Horizon3.ai Launches Pentesting to Help Businesses Get Ahead of Tougher PCI Requirements

The payment card industry is tightening its data security standards with the upcoming release of PCI DSS v4.0. With these new requirements on the horizon, companies that handle payment card data need to ramp up their security practices and compliance efforts.

That’s where Horizon3.ai‘s newly launched penetration testing services come into play. As an approved scanning vendor for the Payment Card Industry Security Standards Council, Horizon3.ai is rolling out comprehensive pentesting with Horizon3.ai Pentesting Services for Compliance, to help businesses identify vulnerabilities and meet the increased demands of PCI DSS v4.0.

Demand for pentesting expertise is at an all-time high,
and organizations may be struggling to meet compliance-driven pentesting needs.
This advanced, tailored service is designed to fulfill the internal and
external pentesting requirements for rigorous regulatory standards that require
manual penetration testing to uncover complex logic errors and unknown

Horizon3.ai Pentesting Services for Compliance key

  • embraces Human-Machine
    – a world-class team of Offensive Security Certified Professional
    (OSCP) pentesters conduct pentests to the methodologies specified in each
    standard, e.g., authenticated and unauthenticated, internal and external
    perspectives, segmentation checks, etc.
  • leverages the NodeZero
    autonomous pentesting platform’s artificial intelligence to identify
    exploitable attack paths
    – far beyond the capabilities, scale, speed and
    relevance of vulnerability scanners;
  • supports the Payment
    Card Industry Data Security Standard (PCI DSS) v4.0
    and the updated
    Self-Assessment Questionnaires (SAQs) to System and Organization Controls
    (SOC), Digital Operational Resilience Act (DORA), General Data Protection
    Regulation (GDPR), Center for Internet Security (CIS), National Institute of
    Standards and Technology (NIST), Cybersecurity Maturity Model Certification
    (CMMC), and many organizations’ internal requirements;
  • provides meticulous
    Pentesting Report and a Fix Action Report
    with detailed and prioritized
    guidance; access to results reports for 12 months; and confirmation of
    effective corrections via NodeZero’s 1-click verify tool – targeted retesting
    of identified weaknesses that can be executed repeatedly after remediation to
    confirm issues are resolved.

“Horizon3.ai gives its customers an unprecedented benefit with the 1-click verify tool in NodeZero. It’s often the case that a client doesn’t have the expertise to easily interpret or act on the list of corrections they receive after a thorough pentest. Horizon3.ai delivers detailed and prioritized remediation guidance and then goes far beyond that with the 1-click verify tool. With a click of a button, the customer can instigate a targeted retest that generates proof of remediation for their audit,” said James T. Flowers, CISSP, CISM, Security & Compliance Expert, Auditor, and Consultant.

Organizations can also opt to integrate their pentesting engagement with a bundled subscription to NodeZero for continuous security testing, both to move beyond mere “point-in-time” compliance and also to alleviate the remediation burdens of upcoming audit cycles. This allows organizations to assess and improve their security posture with a number of operations beyond internal and external pentesting, such as AD password audit, Phishing Impact testing, N-day testing, and more.

Horizon3.ai Pentesting Services for Compliance are tuned to meet the needs of organizations subject to annual compliance with the PCI DSS v4.0 or the updated SAQs. As of March 31, 2024, PCI DSS v3.2.1 will be retired and v4.0, which introduces more rigorous, continuous security practices, will become the only active version of the standard.

“Security of an organization’s cardholder data environment is of supreme importance to the organization and to its consumers. We are excited to offer our new service tailored to the pentesting methodology specified by the PCI Security Standards Council. We deliver timely world-class penetration testing and implement our services in a way that helps our clients speed and improve their remediations and move toward continuous security testing,” said Horizon3.ai Co-Founder and CEO Snehal Antani.
The New Rigor of PCI DSS v4.0, the latest version of the PCI Data Security Standard, has an emphasis on keeping up with emerging threats and technologies. Key changes include:

  • Increased flexibility to allow for better risk management decisions
  • Updated requirements for authenticating access to systems
  • Greater testing procedures for critical systems handling payment data
  • New requirements for vulnerability disclosure and software supply chain security

With these heightened standards, companies can expect PCI audits to be significantly more stringent regarding their security controls and processes.

As PCI DSS v4.0 rolls out, companies need to be prepared for heightened scrutiny on payment data security. Horizon3.ai’s new penetration testing services enable businesses to get ahead of the curve and ensure their systems are hardened against the latest threats.

Learn more about the Horizon3.ai Pentesting Services for Compliance