR solution was misconfigured on several devices. Additionally, the clinic had neglected to purchase an add-on module designed to alert on lateral movement. The clinic also faced challenges in patch management. While they recognized the urgency to install updates to their infrastructure, understanding what to patch, what to defer, and ensuring that patches remediate weaknesses was a complex task.