The Picus Security Validation Platform
Picus SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
218 reviews
from
and
External reviews are not included in the AWS star rating for the product.
A Proactive Approach to Threat Readiness
What do you like best about the product?
Picus Security provides vendor-specific mitigation recommendations, which are particularly valuable for enabling prompt remediation when signatures exist for threats that are not currently being blocked. This feature helps reduce the organization's reliance on OEM support to a certain extent by streamlining the response process.
Additionally, Picus offers robust customer support and a highly intuitive, user-friendly interface. Compared to other Breach and Attack Simulation (BAS) solutions I have evaluated, Picus stands out in terms of usability and ease of navigation, enhancing operational efficiency during security assessments.
Picus delivers weekly threat intelligence updates to ensure the threat library remains aligned with the evolving threat landscape. In addition to automated updates, the platform offers flexibility through on-demand threat inclusion. When specific threats are not yet available in the existing library, their support team is highly responsive—upon request, they are often able to research, validate, and incorporate the requested threat into the threat library. This capability enhances threat coverage and ensures that the simulation environment remains relevant to organizational risk profiles.
Additionally, Picus offers robust customer support and a highly intuitive, user-friendly interface. Compared to other Breach and Attack Simulation (BAS) solutions I have evaluated, Picus stands out in terms of usability and ease of navigation, enhancing operational efficiency during security assessments.
Picus delivers weekly threat intelligence updates to ensure the threat library remains aligned with the evolving threat landscape. In addition to automated updates, the platform offers flexibility through on-demand threat inclusion. When specific threats are not yet available in the existing library, their support team is highly responsive—upon request, they are often able to research, validate, and incorporate the requested threat into the threat library. This capability enhances threat coverage and ensures that the simulation environment remains relevant to organizational risk profiles.
What do you dislike about the product?
I wouldn’t say there’s anything I dislike about the product—it’s more of a feature enhancement request.
Currently, after integrating with a SIEM, the Picus portal provides visibility into whether logs related to a specific threat are present. This is helpful for validating whether logging is working correctly.
However, in environments with multiple security controls—such as various network-layer defenses and endpoint detection and response (EDR) solutions—it becomes challenging to quickly determine which control actually blocked the threat. Picus does a good job of capturing raw logs, but identifying the specific control responsible often requires manual log inspection in Picus portal.
It would be extremely helpful if Picus could offer a visual mapping or correlation mechanism that clearly shows where a threat was detected or blocked across different layers. Ideally, this should be intuitive enough that even a new user or analyst could quickly understand the source of detection or prevention.
Again, this is just a feature request to enhance usability and threat traceability.
Currently, after integrating with a SIEM, the Picus portal provides visibility into whether logs related to a specific threat are present. This is helpful for validating whether logging is working correctly.
However, in environments with multiple security controls—such as various network-layer defenses and endpoint detection and response (EDR) solutions—it becomes challenging to quickly determine which control actually blocked the threat. Picus does a good job of capturing raw logs, but identifying the specific control responsible often requires manual log inspection in Picus portal.
It would be extremely helpful if Picus could offer a visual mapping or correlation mechanism that clearly shows where a threat was detected or blocked across different layers. Ideally, this should be intuitive enough that even a new user or analyst could quickly understand the source of detection or prevention.
Again, this is just a feature request to enhance usability and threat traceability.
What problems is the product solving and how is that benefiting you?
Every organization implements a diverse set of security controls across various layers of their infrastructure. For instance:
-> Network layer: NGFWs, proxies
-> Data protection: DLP solutions
-> Endpoint: EDR tools
-> Web applications: WAFs
While these investments are essential, a critical question arises: How can we validate the effectiveness and readiness of these controls against emerging threats—especially those targeting our specific sector? Are the security policies configured correctly? Are they actually working as intended?
$ This is where Picus comes into play.
Picus offers a comprehensive threat library based on real-world TTPs (Tactics, Techniques, and Procedures) used by known threat actors. This enables us to:
-> Continuously assess whether our security controls—especially at the endpoint—are capable of detecting and preventing these behaviors.
-> Gain insights into visibility gaps across layers.
-> Validate control configurations against threat-specific scenarios.
By automating these assessments, Picus allows our security team to focus their efforts on higher-value tasks such as researching emerging threats and building custom detection rules. The platform also supports the creation and testing of specific TTPs, enabling ongoing evaluation of our detection and prevention capabilities in a proactive, controlled manner.
-> Network layer: NGFWs, proxies
-> Data protection: DLP solutions
-> Endpoint: EDR tools
-> Web applications: WAFs
While these investments are essential, a critical question arises: How can we validate the effectiveness and readiness of these controls against emerging threats—especially those targeting our specific sector? Are the security policies configured correctly? Are they actually working as intended?
$ This is where Picus comes into play.
Picus offers a comprehensive threat library based on real-world TTPs (Tactics, Techniques, and Procedures) used by known threat actors. This enables us to:
-> Continuously assess whether our security controls—especially at the endpoint—are capable of detecting and preventing these behaviors.
-> Gain insights into visibility gaps across layers.
-> Validate control configurations against threat-specific scenarios.
By automating these assessments, Picus allows our security team to focus their efforts on higher-value tasks such as researching emerging threats and building custom detection rules. The platform also supports the creation and testing of specific TTPs, enabling ongoing evaluation of our detection and prevention capabilities in a proactive, controlled manner.
Identifying weakeness
What do you like best about the product?
1. Vendor specific mitigation content helped me to zoom in to issues and fix fast
2. Low False Positive and highly updated content was a major plus point
3. Platform was easy to use
2. Low False Positive and highly updated content was a major plus point
3. Platform was easy to use
What do you dislike about the product?
not appliable, as the tool was really great
What problems is the product solving and how is that benefiting you?
Help to review current tools, finding gaps and closing it either by improving the baseline or a change of product
Help greatly with prioritization
What do you like best about the product?
Exposure prioritization with SCV + asset data
What do you dislike about the product?
We don't have dislikes about the solution right now.
What problems is the product solving and how is that benefiting you?
it's unique approach to EXM is helping us focus on the more important vulnerabilities rather than thousands that are always there.
Easily Identified our security gaps and mitigate them.
What do you like best about the product?
Ease of use. rapid identification of security gaps.
number of useful features
number of useful features
What do you dislike about the product?
there is nothing I dislike about picus..
What problems is the product solving and how is that benefiting you?
I can mitigate our security gaps with picus easily.
rapid detection
What do you like best about the product?
fast detection, ease of use, and support
What do you dislike about the product?
I can't see any disadvantages at the moment.
What problems is the product solving and how is that benefiting you?
It tests network security by performing automated attacks, finds vulnerabilities, and enables us to take swift action.
BAS Simulation with Prevention and Mitigation - Technical Review
What do you like best about the product?
Picus Security is an outstanding platform for continuous security validation, providing clear visibility into which controls are active and what threats are being blocked.
Ease of Use: Very intuitive and user-friendly interface.
Ease of Implementation: Straightforward deployment with excellent documentation.
Customer Support: Responsive and knowledgeable support team, backed by strong resources.
Frequency of Use: Used regularly to validate and optimize security posture.
Number of Features: Rich feature set covering a wide range of security validation needs.
Ease of Integration: Seamlessly integrates with existing security tools and infrastructure.
Overall, Picus adds tremendous value by ensuring security controls remain effective and organizations stay resilient against evolving threats.
Ease of Use: Very intuitive and user-friendly interface.
Ease of Implementation: Straightforward deployment with excellent documentation.
Customer Support: Responsive and knowledgeable support team, backed by strong resources.
Frequency of Use: Used regularly to validate and optimize security posture.
Number of Features: Rich feature set covering a wide range of security validation needs.
Ease of Integration: Seamlessly integrates with existing security tools and infrastructure.
Overall, Picus adds tremendous value by ensuring security controls remain effective and organizations stay resilient against evolving threats.
What do you dislike about the product?
Honestly, there isn’t much to dislike. The platform delivers strong value across usability, implementation, features, and support. If anything, the pace of updates and new feature releases makes it challenging to keep up, but this is more of a positive reflection of their innovation than a drawback.
What problems is the product solving and how is that benefiting you?
Picus Security helps address the critical challenge of knowing whether security controls are actually effective against real-world threats. By continuously validating controls, it identifies what is being blocked and what is not, eliminating blind spots. This proactive visibility ensures that our security posture remains strong, reduces the risk of misconfigurations, and maximizes the value of our existing security investments. The biggest benefit is having actionable insights that allow us to strengthen defenses before attackers can exploit any gaps.
Senior Cyber Security Engineer
What do you like best about the product?
Easy to use and it has user friendly GUI. It has large database of atack simulation
What do you dislike about the product?
I can't say bad any idea for Picus Security
What problems is the product solving and how is that benefiting you?
When our servers have some vulnerability, I can learn what we have vulnerability thanks to Picus security and we fixed it
Marketing Specialist
What do you like best about the product?
I like that Picus Security helps organizations stay ahead of cyber threats with continuous security validation. Their platform is easy to use and provides clear insights to improve defenses.
What do you dislike about the product?
Sometimes it takes a bit of time to set up new scenarios or integrations, but overall the platform works well.
What problems is the product solving and how is that benefiting you?
Picus Security helps identify security gaps by simulating real-world cyberattacks. This allows us to improve our defenses and respond faster to potential threats.
Strong threat insights, though setup and cost may challenge some teams
What do you like best about the product?
What I enjoy best about Picus Security is that it behaves like a friendly hacker, safely testing your systems to discover how well they can handle real-world attacks. Then it plainly shows you what is wrong and explains how to solve it. It is an easy method to stay on top of cyber risks without having to be a security specialist.
What do you dislike about the product?
One thing I dislike about Picus Security is that it might be difficult to set up at first, especially if you are not familiar with cybersecurity tools. It may also be expensive for smaller teams, and some features are only available in higher-level programs.
What problems is the product solving and how is that benefiting you?
Picus Security helps find weak spots in our systems by safely simulating real cyberattacks. This means we can fix issues before real hackers find them, which makes our security much stronger and gives us peace of mind. It is like having a regular health check-up, but for our cybersecurity.
An important addition to our customer infrastructure
What do you like best about the product?
The solution is very easy to use, providing many useful suggestions for customers.
What do you dislike about the product?
The solution needs to integrate more local vendors in different countries.
What problems is the product solving and how is that benefiting you?
Picus helps us detect many policies, rules in our security controls
showing 111 - 120