What is Picus Security?

Picus Security, headquartered in San Francisco, offers Continuous Security Validation and Mitigation as the most proactive approach to ensure cyber-resilience. The Picus Platform measures the effectiveness of defenses by using emerging threat samples in production environments, providing the insight required to build the right security strategy to better manage complex operations.

What are Picus Security's top competitors?

Cymulate are common alternatives for Picus Security.

Who uses Picus Security?

The most common users of Picus Security are from Enterprises (1,001+ employees).

Picus Security Reviews & Ratings 2024

Operating Systems	Unspecified
Mobile Application	No

December 23, 2021

Innovative Solution that exceeds our expectations

IHSAN CAKMAKLI

Senior Security Specialist

YAPI KREDI (Banking, 10,001+ employees)

Score 9 out of 10

Vetted Review

Verified User

Incentivized

Use Cases and Deployment Scope

Picus is being used a security validation and breach attack simulation/detection system in our enterprise network. Picus is the main scoring system in out enterprise networks. It’s being used not after the products implementation even we use picus before acquiring of any security software solution. Any software or hardware solution which does not pass the scoring automatically eliminated. Scoring is based on zones and products/services where the picus vectors are implemented. Integration with the sim/siem enhances the analytics and detection/prevention. Specific rules are implemented through the siem and picus outputs. Picus is one of the key elements in cyber resilience. Regulations and compliance enforces KPI in cyber-security, Picus scores are direct input for these KPIs. Therefore our companies have passed the audits throughout the usage of picus without any problem. New threats and attacks are mapped within the Picus database and attack vectors, we can simulate this attacks securely without exposing any potential risk to our environment.

Pros and Cons

It has thousands of signatures and up-to-date attack vectors (It's the largest set in the market)
Attack vectors are mapped with existing vendors like Checkpoint and Mcafee, where you don't spend time finding out which cve mapped to which protection
Ability to focus/highlght solely new threats, it's superb for 0days and up-to-date protections. As there are always timing issue between updates and apply the updates on the products.
Blocked vs not blocked ratios on the dashboard with drill down menu specifiying the set of protections or signatures on the defensive measures
Already mapped mitre att&ck framework on the dasboard. SOC and analyst team using the Mitre framework.
Detection analytics enhance the analytics capabilities with pinpoint accuracy where to focus and how to prevent
Timeline and scheduled reports from the dashboard in flexible format

Visualization of network and the products
Complex/Scenario based attacks
Phishing tests
DNS and Data exfiltration attacks
Automatic action through the apis for the products on the path
Strategical and tactical reports for Cisos
Automatic SOAR entegration with already builtin playbooks

Likelihood to Recommend

If you want to analyze the full path focusing on the signatures it’s the best product in the market. If you want to test phishing, data exfiltration/DLP, DNS I don’t recommend Picus. Scenario based attacks also lacking. However Picus support is awesome and I like the development team. When we open a case, they’ll always return with the right answer

Most Important Features

Security validation and scoring
Number of attacks and CVEs supported on the product
Attack simulation
Detection analytics with integration Siem products

Return on Investment

With Picus we have the tangible KPIs for the security
Detetcion and Prevention rates for the latest attacks are significantly increased
We work with many security vendors. We use picus scores and share specific outputs with the company in case of decreasing score rates where the development and product team analyzes their updates or product engines to increase the rates.
It helps our strategic plans where to focus and invest for the following years and planning/prioritizing the security budgets to specific highlighted areas

Alternatives Considered

Cymulate, AttackIQ Security Optimization Platform, Mandiant Security Validation and SafeBreach

We use other vendors Verodin, AttackIQ, SafeBreach, Cymulate etc. All of them have their advantages and disadvantages. Please take a look at TrustRadius reviews of each product. I don’t want to go head to head for each product in this review. I select Picus because it's local startup company in our region. I like their support and engineering team. Support is marvelous. Product is giving what we expected from the product. Price is adequate. Reporting and dashboard is superb.

Other Software Used

Cymulate, Mandiant Security Validation, AttackIQ Security Optimization Platform

Picus Security

Overview

What is Picus Security?

Innovative Solution that exceeds our expectations

Product Details

What is Picus Security?

Picus Security Competitors

Picus Security Technical Details

Comparisons

Compare with

Mandiant Advantage Security Validation

IBM Security QRadar SIEM

Splunk Enterprise Security (ES)

Qualys TruRisk Platform

Metasploit

BitSight Security Ratings

Arcsight by OpenText

Microsoft Sentinel

FortiAnalyzer

Reviews and Ratings

Reviews

Innovative Solution that exceeds our expectations

Use Cases and Deployment Scope

Pros and Cons

Likelihood to Recommend

Most Important Features

Return on Investment

Alternatives Considered

Other Software Used