The Picus Security Validation Platform has a report page that shows an overview of report results with at-a-glance information, such as an environment’s overall threat score and any changes since the last assessment. (Source: Picus Security)

Vendor: Picus Security

Price: $10,000

Contact: www.picussecurity.com

Quick Read  

What it does: The Picus Security Validation Platform takes a threat-centric approach to cyber resilience and offers continuous security validation that assists teams in identifying potential breach gaps and executing real-time and retrospective analysis to mitigate gaps.

What we liked: We liked the user-friendly interface that’s intuitive to navigate. It offers several effective ways of viewing assessment results so that organizations get the most out of their data. We also really liked the report options this product offers.

The Picus Security Validation Platform takes a threat-centric approach to cyber resilience, offering continuous security validation that assists teams in identifying potential breach gaps and then executing real-time and retrospective analysis to mitigate these gaps in minutes.

The adversary landscape constantly evolves and manual measures of cyber threat readiness are insufficient and unable to keep pace. An insurmountable stream of alerts bogs security teams down and forces them to address threats and vulnerabilities with whatever security tools they have available, even if such tools are obsolete or misconfigured. Picus Security deploys small, lightweight agents that use various risk-free, adversary-based attack scenarios to pass security controls and deliver malicious payloads. The Picus threat library currently has in its database nearly 9,000 real-world attack payloads, each mapped to the MITRE ATT&CK framework. Whenever a new threat appears in the wild, the platform alerts customers and keeps them up-to-date and prepared with proactive stances before the threat even attacks.

The entire interface is user-friendly and intuitive to navigate, offering several effective ways of viewing assessment results so that organizations get the most out of their data. The landing page offers an overview of high-level environmental information, such as overall threat status, all security scores and the identities of threats that pose the greatest risk. The historical view also offers quick visibility and insight into trends over time, while the simulation feed reveals all assessment activities as soon as they happen.

Security controls testing stands as only half the battle. Organizations need to know how to remediate attacks as well and Picus Security follows cycles of assessment with smart mitigation suggestions. Assessment results offer a comprehensive understanding of cyber resilience, empowering customers with actionable and detailed information about the paths that simulations have travelled and the location of any breaches that have occurred. The platform also links to VirusTotal, an external reference that analysts may consult for more threat-related information.

We really like the report options features. The report page shows an overview of report results with at-a-glance information, such as an environment’s overall threat score and any changes in that score since its last assessment. Analysts may then click on each report overview to see a full summary and concise breakdown of each individual assessment. These reports may run according to a reoccurring schedule or as a one-time assessment.

Overall, Picus Security Validation Platform increases cyber resilience with simulations that cover all vectors and types of attacks, reduces the risk of breaches and non-compliance and delivers historical and real-time visibility into security postures without disrupting production environments. It suggests specific mitigations for particular attacks so analysts always know the security gaps that exist on their environments and the measures that they can take to fix them. Picus offers robust, cutting-edge attack and mitigation content to eliminate gaps quickly, optimize existing security investments and lower overall security costs.

Pricing is calculated per attack vector and ranges between $10,000 and $150,000. Cost includes 9/5 phone support and access to a 24/7 support ticketing system.