Picus Security Reviews

Name: Picus Security
Brand: Picus Security
Rating: 4.4 (7 reviews)

Vendor: Picus Security

4.4 out of 5

7 reviews
100% willing to recommend

Leave a review

What is Picus Security?

Independent from any vendor or technology, the unparalleled Picus Platform is designed to continuously measure the effectiveness of security defenses by using emerging threat samples in production environments. Created by a team that’s been working together more than 10 years already and has proven their expertise in enterprise cybersecurity, Picus is trusted by many large multinational corporations and government agencies.

Get the Picus Security Buyer's Guide and find out what your peers are saying about Picus Security, Akamai Guardicore Segmentation, Pentera and more!

Picus Security is the #4 ranked solution in Breach and Attack Simulation vendors. PeerSpot users give Picus Security an average rating of 8.8 out of 10. Picus Security is most commonly compared to Akamai Guardicore Segmentation: Picus Security vs Akamai Guardicore Segmentation. Picus Security is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 15% of all views.

Helped 884,797 peers since 2012

Featured Picus Security reviews

Ronald Paz

Consulting Systems Engineer at Boomslang Tech

The best feature Picus Security offers in my experience is automated attack simulation plus MITRE mapping. It provides real evidence of control effectiveness, standardized validation using the MITRE ATT&CK framework, and enables risk-based prioritizations. For example, before Picus Security, we thought EDR was working, but after working with Picus Security, EDR detects 72% of credential access techniques. The automation and use of the MITRE ATT&CK framework have helped me significantly in my day-to-day work. For example, as I mentioned before, we thought EDR was working, but after the test with Picus Security, we detected that EDR detects 72% of credential access techniques. This changed decision-making from our opinion to metrics-driven security. The impact on the organization from using Picus Security was important because it increased visibility of security gaps, reduced a false sense of security, improved SOC detection accuracy, and supported audit and compliance in frameworks such as ISO 27001, NIST, and CIS Controls. In my project specifically, the positive impact of Picus Security was to improve our organization's security validation maturity from a reactive posture to a continuous evidence-driven validation model. We improved detection capability, reduced security gaps, and experienced faster validation of security controls. Specific outcomes or metrics showing these improvements include detection coverage based on MITRE ATT&CK. The metric is simulated techniques successfully detected. Before Picus Security, it was 57% to 75%. After tuning with Picus Security, it was 80% to 95%. Additionally, for prevention effectiveness, represented by control efficacy, the metric is the percentage of attacks blocked before execution. Before it was 40% to 55%. After tuning with Picus Security, it reached 70% to 90%.

Read full review

erdemerdag

Cybersecurity Operations Engineer at a tech services company with 201-500 employees

According to the attack vectors, you cannot specify which product is failing or which product is working well because there's no agent. The best case scenario is to add an agent solution where an agent would have the ability to actually detect which programs aren't working. For the attack software, you put a peer on the cloud site, and you have another peer internal network. There is IPS, firewall, WAF, and DBS amongst these peers. The cloud's peer is trying to send the attack file to the internal network. Maybe the firewall is blocking it, maybe the IP, maybe the WAF, but you cannot see the details. You can say, "Yes, my security product is blocking that attack scenario," or, "I cannot block this attack."

Read full review

Kateryna Andrushchenko

Information Security System Manager at CS-Consulting

Picus Security has been implemented in our organization to enhance threat detection by allowing us to test some of the other security tools in our company. I recommend the product to others who plan to use it. The tool has not had an impact on our company's overall security posture since the time of implementation since we just used it for some testing purposes, during which it did show some interesting results. I rate the overall tool a nine out of ten.

Read full review

Picus Security mindshare

As of March 2026, the mindshare of Picus Security in the Breach and Attack Simulation (BAS) category stands at 12.8%, down from 18.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Breach and Attack Simulation (BAS) Mindshare Distribution
Product	Mindshare (%)
Picus Security	12.8%
Pentera	23.2%
Cymulate	15.6%
Other	48.4%

Breach and Attack Simulation (BAS)

PeerResearch reports based on Picus Security reviews

Type	Title	Date
Category	Breach and Attack Simulation (BAS)	Mar 24, 2026	Download
Product	Reviews, tips, and advice from real users	Mar 24, 2026	Download
Comparison	Picus Security vs The NodeZero Platform by Horizon3.ai	Mar 24, 2026	Download
Comparison	Picus Security vs Cymulate	Mar 24, 2026	Download
Comparison	Picus Security vs Pentera	Mar 24, 2026	Download

Valuable Features

Picus Security's most important features include vulnerability detection, threat intelligence, security control validation, and comprehensive integration. Users benefit from real attack simulations without affecting production systems, allowing them to manage and configure firewalls, IPS, and WAF. Customizable attack executions enable adaptation to specific environments. Detection capabilities extend to alarms and logs from SIEM tools. Threat intelligence assists in blocking and preventing attacks by identifying malicious files and providing threat IDs. Comprehensive network, endpoint, and email vector coverage offers a complete security approach.

"The impact on the organization from using Picus Security was important because it increased visibility of security gaps, reduced a false sense of security, improved SOC detection accuracy, and supported audit and compliance in frameworks such as ISO 27001, NIST, and CIS Controls."
"It provides good reports and offers signature-based solutions."
"The most valuable feature of Picus Security is its threat intelligence, providing suggestions to block and prevent attacks by identifying malicious files and providing threat IDs."

Room for Improvement

Picus Security users highlighted the need for precise identification of attack bypass locations and enhanced patching capabilities. They noted a lack of integration options and called for improved data analysis and attack path validation. Scalability and automated processes were also areas of concern. Some felt that the company needed a local data center in India and faster customer support response times to improve trust and market presence.

"From a real-world perspective, Picus Security could be improved with more native integration with LATAM-used tools, improved report customization for executive-level dashboards, and enhanced automation in remediation workflows, ideally with SOAR-like capabilities."
"There is room for improvement in the response rate provided by customer support."
"To improve, Picus Security could consider establishing a data center in India to address trust issues and increase interest from Indian customers."

Pricing

Enterprise buyers find Picus Security's pricing fair and in line with market competitors. Pricing varies based on regions, use cases, applications, and yearly licenses correlated to the number of vectors deployed. Distributors may adjust prices, with possible discounts available due to regional customer acquisition efforts. Overall, the pricing is considered moderate, scoring around seven out of ten, and is viewed as offering good value for money.

"There is a yearly license according to the number of vectors. The pricing is moderate."
"They have certain price ranges for their products, depending upon the use cases, and the number of applications the customer wants to try."

Popular Use Cases

Picus Security is primarily utilized by clients in the Middle East for validating security controls and assessing infrastructure strength. It offers breach and attack simulation, enabling verification of network security through simulated attacks and prevention measures such as URL bypass blocking. Clients use it for continuous security validation, both on-premises and in cloud environments, to ensure controls effectively stop and mitigate attacks. Military clients and companies simulating network security scenarios benefit from its frequent dictionary updates.

Service and Support

Picus Security excels in customer service and support, consistently receiving high ratings. Their support team is described as responsive and highly available, with quick resource assignment. Although they offer effective technical assistance, reaching support can be challenging due to time differences, as assistance primarily comes from the US and UK. Users suggest enhancing local support presence and speeding up response times. Overall ratings average between 8 and 10 out of 10.

Deployment

The initial setup for Picus Security is described as straightforward and well-documented. Users find it easy with the assistance of detailed guidance and support. Configuration can sometimes be complex due to the need for customer-specific network design choices, involving different segments like cloud and internal networks. Deployment is generally quick, often taking just one day, and most users rate the process highly. The installation typically requires minimal personnel, enhancing simplicity and efficiency.

Scalability

Picus Security's scalability is highly rated, supporting installation on multiple servers to distribute attack traffic effectively. It is deemed suitable for both large and medium-scale infrastructures. Users highlight the platform's capability to support different use cases through various agents, though some still require manual configuration. The scalability receives strong praise with little noted limitations, serving both enterprise and SMB markets effectively.

Stability

Picus Security is highly stable, performing well on Linux systems, with management servers on CentOS. Users report minimal issues, including some capacity problems and minor bugs, but describe it as highly reliable, often rating stability nine out of ten. As a next-generation platform, it's trusted by those prioritizing security, requiring reliable internet, and some prefer on-premise deployment for privacy. Bugs are scarce, and stability is a strong point praised by many.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Picus Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	2

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	90
Midsize Enterprise	55
Large Enterprise	214

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

15%

Manufacturing Company

Government

Computer Software Company

Retailer

Energy/Utilities Company

Hospitality Company

Outsourcing Company

Media Company

Educational Organization

Insurance Company

Logistics Company

Real Estate/Law Firm

Comms Service Provider

Construction Company

Performing Arts

Wholesaler/Distributor

University

Non Profit

Recreational Facilities/Services Company

Healthcare Company

Marketing Services Firm

Pharma/Biotech Company

Transportation Company

Legal Firm

Recruiting/Hr Firm

Consumer Goods Company

Aerospace/Defense Firm

Maritime Company

Leisure / Travel Company

Compare Picus Security with alternative products

Learn more about Picus Security

Picus Security customers

Akbank, Exclusive Networks, Garanti, ING Bank, QNB Finansbank, Turkcell, Vodafone, Yapı Kredi

Product Categories

Breach and Attack Simulation (BAS)

Popular Comparisons

Akamai Guardicore Segmentation vs Picus Security

Pentera vs Picus Security

Cymulate vs Picus Security

The NodeZero Platform by Horizon3.ai vs Picus Security

AttackIQ vs Picus Security

SafeBreach vs Picus Security

Verodin vs Picus Security

SCYTHE vs Picus Security

See all alternatives

Picus Security Reviews Summary
Author info	Rating	Review Summary
Consulting Systems Engineer at Boomslang Tech	4.0	<p>I use Picus Security to validate security controls and improve detection against MITRE ATT&CK, seeing significant boosts in coverage and prevention. Its automated simulation, while needing better integration, transforms our security posture from assumption to evidence-driven.</p>
Cybersecurity Operations Engineer at a tech services company with 201-500 employees	4.5	No summary available
Information Security System Manager at CS-Consulting	4.5	I use Picus Security for continuous security validation and appreciate its integration capabilities with other security tools. However, I find the number of integrations it supports to be limited, which could benefit from improvement.
Cybersecurity Customer Service Manager and Technical Account Manager at Cybersel	4.0	I use Picus Security to verify security controls, and I find its detection capabilities valuable, especially with SIEM alarms. However, improvements are needed in reporting, data analysis, attack path validation, scalability, and automation for enhanced functionality.
Cyber Security Consultant at GBS IT Services	5.0	I use Picus Security to simulate attacks in my live environment, validating my security controls and receiving valuable reports. While customer support response times need improvement, it shows a good ROI of 30-40%. Previously, I used Sophos.
Solutions Architect Cybersecurity at a tech vendor with 11-50 employees	2.5	No summary available
Security Engineer at a tech services company with 201-500 employees	4.5	I use Picus Security for BAS to simulate cloud-based network attacks and improve our security layers. The threat intelligence feature identifies and prevents vulnerabilities, while establishing a data center in India could boost trust and revenue.

Title	Rating	Mindshare	Recommending
Akamai Guardicore Segmentation	4.2	1.3%	89%	21 interviews Add to research
Pentera	4.0	23.2%	100%	9 interviews Add to research

Picus Security Reviews

What is Picus Security?

Featured Picus Security reviews

Picus Security mindshare

PeerResearch reports based on Picus Security reviews

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Picus Security with alternative products

Learn more about Picus Security

Picus Security customers

Related questions

Product Categories

Popular Comparisons