The Picus Complete Security Control Validation Platform

Promote this Nomination

Additional Info

CompanyPicus Security
Company size (employees)100 to 499
Headquarters RegionNorth America
Type of solutionSoftware


A multinational banking and financial services corporation, sought a solution to validate the effectiveness of its security controls. The organization, which has over 38 million customers and processes a huge amount of personal and financial information, recognized the significant reputational damage a data breach could inflict and wanted to minimize the potential risks by maintaining the highest standards of cyber resilience at all times.

The organization’s global network is protected by an extensive set of security tools and the bank was keen to understand their effectiveness, both individually and collectively, to defend against current and emerging threats. The organization’s security team regularly commissioned independent penetration testing from third parties and whilst highly valuable for helping to discover and address vulnerabilities, these assessments did not comprehensively assess the effectiveness of the organization’s prevention capabilities.

After determining the requirement for a specialist tool to support its needs, the organization’s security team identified the Picus Complete Security Control Validation Platform as offering the turnkey functionality it needed to help optimize tits defense against malware, web application attacks, and other threats.

Picus’ rich threat library, which is updated daily, contains over 11,000 attack scenarios and runs continuously to assess the performance of the organization’s firewalls and intrusion prevention systems.

Picus calculates an individual security score for each technology, enabling the organization to set a security baseline and measure improvements.

To enable any gaps to be addressed swiftly and effectively, Picus supplies vendor-specific prevention signatures. These can be applied directly from the platform, helping the organization’s team to automate manual processes, save person-hours and lower operational costs.

Picus’ real-time dashboards and clear reports enable security and business leaders within the organization to stay abreast of the organization’s security posture at all times and provide evidence to compliance auditors that assets are being protected.

How we are different

Picus offers a ‘complete’ solution for security control validation - one that not only assesses the ongoing effectiveness of security controls but also helps to maximize their performance and value.

• Picus includes the most comprehensive and rapidly updated threat library, enabling organizations to test their defenses against the latest attacks as soon as they emerge. Picus Labs researchers monitor the threat landscape closely, meaning that new attack simulations are typically added to the Picus Threat Library within 24 hours of public disclosure. Unlike other vendors, Picus does not charge a premium for early access to new attack simulations.

• Picus validates the performance of the broadest range of network security and detection tools, including Next-Gen Firewalls, Web Application Firewalls, Intrusion Prevention Systems, SIEM and SOAR platform, and EDR solutions. Integration with a wide wide range of technologies provides a deeper level of validation, enabling security teams to identify and address risks that other tools fail to identify. By assessing the performance of security tools individually and collectively plus mapping results to MITRE ATT&CK Picus enables security teams to quickly gauge risk and prioritize improvements.

• Picus offers vendor-specific mitigations for both prevention and detection technologies, including prevention signatures and detection rules. This is in contrast to other solutions that supply generic recommendations that are not easy to action. With the Picus platform, security teams can address threat coverage and visibility gaps in minutes, not days.