Metasploit vs. Picus Security

It is easy to use with sufficient documentation on how to use the tools for end users or newbies. Experienced testers will find it easy to customise and configure the test cases. Just wished that I could have taken up a course on using this tool in my study days so that I could had explored more and improved my familiarity with the tool, unlike when working where access and time to explore the other features of the tool is limited

Incentivized

If you want to analyze the full path focusing on the signatures it’s the best product in the market. If you want to test phishing, data exfiltration/DLP, DNS I don’t recommend Picus. Scenario based attacks also lacking. However Picus support is awesome and I like the development team. When we open a case, they’ll always return with the right answer

Incentivized

• Easy to use.
• Many exploits available.
• Multi-platform.

Incentivized

• It has thousands of signatures and up-to-date attack vectors (It's the largest set in the market)
• Attack vectors are mapped with existing vendors like Checkpoint and Mcafee, where you don't spend time finding out which cve mapped to which protection
• Ability to focus/highlght solely new threats, it's superb for 0days and up-to-date protections. As there are always timing issue between updates and apply the updates on the products.
• Blocked vs not blocked ratios on the dashboard with drill down menu specifiying the set of protections or signatures on the defensive measures
• Already mapped mitre att&ck framework on the dasboard. SOC and analyst team using the Mitre framework.
• Detection analytics enhance the analytics capabilities with pinpoint accuracy where to focus and how to prevent
• Timeline and scheduled reports from the dashboard in flexible format

Incentivized

• More robust menus
• Better plugin inter-operation

Incentivized

• Visualization of network and the products
• Complex/Scenario based attacks
• Phishing tests
• DNS and Data exfiltration attacks
• Automatic action through the apis for the products on the path
• Strategical and tactical reports for Cisos
• Automatic SOAR entegration with already builtin playbooks

Incentivized

We don't use it.

Incentivized

Metasploit is the most well-known tool in the average pen tester's toolkit. It's hard to compare to its neighbor's due to its size and following.

Incentivized

We use other vendors Verodin, AttackIQ, SafeBreach, Cymulate etc. All of them have their advantages and disadvantages. Please take a look at TrustRadius reviews of each product. I don’t want to go head to head for each product in this
review. I select Picus because it's local startup company in our region. I like their support and engineering team. Support is marvelous. Product is giving what we expected from the product. Price is adequate. Reporting and dashboard is superb.

Incentivized

• Positive: Improves efficiency of our network penetration testing operations.
• Positive: Allows for collaboration and information sharing during a penetration test.

Incentivized

• With Picus we have the tangible KPIs for the security
• Detetcion and Prevention rates for the latest attacks are significantly increased
• We work with many security vendors. We use picus scores and share specific outputs with the company in case of decreasing score rates where the development and product team analyzes their updates or product engines to increase the rates.
• It helps our strategic plans where to focus and invest for the following years and planning/prioritizing the security budgets to specific highlighted areas

Incentivized