The Picus Security Validation Platform
Picus SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
223 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Practical and Reliable Security Testing Platform
What do you like best about the product?
It offers a rich MITRE ATTCK-based scenario library and clear reports that make it easy to spot gaps. Setup and usage are very straightforward.
What do you dislike about the product?
Dashboard customization is limited, and some integrations could provide more automation.
What problems is the product solving and how is that benefiting you?
Picus helps us continuously test and validate our security controls against real-world threats. It identifies gaps before attackers exploit them, which improves our overall security posture and saves time during audits.
Simple Way to Test and Improve Security Controls
What do you like best about the product?
It’s easy to see which attacks your system can stop and which ones it can’t. Picus shows you clear results after running tests, so you know what to fix. I also like that the attack scenarios are based on real-world threats and are updated often.
What do you dislike about the product?
The interface can be a bit hard to understand at first. Some features are not very clear without training or guidance. Also, sometimes it takes a while to run the simulations, especially if you're testing a lot of things at once.
What problems is the product solving and how is that benefiting you?
Picus helps us understand whether our security tools are actually working against real-world threats. Instead of just hoping our defenses are enough, we can test them with real attack simulations. This shows us where the gaps are, so we can fix them before a real attacker takes advantage. It saves time, improves our detection rules, and helps the team feel more confident about our security posture.
Cyber Security Engineer
What do you like best about the product?
I find the implementation of the connecting concepts, which fully integrate the blue and red teams, to be successful. The simulations are quite close to real life.
What do you dislike about the product?
There is no feature that I do not like, but there are aspects that can be improved as in every product.
What problems is the product solving and how is that benefiting you?
As a result of realistic and critical attack scenarios, it enabled me to write nearly 400 security rules in the QRadar system and strengthen the organization's defense.
Enhancing Our Security Posture with Picus
What do you like best about the product?
Picus helps us validate our defenses continuously with real-world attack simulations
What do you dislike about the product?
Sometimes, report customization feels limited for more specific needs.
What problems is the product solving and how is that benefiting you?
Picus Security helps identify gaps in our defenses by simulating real-world attacks, enabling us to proactively improve our security posture.
Picus Security Ability
What do you like best about the product?
One of the best things about Picus Security is its ability to proactively test security gaps using real-world traffic simulations.
What do you dislike about the product?
It can be a bit complex to set up and integrate at first, especially in larger or more segmented environments. At the end it can be handled anyway.
What problems is the product solving and how is that benefiting you?
Picus Security helps identify and validate security gaps by simulating real-world attacks, which improves our overall defense posture. It also helps us prioritize remediation based on actual risk.
Review of Picus
What do you like best about the product?
Aattack Path Validation was great and it helped us to see some vulnearabilities.
What do you dislike about the product?
The least helpful aspect is the complexity of the user interface for new users. It can be overwhelming without prior knowledge of BAS concepts.
What problems is the product solving and how is that benefiting you?
Picus Security helps us validate the effectiveness of our security controls by simulating real-world cyberattacks. Instead of waiting for an actual breach, we can proactively identify and fix gaps in our defenses. This improves our incident response time and strengthens our overall security posture.
Picus
What do you like best about the product?
Dashboards are very user friendly. UI/UX systems seem to be well developed.
What do you dislike about the product?
Installation process is a little bit complicated. The Linux environment is hard to use for Microsoft Windows administrators.
What problems is the product solving and how is that benefiting you?
Itidentifies and fixes errors in the configuration files of security products, detects overlooked insecure settings, and provides recommendations for remediation.
Picus is a benefical product for validate own security posture
What do you like best about the product?
Picus Security’s proactive breach and attack simulation (BAS) platform is a game-changer. It continuously validates security controls by simulating real-world threats, giving us actionable insights to close gaps before attackers exploit them. The automated red teaming and detailed mitigation guidance save us countless hours—turning vulnerability management from reactive to strategic.
What do you dislike about the product?
The licensing standard may change from time to time and may be complex.
What problems is the product solving and how is that benefiting you?
: We couldn't verify if our security tools (EDR, firewall, SIEM) would actually stop modern attacks
From Visibility to Assurance: Why Picus SCV Became Essential to Our Security Program
What do you like best about the product?
What I value most about Picus SCV is its ability to provide continuous, automated validation of our security controls in a real-world context. The platform simulates up-to-date attack techniques—from malware delivery to lateral movement—across the entire MITRE ATT&CK framework, allowing us to verify whether our existing controls detect, prevent, or miss them entirely.
The dashboards and reporting are incredibly intuitive, offering actionable insights that help prioritize remediation based on real security gaps, not theoretical vulnerabilities. Its integration with our SIEM and EDR platforms has also streamlined our detection engineering process significantly.
Most importantly, Picus doesn’t just show us what’s wrong—it empowers us to fix it with mitigation content and detection rule suggestions tailored to our environment. This has turned our purple teaming into a continuous, measurable process.
The dashboards and reporting are incredibly intuitive, offering actionable insights that help prioritize remediation based on real security gaps, not theoretical vulnerabilities. Its integration with our SIEM and EDR platforms has also streamlined our detection engineering process significantly.
Most importantly, Picus doesn’t just show us what’s wrong—it empowers us to fix it with mitigation content and detection rule suggestions tailored to our environment. This has turned our purple teaming into a continuous, measurable process.
What do you dislike about the product?
While Picus SCV is an extremely valuable platform, there are a few areas where improvement would further enhance its usability. The initial setup and tuning—especially for large and segmented environments—can be time-consuming, and may require more hands-on guidance than expected.
Additionally, while the mitigation and detection suggestions are helpful, their integration into certain third-party tools sometimes needs manual adjustments, especially when working with custom rule sets or less-common SIEM/EDR solutions.
In on-prem environments, testing WAF rules typically requires creating a dedicated policy and running all tests through that single policy. I've heard that this limitation has been addressed in newer versions, but the update hasn't been made available for on-prem deployments yet.
Additionally, while the mitigation and detection suggestions are helpful, their integration into certain third-party tools sometimes needs manual adjustments, especially when working with custom rule sets or less-common SIEM/EDR solutions.
In on-prem environments, testing WAF rules typically requires creating a dedicated policy and running all tests through that single policy. I've heard that this limitation has been addressed in newer versions, but the update hasn't been made available for on-prem deployments yet.
What problems is the product solving and how is that benefiting you?
Picus Security addresses one of the most critical gaps in cybersecurity: the disconnect between having security controls in place and knowing whether they actually work as expected against real-world threats.
Before Picus, we relied heavily on reactive analysis, assumptions, and post-incident reviews to assess the effectiveness of our security tools. Picus changed that by allowing us to continuously and proactively validate our defenses through automated threat simulations mapped to the MITRE ATT&CK framework.
Before Picus, we relied heavily on reactive analysis, assumptions, and post-incident reviews to assess the effectiveness of our security tools. Picus changed that by allowing us to continuously and proactively validate our defenses through automated threat simulations mapped to the MITRE ATT&CK framework.
Proactive Cyber Defense in Action: My Experience with Picus Security
What do you like best about the product?
What I really like about Picus Security is that it feels like having a smart teammate constantly testing our defenses for us. It doesn’t just tell you what’s wrong — it actually shows you how real attacks would happen and helps fix things before problems arise. It’s straightforward, easy to use, and gives you peace of mind knowing you’re one step ahead of the bad guys.
What do you dislike about the product?
One thing I find a bit frustrating about Picus Security is that the initial setup can be somewhat complex and time-consuming, especially if you don’t have much prior experience with similar tools. Also, sometimes the volume of data and alerts can feel overwhelming at first. However, once you get used to it, the platform becomes much easier to manage and the insights it provides are really valuable.
What problems is the product solving and how is that benefiting you?
Picus Security addresses the challenge of continuously validating and improving an organization’s security posture against evolving cyber threats. By simulating real-world attacks in a controlled environment, it identifies gaps in our defenses that traditional security tools might miss. This proactive approach allows us to prioritize remediation efforts effectively, reduce risks, and ensure compliance with security standards. For me, this means our security team can focus on actual vulnerabilities rather than guesswork, ultimately strengthening our overall defense strategy.
showing 161 - 170