The Picus Complete Security Control Validation Platform

Additional Info

CompanyPicus Security
Company size (employees)100 to 499
Type of solutionSoftware


The Picus Complete Security Control Validation Platform simulates real-world cyber attacks to test, measure and help enhance the effectiveness of organizations’ defenses. Unlike manual security assessments, such as penetration testing, which are vulnerability-focused and conducted at a single point in time, the Picus platform is fully automated and engineered with the purpose of continuously validating the performance of security tools.

Picus’ rich threat library, which is updated daily, contains over 11,000 individually customizable attacks. It includes hundreds of malware and ransomware threats as well attacks that leverage techniques used across the cyber kill chain.

By validating network security, SIEM, EDR and SOAR tools, Picus provides a holistic view of defensive capabilities. This includes verifying that investments are configured optimally to prevent, detect and respond to current and emerging threats.

To enable security teams to each measure their organization’s security posture and rapidly address threat coverage and visibility gaps, Picus maps assessment results to the MITRE ATT&CK Framework, generates real-time reports and supplies 70,000+ easy-to-apply prevention signatures and detection rules.

By facilitating a threat-centric approach to security, Picus enables organizations to understand the risks they face and make decisions that lead to enhanced cyber resilience plus more effective and efficient use of investments and resources.

How we are different

Picus offers a ‘complete’ solution for security control validation - one that not only assesses the ongoing effectiveness of security controls but also helps to maximize their performance and value.

• Picus includes the most comprehensive and rapidly updated threat library, enabling organizations to test their defenses against the latest attacks as soon as they emerge. Picus Labs researchers monitor the threat landscape closely, meaning that new attack simulations are typically added to the Picus Threat Library within 24 hours of public disclosure. Unlike other vendors, Picus does not charge a premium for early access to new attack simulations.

• Picus validates the performance of the broadest range of network security and detection tools, including Next-Gen Firewalls, Web Application Firewalls, Intrusion Prevention Systems, SIEM and SOAR platform, and EDR solutions. Integration with a wide wide range of technologies provides a deeper level of validation, enabling security teams to identify and address risks that other tools fail to identify. By assessing the performance of security tools individually and collectively plus mapping results to MITRE ATT&CK Picus enables security teams to quickly gauge risk and prioritize improvements.

• Picus offers vendor-specific mitigations for both prevention and detection technologies, including prevention signatures and detection rules. This is in contrast to other solutions that supply generic recommendations that are not easy to action. With the Picus platform, security teams can address threat coverage and visibility gaps in minutes, not days.