The Picus Security Validation Platform
Picus SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
220 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Picus Experience
What do you like best about the product?
I have been working with Picus for over 3.5 years, providing installation, troubleshooting, and support services through various consulting companies.
What started as a BAS (Breach and Attack Simulation) product has grown into a comprehensive security platform. The modules now meet the complex needs of large enterprises and help reduce a significant amount of operational workload.
In my field — endpoint security — the results from Picus simulations have been a great asset. They’ve given me valuable insights that directly improved the effectiveness of my mitigation work. With the CSV module, I’ve also seen how cloud environments can be built on a much stronger and more secure foundation.
One thing I really appreciate is how much Picus invests in their product. You can see they’re constantly improving it and adding capabilities that actually matter in day-to-day operations. Combined with their strong vendor support, easy-to-use interface, and smooth integration with other tools, Picus has become a solution you can rely on long term — not just for testing, but for improving security in a practical way.
What started as a BAS (Breach and Attack Simulation) product has grown into a comprehensive security platform. The modules now meet the complex needs of large enterprises and help reduce a significant amount of operational workload.
In my field — endpoint security — the results from Picus simulations have been a great asset. They’ve given me valuable insights that directly improved the effectiveness of my mitigation work. With the CSV module, I’ve also seen how cloud environments can be built on a much stronger and more secure foundation.
One thing I really appreciate is how much Picus invests in their product. You can see they’re constantly improving it and adding capabilities that actually matter in day-to-day operations. Combined with their strong vendor support, easy-to-use interface, and smooth integration with other tools, Picus has become a solution you can rely on long term — not just for testing, but for improving security in a practical way.
What do you dislike about the product?
Picus does a good job of capturing raw logs, but identifying the specific control responsible often requires manual log inspection in Picus portal.There is still room for improvement on the reporting side, particularly in making the outputs more straightforward and actionable.
What problems is the product solving and how is that benefiting you?
Picus Security addresses the challenge of continuously validating and improving an organization’s security posture without adding significant operational overhead. By simulating real-world threats, it helps identify gaps in endpoint, network, and cloud defenses before attackers can exploit them.
Amazing simulation experience
What do you like best about the product?
Picus Security is best known for its continuous Breach and Attack Simulation (BAS), which lets you safely test your defenses against real-world threats mapped to MITRE ATT&CK.
It continuously validates security controls, identifies detection/prevention gaps, and provides actionable, vendor-specific mitigation guidance.
It integrates with SIEM, XDR, and EDR tools, helping SOC teams quickly improve defenses and demonstrate compliance with standards like NIST and ISO 27001.
It continuously validates security controls, identifies detection/prevention gaps, and provides actionable, vendor-specific mitigation guidance.
It integrates with SIEM, XDR, and EDR tools, helping SOC teams quickly improve defenses and demonstrate compliance with standards like NIST and ISO 27001.
What do you dislike about the product?
Great for proactive defense, but cost, tuning effort, and scenario limits can be sticking points — especially for teams with tight budgets or limited manpower.
What problems is the product solving and how is that benefiting you?
Unverified Security Posture Runs continuous Breach & Attack Simulations mapped to MITRE ATT&CK. Provides clear, evidence-based visibility into detection and prevention capabilities.
Gaps in Detection & Prevention Identifies exactly which attacks bypassed your controls. Enables quick remediation before an actual attacker exploits them.
Slow Response to Threat Changes Constantly updates attack scenarios to match the latest TTPs. Keeps defenses aligned with emerging threats without waiting for yearly tests.
Inefficient SOC Tuning Integrates with SIEM, XDR, EDR to correlate simulation results with actual alerts. Reduces alert fatigue, improves detection rules, and increases SOC efficiency.
Compliance Evidence Gaps Generates continuous validation reports. Supports frameworks like NIST, ISO 27001, PCI DSS with provable control testing data.
Gaps in Detection & Prevention Identifies exactly which attacks bypassed your controls. Enables quick remediation before an actual attacker exploits them.
Slow Response to Threat Changes Constantly updates attack scenarios to match the latest TTPs. Keeps defenses aligned with emerging threats without waiting for yearly tests.
Inefficient SOC Tuning Integrates with SIEM, XDR, EDR to correlate simulation results with actual alerts. Reduces alert fatigue, improves detection rules, and increases SOC efficiency.
Compliance Evidence Gaps Generates continuous validation reports. Supports frameworks like NIST, ISO 27001, PCI DSS with provable control testing data.
Be prepared for both known and unknown attacks in an uncertain world.
What do you like best about the product?
In today's era, all customers have been using most of the technology. Now it's time to achieve 100% ROI from investment and at the same time be prepared for threats.
Picus Security has multiple modules to cover 360 degrees of infrastructure and keeps you one step ahead against the latest threats. I almost like all the features.
Picus Security has multiple modules to cover 360 degrees of infrastructure and keeps you one step ahead against the latest threats. I almost like all the features.
What do you dislike about the product?
It should cover more on CSPM and it should also cover DRP and vendor assessments.
What problems is the product solving and how is that benefiting you?
Picus provides us with statistics about the current infrastructure and prepares you for the uncertain battle.
Picus delivers real-world threat simulations that greatly boost security validation & SOC detection.
What do you like best about the product?
The most helpful aspect of Picus Security is that it continuously and safely simulates real-world cyberattacks across the full kill chain, allowing you to see exactly how your security controls perform and where gaps exist — with clear, vendor-specific mitigation steps to close them.
Upsides of using Picus Security:
Comprehensive validation – Tests security controls from infiltration to exfiltration, not just internal movement.
Real-world threat simulations – Uses an up-to-date threat library to mirror actual attack techniques and emerging threats.
Actionable recommendations – Provides detailed, vendor-specific fixes rather than generic “patch/update” advice.
Continuous improvement – Helps track SOC and vendor performance, showing ROI on cybersecurity investments.
Integration-ready – Works alongside existing SIEM, EDR, firewall, and SOC tools for unified visibility.
Evidence-based reporting – Supports security decisions with measurable, tested data instead of assumptions.
Upsides of using Picus Security:
Comprehensive validation – Tests security controls from infiltration to exfiltration, not just internal movement.
Real-world threat simulations – Uses an up-to-date threat library to mirror actual attack techniques and emerging threats.
Actionable recommendations – Provides detailed, vendor-specific fixes rather than generic “patch/update” advice.
Continuous improvement – Helps track SOC and vendor performance, showing ROI on cybersecurity investments.
Integration-ready – Works alongside existing SIEM, EDR, firewall, and SOC tools for unified visibility.
Evidence-based reporting – Supports security decisions with measurable, tested data instead of assumptions.
What do you dislike about the product?
Not a vulnerability patching tool – It focuses on validating and improving existing controls rather than directly remediating vulnerabilities.
Requires existing security infrastructure – Works best when integrated with current firewalls, EDR, SIEM, etc.
Learning curve for optimization – Teams may need some initial time to fine-tune configurations and integrations for maximum benefit.
Requires existing security infrastructure – Works best when integrated with current firewalls, EDR, SIEM, etc.
Learning curve for optimization – Teams may need some initial time to fine-tune configurations and integrations for maximum benefit.
What problems is the product solving and how is that benefiting you?
Picus Security helps address critical business problems by:
Validating security controls to ensure defenses work effectively against real-world threats.
Identifying detection gaps early, reducing risk of undetected breaches.
Improving SOC efficiency with actionable, vendor-specific mitigation guidance.
Demonstrating ROI on cybersecurity investments with evidence-based results.
Enhancing incident readiness across the full cyber kill chain, from infiltration to exfiltration.
Validating security controls to ensure defenses work effectively against real-world threats.
Identifying detection gaps early, reducing risk of undetected breaches.
Improving SOC efficiency with actionable, vendor-specific mitigation guidance.
Demonstrating ROI on cybersecurity investments with evidence-based results.
Enhancing incident readiness across the full cyber kill chain, from infiltration to exfiltration.
Picus is a Game-Changer in Continuous Security Validation
What do you like best about the product?
The best part of Picus is its ability to simulate real-world attack scenarios in a fully automated way, providing clear, actionable insights. It integrates seamlessly with our existing security stack and aligns perfectly with the MITRE ATT&CK framework. The platform is easy to navigate and delivers immediate value by highlighting detection and prevention gaps.
What do you dislike about the product?
While the platform is outstanding overall, report customization could be more flexible for advanced use cases. API integration works well, but more real-world code samples in the documentation would make development easier. Occasionally, setting up complex network scenarios requires additional configuration effort, especially in segmented environments.
What problems is the product solving and how is that benefiting you?
Picus Security enables us to continuously test our defenses against real-world threats, helping identify gaps early and improve collaboration between red and blue teams.
A solid platform with excellent support.
What do you like best about the product?
Picus Security offers exceptionally responsive and knowledgeable customer support. Their team is always quick to assist and provides clear, effective guidance, which makes a real difference in daily operations.
What do you dislike about the product?
While the platform itself is robust and easy to use, I’ve found that some technical documentation could be more detailed, especially for advanced use cases or integration scenarios.
What problems is the product solving and how is that benefiting you?
It enables us to continuously test and validate our defenses against real attack scenarios, giving us greater confidence in our overall security posture.
Integration and Module Testing Insights
What do you like best about the product?
I appreciate the fast and intensive support provided by their technical team. Their product-specific recommendations, which are based on integration with other products, have been a great help to me and my company.
What do you dislike about the product?
Exporting the results can be expanded in some parts.
What problems is the product solving and how is that benefiting you?
It provides the opportunity to observe the proper configuration of other security products. This helps us see our effectiveness from both a financial and security perspective.
Picus Makes Our Security Stronger
What do you like best about the product?
Picus Security makes it really easy to test our defenses by simulating real-world cyberattacks. It clearly highlights vulnerabilities and provides actionable steps to fix them. The platform is straightforward to use, and we found the implementation process in our organization smooth. Customer support has been responsive and helpful whenever needed. We use it regularly, and the wide range of features combined with easy integration into our existing environment makes it a reliable and valuable tool for improving our security posture.
What do you dislike about the product?
Sometimes, the simulations can take a while to run, and a few of the results are difficult to interpret without technical expertise. Additionally, it would be helpful if there were more integrations available with the other tools we use.
What problems is the product solving and how is that benefiting you?
Picus Security assists us in identifying vulnerabilities within our security by simulating real-world attacks. It highlights which of our defenses are effective and which areas require further attention. This proactive approach allows us to address issues before actual hackers can exploit them, ultimately making our systems more secure and streamlining the audit process.
A Very Useful Security Platform
What do you like best about the product?
I do really like the platform for its extensive threat library coverage, ease of use, and the super useful mitigation and recommendations it provides to my company to improve the cyber defense.
The platform integrates perfectly with my other security platforms (Edr, Siem, Firewall) helping to improve their efficency
The platform integrates perfectly with my other security platforms (Edr, Siem, Firewall) helping to improve their efficency
What do you dislike about the product?
What I don't like is the fact that the platform's data doesn't reside in Italy and for a regulatory framework we had to install the Picus Manager Console on-prem with the effect to not have to possibility to use advanced functions (ex AI assistent and more)
What problems is the product solving and how is that benefiting you?
Picus Security help my company to highlight some findings and weakness about the security architeture that once solved have increased the efficency as well as the resilency of our environment..
Great BAS tool that pays for it self in a month or two
What do you like best about the product?
We’ve had a fantastic experience with Pica Security’s breach and attack simulation tool. It’s proven to be an excellent investment, essentially paying for itself within just a couple of months. The tool has greatly enhanced our ability to benchmark different EDR solutions and reassess the value our current vendor provides. It also keeps us ahead of potential threats, helping us understand and improve our defensive posture and the visibility from our SOC. One of the standout features is its ability to integrate with our existing tools, ensuring that the recommendations are tailored specifically to our environment rather than being generic. Overall, it’s an invaluable asset in our cybersecurity toolkit.
What do you dislike about the product?
It takes some initial configuration tweaking. Their Automaed Pentesting is very light, but they are releasing new functionality rapidly.
What problems is the product solving and how is that benefiting you?
Providing us insight on how well prepared we are for certain relevant TTPs
showing 71 - 80