Innovative Solution that exceeds our expectations
Use Cases and Deployment Scope
Picus is being used a security validation and breach attack simulation/detection system in our enterprise network. Picus
is the main scoring system in out enterprise networks. It’s being used not after the products implementation even we use picus before acquiring of any security software solution. Any software or hardware solution which does not pass the scoring automatically eliminated. Scoring is based on zones and products/services where the picus vectors are implemented. Integration with the sim/siem enhances the analytics and detection/prevention. Specific rules are
implemented through the siem and picus outputs. Picus is one of the key elements in cyber resilience. Regulations and compliance enforces KPI in cyber-security, Picus scores are direct input for these KPIs. Therefore our companies have passed the audits throughout the usage of picus without any problem. New threats and attacks are mapped within the Picus database and attack vectors, we can simulate this attacks securely without exposing any potential risk to our
environment.
Pros
- It has thousands of signatures and up-to-date attack vectors (It's the largest set in the market)
- Attack vectors are mapped with existing vendors like Checkpoint and Mcafee, where you don't spend time finding out which cve mapped to which protection
- Ability to focus/highlght solely new threats, it's superb for 0days and up-to-date protections. As there are always timing issue between updates and apply the updates on the products.
- Blocked vs not blocked ratios on the dashboard with drill down menu specifiying the set of protections or signatures on the defensive measures
- Already mapped mitre att&ck framework on the dasboard. SOC and analyst team using the Mitre framework.
- Detection analytics enhance the analytics capabilities with pinpoint accuracy where to focus and how to prevent
- Timeline and scheduled reports from the dashboard in flexible format
Cons
- Visualization of network and the products
- Complex/Scenario based attacks
- Phishing tests
- DNS and Data exfiltration attacks
- Automatic action through the apis for the products on the path
- Strategical and tactical reports for Cisos
- Automatic SOAR entegration with already builtin playbooks
Likelihood to Recommend
If you want to analyze the full path focusing on the signatures it’s the best product in the market. If you want to test phishing, data exfiltration/DLP, DNS I don’t recommend Picus. Scenario based attacks also lacking. However Picus support is awesome and I like the development team. When we open a case, they’ll always return with the right answer
