The Picus Security Validation Platform
Picus SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
223 reviews
from
and
External reviews are not included in the AWS star rating for the product.
An easy-to-use platform that delivers on its promises and always brings new innovations
What do you like best about the product?
It has an intuitive, easy-to-use platform and can enter productive environments in just a few days.
What do you dislike about the product?
The troubleshooting documentation needs to be improved a bit, as some errors don't go to the console and you need to see the log on the agent.
What problems is the product solving and how is that benefiting you?
Periodic assessments of environmental safety posture
Separating cyber wheat from chaff
What do you like best about the product?
Ability to quickly conduct very specific posture assessments while also having a programatic view of susceptibility to a variety of attacks
What do you dislike about the product?
Can be difficult to export information at times
What problems is the product solving and how is that benefiting you?
Prioritization of exposure and initial identification of remediation alternatives in the context of susceptibility
Amazing experience of Security
What do you like best about the product?
Picus Security provides a highly effective and user-friendly platform for continuously validating our security controls. The simulated attack scenarios are realistic and regularly updated, which helps us identify gaps before real threats exploit them. The reporting and remediation guidance are clear, actionable, and save a significant amount of time for our security team
What do you dislike about the product?
Overall, the platform works seamlessly. Occasionally, some advanced attack simulations require fine-tuning for specific environments, but the Picus support team is always quick and helpful in resolving these issues.
What problems is the product solving and how is that benefiting you?
Picus Security helps us continuously validate and improve the effectiveness of our security controls. By simulating real-world attack scenarios, it allows us to proactively identify vulnerabilities and close gaps before they can be exploited. This significantly enhances our security posture, reduces risk, and saves time by providing clear remediation guidance.
Picus Experience
What do you like best about the product?
I have been working with Picus for over 3.5 years, providing installation, troubleshooting, and support services through various consulting companies.
What started as a BAS (Breach and Attack Simulation) product has grown into a comprehensive security platform. The modules now meet the complex needs of large enterprises and help reduce a significant amount of operational workload.
In my field — endpoint security — the results from Picus simulations have been a great asset. They’ve given me valuable insights that directly improved the effectiveness of my mitigation work. With the CSV module, I’ve also seen how cloud environments can be built on a much stronger and more secure foundation.
One thing I really appreciate is how much Picus invests in their product. You can see they’re constantly improving it and adding capabilities that actually matter in day-to-day operations. Combined with their strong vendor support, easy-to-use interface, and smooth integration with other tools, Picus has become a solution you can rely on long term — not just for testing, but for improving security in a practical way.
What started as a BAS (Breach and Attack Simulation) product has grown into a comprehensive security platform. The modules now meet the complex needs of large enterprises and help reduce a significant amount of operational workload.
In my field — endpoint security — the results from Picus simulations have been a great asset. They’ve given me valuable insights that directly improved the effectiveness of my mitigation work. With the CSV module, I’ve also seen how cloud environments can be built on a much stronger and more secure foundation.
One thing I really appreciate is how much Picus invests in their product. You can see they’re constantly improving it and adding capabilities that actually matter in day-to-day operations. Combined with their strong vendor support, easy-to-use interface, and smooth integration with other tools, Picus has become a solution you can rely on long term — not just for testing, but for improving security in a practical way.
What do you dislike about the product?
Picus does a good job of capturing raw logs, but identifying the specific control responsible often requires manual log inspection in Picus portal.There is still room for improvement on the reporting side, particularly in making the outputs more straightforward and actionable.
What problems is the product solving and how is that benefiting you?
Picus Security addresses the challenge of continuously validating and improving an organization’s security posture without adding significant operational overhead. By simulating real-world threats, it helps identify gaps in endpoint, network, and cloud defenses before attackers can exploit them.
Amazing simulation experience
What do you like best about the product?
Picus Security is best known for its continuous Breach and Attack Simulation (BAS), which lets you safely test your defenses against real-world threats mapped to MITRE ATT&CK.
It continuously validates security controls, identifies detection/prevention gaps, and provides actionable, vendor-specific mitigation guidance.
It integrates with SIEM, XDR, and EDR tools, helping SOC teams quickly improve defenses and demonstrate compliance with standards like NIST and ISO 27001.
It continuously validates security controls, identifies detection/prevention gaps, and provides actionable, vendor-specific mitigation guidance.
It integrates with SIEM, XDR, and EDR tools, helping SOC teams quickly improve defenses and demonstrate compliance with standards like NIST and ISO 27001.
What do you dislike about the product?
Great for proactive defense, but cost, tuning effort, and scenario limits can be sticking points — especially for teams with tight budgets or limited manpower.
What problems is the product solving and how is that benefiting you?
Unverified Security Posture Runs continuous Breach & Attack Simulations mapped to MITRE ATT&CK. Provides clear, evidence-based visibility into detection and prevention capabilities.
Gaps in Detection & Prevention Identifies exactly which attacks bypassed your controls. Enables quick remediation before an actual attacker exploits them.
Slow Response to Threat Changes Constantly updates attack scenarios to match the latest TTPs. Keeps defenses aligned with emerging threats without waiting for yearly tests.
Inefficient SOC Tuning Integrates with SIEM, XDR, EDR to correlate simulation results with actual alerts. Reduces alert fatigue, improves detection rules, and increases SOC efficiency.
Compliance Evidence Gaps Generates continuous validation reports. Supports frameworks like NIST, ISO 27001, PCI DSS with provable control testing data.
Gaps in Detection & Prevention Identifies exactly which attacks bypassed your controls. Enables quick remediation before an actual attacker exploits them.
Slow Response to Threat Changes Constantly updates attack scenarios to match the latest TTPs. Keeps defenses aligned with emerging threats without waiting for yearly tests.
Inefficient SOC Tuning Integrates with SIEM, XDR, EDR to correlate simulation results with actual alerts. Reduces alert fatigue, improves detection rules, and increases SOC efficiency.
Compliance Evidence Gaps Generates continuous validation reports. Supports frameworks like NIST, ISO 27001, PCI DSS with provable control testing data.
Be prepared for both known and unknown attacks in an uncertain world.
What do you like best about the product?
In today's era, all customers have been using most of the technology. Now it's time to achieve 100% ROI from investment and at the same time be prepared for threats.
Picus Security has multiple modules to cover 360 degrees of infrastructure and keeps you one step ahead against the latest threats. I almost like all the features.
Picus Security has multiple modules to cover 360 degrees of infrastructure and keeps you one step ahead against the latest threats. I almost like all the features.
What do you dislike about the product?
It should cover more on CSPM and it should also cover DRP and vendor assessments.
What problems is the product solving and how is that benefiting you?
Picus provides us with statistics about the current infrastructure and prepares you for the uncertain battle.
Picus delivers real-world threat simulations that greatly boost security validation & SOC detection.
What do you like best about the product?
The most helpful aspect of Picus Security is that it continuously and safely simulates real-world cyberattacks across the full kill chain, allowing you to see exactly how your security controls perform and where gaps exist — with clear, vendor-specific mitigation steps to close them.
Upsides of using Picus Security:
Comprehensive validation – Tests security controls from infiltration to exfiltration, not just internal movement.
Real-world threat simulations – Uses an up-to-date threat library to mirror actual attack techniques and emerging threats.
Actionable recommendations – Provides detailed, vendor-specific fixes rather than generic “patch/update” advice.
Continuous improvement – Helps track SOC and vendor performance, showing ROI on cybersecurity investments.
Integration-ready – Works alongside existing SIEM, EDR, firewall, and SOC tools for unified visibility.
Evidence-based reporting – Supports security decisions with measurable, tested data instead of assumptions.
Upsides of using Picus Security:
Comprehensive validation – Tests security controls from infiltration to exfiltration, not just internal movement.
Real-world threat simulations – Uses an up-to-date threat library to mirror actual attack techniques and emerging threats.
Actionable recommendations – Provides detailed, vendor-specific fixes rather than generic “patch/update” advice.
Continuous improvement – Helps track SOC and vendor performance, showing ROI on cybersecurity investments.
Integration-ready – Works alongside existing SIEM, EDR, firewall, and SOC tools for unified visibility.
Evidence-based reporting – Supports security decisions with measurable, tested data instead of assumptions.
What do you dislike about the product?
Not a vulnerability patching tool – It focuses on validating and improving existing controls rather than directly remediating vulnerabilities.
Requires existing security infrastructure – Works best when integrated with current firewalls, EDR, SIEM, etc.
Learning curve for optimization – Teams may need some initial time to fine-tune configurations and integrations for maximum benefit.
Requires existing security infrastructure – Works best when integrated with current firewalls, EDR, SIEM, etc.
Learning curve for optimization – Teams may need some initial time to fine-tune configurations and integrations for maximum benefit.
What problems is the product solving and how is that benefiting you?
Picus Security helps address critical business problems by:
Validating security controls to ensure defenses work effectively against real-world threats.
Identifying detection gaps early, reducing risk of undetected breaches.
Improving SOC efficiency with actionable, vendor-specific mitigation guidance.
Demonstrating ROI on cybersecurity investments with evidence-based results.
Enhancing incident readiness across the full cyber kill chain, from infiltration to exfiltration.
Validating security controls to ensure defenses work effectively against real-world threats.
Identifying detection gaps early, reducing risk of undetected breaches.
Improving SOC efficiency with actionable, vendor-specific mitigation guidance.
Demonstrating ROI on cybersecurity investments with evidence-based results.
Enhancing incident readiness across the full cyber kill chain, from infiltration to exfiltration.
Picus is a Game-Changer in Continuous Security Validation
What do you like best about the product?
The best part of Picus is its ability to simulate real-world attack scenarios in a fully automated way, providing clear, actionable insights. It integrates seamlessly with our existing security stack and aligns perfectly with the MITRE ATT&CK framework. The platform is easy to navigate and delivers immediate value by highlighting detection and prevention gaps.
What do you dislike about the product?
While the platform is outstanding overall, report customization could be more flexible for advanced use cases. API integration works well, but more real-world code samples in the documentation would make development easier. Occasionally, setting up complex network scenarios requires additional configuration effort, especially in segmented environments.
What problems is the product solving and how is that benefiting you?
Picus Security enables us to continuously test our defenses against real-world threats, helping identify gaps early and improve collaboration between red and blue teams.
A solid platform with excellent support.
What do you like best about the product?
Picus Security offers exceptionally responsive and knowledgeable customer support. Their team is always quick to assist and provides clear, effective guidance, which makes a real difference in daily operations.
What do you dislike about the product?
While the platform itself is robust and easy to use, I’ve found that some technical documentation could be more detailed, especially for advanced use cases or integration scenarios.
What problems is the product solving and how is that benefiting you?
It enables us to continuously test and validate our defenses against real attack scenarios, giving us greater confidence in our overall security posture.
Integration and Module Testing Insights
What do you like best about the product?
I appreciate the fast and intensive support provided by their technical team. Their product-specific recommendations, which are based on integration with other products, have been a great help to me and my company.
What do you dislike about the product?
Exporting the results can be expanded in some parts.
What problems is the product solving and how is that benefiting you?
It provides the opportunity to observe the proper configuration of other security products. This helps us see our effectiveness from both a financial and security perspective.
showing 71 - 80