Reviewed by Matthew Hreben & Michael Diehl
Vendor: Picus Security
Product: Picus Breach & Attack Simulation Platform
Price: $25,000 per vector assessment.
What it does: Breach and attack simulation platform.
What we liked: Simulation platform with a strong emphasis on remediation. Picus has gone out of their way to help security teams remediate findings.
These days, the sheer number of emerging threats makes any detection a challenge for cybersecurity professionals. Add to this the difficulty of responding in a timely manner, and information security is compounded tenfold. But how many companies can actually multiply their resources by such a steep factor? The realistic security officer instead identifies key indicators to measure the performance of the organization’s defenses. Picus Security seems to understand this well, as the Picus Breach & Attack Simulation platform solution is designed to seek out and test security measures within the production environment.
And for good reason. Security stacks can look and behave quite differently from one another. One company maintains only Next-Gen Firewall and Endpoint Protection software, while its neighbor adds to these an Intrusion Prevention System, Web Application Firewall, Endpoint Protection Software or Email Gateways. Yet in both cases, a key weakness of security operations is that they lack visibility and metrics. In fact, security investments are notoriously known for being used inefficiently, with underutilized stack capacity itself an exploitable vulnerability.
Picus aims to shed light on a stack’s capacity not as much by analyzing a system as testing it through the attack simulation. The solution is technologically agnostic – it exists as a virtual appliance or as software to run on physical or virtual Linux platforms – and promises to be an off-the-shelf software solution that can be installed and configured within hours so that users can get their results in only minutes. A flexible architecture supports both the Picus-hosted assessment for internet vector testing and the on-site installation for internal and cross-zone vector testing.
Once a simulation is run, threat-centric prioritization is based on asset and vulnerability data of the user’s network. Analysts will review specific gaps to determine how strong their stack’s performance is. In addition, relevant emerging threats appear in the threats dashboard per each defined assessment path or attack vector. Picus Labs collects threats from numerous sources on an average of 200 new threats monthly and assigns them a criticality value based on a severity mapping algorithm.
So how do analysts take action and mitigate discovered gaps quickly, once these are discovered and assessed? Picus’ Mitigation View guides users to relevant updates provided by the vendor’s third-party Technology Alliance Vendors, especially for action-oriented procedures and most impactful mitigation options. This means security operatives connect directly with mitigation tools they already use such as Fortinet, Check Point and McAfee.
Picus Security has been reliably successful in tackling these issues, especially within the financial industries space. These organizations and institutions already have the necessary assets to focus on cybersecurity.
Support is available 24/7 via a ticketing system with phone support available 9/5.