Picus Security Reviews

I have used Picus Security to see what it can do. I use Picus Security for continuous security validation and control effectiveness.

The most valuable feature of the solution is its integration capabilities with the other security tools.

The amount of integrations that the product can handle is an area of concern, making it one of the aspects where improvements are required.

I have been using Picus Security for six months to a year. I sell the product. I work as an SI in my company. My company has a partnership with Picus Security.

Stability-wise, I rate the solution a nine out of ten.

With Picus Security, I had no issues with bugs or breaking down.

Scalability-wise, I rate the solution a nine out of ten.

Less than ten people in my company use the product.

I had to contact the technical support team of the product once, but the problem was in our company's environment. The response from the support team was nice.

I rate the technical support a ten out of ten.

Positive

Previously, I wasn't using some other solution.

The product's initial setup phase was easy.

The solution is deployed on the cloud.

The solution can be deployed in a day.

Picus Security has been implemented in our organization to enhance threat detection by allowing us to test some of the other security tools in our company.

I recommend the product to others who plan to use it.

The tool has not had an impact on our company's overall security posture since the time of implementation since we just used it for some testing purposes, during which it did show some interesting results.

I rate the overall tool a nine out of ten.

In general terms, our clients use Picus Security to verify the security controls in their environments.

One of the most valuable features would be the detection capability, specifically the ability to detect alarms and logs collected from SIEM tools.

The reporting and data analysis could be improved. Specifically, the analysis of the results.

Along with the data analytics, Picus Security should improve its attack path validation feature. 

In future releases, I would like to see an adaptive analysis of the company's perimeter. The attack surface analysis feature would be a good point to introduce in the platform.

Moreover, there is room for improvement in terms of scalability. Automating some processes could make it even better.

I have been using Picus Security for two years. Currently, I am working with the next-generation platform.

Since it's a relatively new platform, we might encounter some bugs that the APIs are addressing. However, overall, it's quite stable.

I would rate the scalability a nine out of ten. The platform allows you to install different agents for various use cases, but currently, some agents still need manual configuration to fully utilize their capabilities. Automating this process could make it even better.

We have clients in both the enterprise and SMB markets. So, we serve all three categories.

The support team is highly available and responsive, always ready to join a call if needed.

Positive

The initial setup is very simple. I would rate my experience with the initial setup a nine out of ten, with one being difficult and ten being easy. 

With the next generation platform, the setup was quite straightforward.

The deployment takes only one working day. The process has multiple steps. First, the customer needs to configure some prerequisites in their environment, like opening certain ports to allow communication and exclusions to enable Picus agent to function correctly. Then, the second step is to install the Picus agent, and that's it. After that, we can start the testing.

Pricing can be subjective, as it depends on the value the software provides to each customer. However, the pricing is in line with competitors in the market, so maybe around seven out of ten, where one is cheap, and ten is expensive.

The price is reasonable for this type of solution.

I recommend starting with a few risk factors and gradually expanding the platform's usage. Begin with evaluating risks from different perspectives, like from the firewall to data loss prevention. Starting small allows for better management of data and a smoother experience.

Considering what I know about other platforms in the market, I'd give Picus Security an eight.

I can simulate an attack into a live environment and test whether my controls are working properly. It checks if the controls can stop and mitigate the attacks.

One valuable feature of Picus Security is security control validation. It provides good reports and offers signature-based solutions. I can simulate an attack into a live environment, testing whether my controls are operational and able to stop or mitigate attacks.

There is room for improvement in the response rate provided by customer support. Picus Security could improve the response time.

I have been working with Picus Security for one year.

Picus Security is very stable.

It is a scalable product with no limitations.

Customer support is good, but the response rate can be improved. I would rate it with eight points out of ten.

Positive

Previously, we worked with Sophos, but there was no traction with it this year.

The initial setup of Picus Security was straightforward and easy. One person was sufficient for the installation.

The vendor provides support, so additional implementation team details are not required.

Picus Security has shown a good return on investment, approximately 30% to 40%.

The pricing of Picus Security is average, and it offers a good value for money.

On a scale of one to ten, I would rate the solution ten out of ten. However, the only area that would need improvement is the response time from customer support.

Picus Security is a breach and attack simulation software. It has a dictionary attack. According to your peers and attack vectors, it's trying to attack with the files. It also has some lateral movement attacks. They need to install or configure the peers or attack vectors so we can support it.

The solution updates almost daily because the dictionary updates. The latest version is 4273. We have some customers using the on cloud platform. We also have some military customers who are using the on-prem solution.

The system managers or administrators are managing this product, so I don't have a specific number of clients that are using the solution.

Picus Security has improved and is still improving the security level of my organization. As we all know, everyday new vulnerabilities, attack methods and tactics are developed and applied to attack to the organizations. In this situation it is extremely hard to follow up every single payload, virus, trojan, and related application versions. Picus Security is continuously running attack scenarios on my live system on test servers and bringing up the level of my security situation.

It's very useful software because the customer mostly configures their IPS and manages their firewalls, WAF, and the DBS according to the latest update, latest news, or according to the situation. Sometimes they miss a configuration, but they aren't aware of it. Picus gives the wheel to the customer because they are using the real payloads, real attack, and real simulation, but not to the production servers or simulation servers. That's why it's not damaging the customer's reports. But they can see the current situation of their product.

It's a complete solution, so they have network vectors, endpoint vectors, and  email vectors. They provide almost a complete solution.

According to the attack vectors, you cannot specify which product is failing or which product is working well because there's no agent. The best case scenario is to add an agent solution where an agent would have the ability to actually detect which programs aren't working.

For the attack software, you put a peer on the cloud site, and you have another peer internal network. There is IPS, firewall, WAF, and DBS amongst these peers. The cloud's peer is trying to send the attack file to the internal network. Maybe the firewall is blocking it, maybe the IP, maybe the WAF, but you cannot see the details. You can say, "Yes, my security product is blocking that attack scenario," or, "I cannot block this attack."

I have been using this solution for more than four years.

It's mostly working on Linux systems, and it's stable enough. The management server is installed on Linux CentOS. The network and e-mail peers are installed on Linux CentOS servers. The endpoint attacker peer is installed on CentOS server and victim peer is installed on the Windows Client or Server machine which is provided by organization's golden image or sysprep based system.

The CentOS server is working extremely stable as it is excepted by all around the world. I haven't faced with any problem so far apart from minor disk capacity problems.

It's a very valuable product if you have large or medium-scale infrastructure. If you don't have that many security products, it won't be that valuable to you.

I would rate their technical support 5 out of 5. They work very close to us, and provide the solution almost every time.

Positive

The installation is straightforward, but the configuration is sometimes complicated because it's up to the customer. They have to decide the scenario or the vectors because they have some different segments in their network. They have the cloud site, they have the MV site, and they have some segmentations on the internal networks. They have to decide how to design the infrastructure, so it takes some time and extra effort to deploy.

There is a yearly license according to the number of vectors. The pricing is moderate.

We chose this solution because there are not many options for a Turkish company.

We are very familiar with the dashboards, managers, and salespeople. We have a very close relationship with them.

I would rate this solution 9 out of 10. 

It's very important to be sure about your infrastructure to decide the correct implementation.

We enagage with customers in the Middle East to check the visibility of the use cases that we create, using the Picus solution. We want to check the strength of their infrastructure, their application servers. This is the type of integration exercise we do for our customers. We check if there are any loopholes or weak links that can be hardened using a visibility tool, of course like Picus Security. Customers in the Middle East are concerned about cloud solutions, the data or software component has to reside within their premise or at least inside the boundaries of this country. The majority of them prefer the on-premise solution, and sometimes we use cloud-based solutions as well. When using the cloud they have a SaaS service available and it's hosted on Amazon cloud. 

Primarily it's the visibility that they have in their infrastructure. It's just like a penetration testing exercise, where you don't require specific expertise or a pen-testing team. However, have to be IT aware to be able to use this tool. The Picus Security team configure this in your environment.

The list of vulnerabilities that get detected is the most valuable feature. The list of injections, basically that we identify within the infrastructure is the most valuable one, as they can see which attack has actually been successfully executed in their environment. You can navigate through different options on the product and you can do exercises. One of the beneficial features is that if you do not want to perform a specific set of attacks, you can uncheck them. Alternatively, if there are certain attacks that you want to execute, you can do that as well. You have the liberty of physically executing a specific set of rules in your environment.  For example, let's say the customers don't have Apache servers. If there are any vulnerabilities or injections that are performed on Apache servers, a lot of tools rely on those rules. Customers can basically uncheck those injections that are performed on servers that do not exist in their environment.

Picus tells you that an attack has bypassed your security controls, but it doesn't tell you exactly where, or on which device the attack has been bypassed.  I think that is one of the key components or features that is missing in the product, which requires some sort of enhancement. It doesn't provide patches automatically. It sends an update to the vendor, and the vendor will release the patch for you. If it allows or creates any sort of patch using Artificial Intelligence Modelling Language (AIML), it identifies the pattern of the signature and creates some sort of signature that will promptly block the attack, which will be most helpful as well. There are competitors of Picus which have been performing well. We have actually struggled to sell Picus in the market here because there are key enhancements that need to be implemented in the product. Especially the one where it has to identify which device has the loophole. Let's say if a customer's environment has 10 security devices and they need to know that there is an attack that has bypassed their devices, they cannot go and inspect every device and every rule in their security devices. They need to know exactly where that attack has been bypassed so that they can mitigate that weak link. That is one of the key aspects. Picus Security has competitors that are performing better. I'm not sure why we haven't assessed another product. Perhaps it is because they keep updating their rule sets. 

They're coming up with new features, and they are adding more UAB features to their products. There are a lot of other products, which are performing better. As far as Picus is concerned, we have been aggressively trying to reach out to customers to try to sell it, but have not been successful. Picus has also invested a lot of money in this product. They were coming here before the pandemic, every week. They've been sending their sales and pre-sales people to talk to our customers. Now they have permanently stationed one of their top executives in this region, he has been working in this region for about four months now, without a successful deal. So there are challenges that people see because when customers evaluate a product, they see other products as well. Very often customers acquire other competitor products. So we definitely need to do some more research about what others are doing.

I don't think it crashes. It definitely relies on a reliable internet as you're sending lots of attack traffic from one device to another. A lot of customers are concerned about the cloud solutions because the SaaS part, especially, of this product because when you execute attacks from, let's say a SaaS solution, you have all the reports in the cloud, the dashboard. If there are any loopholes in their environment, that is visible to any cloud provider, which is why a lot of them prefer to have everything on-premise, to avoid external visibility.

I don't see any limitations, because it's a software component that can be installed on a server. If you need to simulate more attacks, or you want to distribute the attack traffic that is coming in, the software can be installed on multiple servers and you can basically tie those servers together, to share the load that is coming in. I don't think the Picus solution has a should have a limitation you can install it on every server.

Picus Security is aggressively trying to acquire at least one customer so that it becomes a reference for the other customers. We haven't had any issues with support, whether it is a presale, sales or technical support. Every time we reached out to them, a resource was quickly assigned to us.

It was straightforward, It's not complex. There is good documentation and they provide immense support from the company. A lot of customers find it easier if you demonstrate to them what needs to be done. If you point the customer to the correct part of the documentation, the majority of the customers would be able to take care of the solution themselves. They would be able to do the initial setup as well.

It actually depends on the use case for each customer. If everything is in place, and the environment is ready, deployment can be achieved in four or five hours. If it's a cloud solution it takes much less time because there are two components. One is called the manager and the other is the agent. We set up two agents, one in the cloud and another one in their environment. The manager basically directs one agent to attack another agent. Therefore, the manager is basically the controller. If you have a cloud environment or if you're subscribing to the SaaS service, then it's much easier because the manager is pre-installed in the cloud services. It is a 5, to 10-minute job to set up a single agent, and then you set up another in the customer's environment. The attacks come in from the cloud service to their environment. So it's much easier in the cloud service and takes much less time, I'd say a couple of hours. This is provided everything is ready and there are no restrictions in the customer's environment. There are some prerequisites in the customer's environment. You have to ensure that you have a server available and that you allow communication from the cloud if it is happening from the cloud. If you are sending attacks from the cloud, you have to ensure that you whitelist that IP address, where the normal traffic would be coming in. So we basically have to establish the connection between two computers. One is the attacker, another one is the receiver. It depends if this is an on-premise use case, where both the attacker and the receiver are on-premise. In this case, you will have to ensure the communication between those two computers that host those agents can talk to each other. If it's coming from external cloud providers, let's say Amazon, then you need to ensure the communication from that Amazon attacker is basically allowed through every device in your environment. So there are some prerequisites around that. Some libraries in Java need to be installed, as per the software requirement, which is mentioned in the requirements document. So we have to ensure that is there.

It's a different region they're targeting at the moment. I think it's a fair price for us. I work with a distributor, which basically reorganizes or comes up with another pricing model for the customers. They take one price from the vendor and sell it for a different price to the customers here. We haven't been able to make a deal so far in this product, so I can't really tell whether we can sell it for a certain price. They have certain price ranges for their products, depending upon the use cases, and the number of applications the customer wants to try. It would really make sense if we have a customer here because they are willing to provide discounts at this time, due to not having a customer in this region.

If you're opting for cloud services, you are exposing your results to the internet. It's of paramount importance that customers, especially government organizations protect the data of their consumers and their own employees. They end up using the services, and we know there have been a lot of breaches in the major cloud providers as well. There have been breaches at Amazon, Oracle, and Microsoft previously. For this type of activity, I would personally recommend an on-premise solution where you would have entire control of the attacks, as well as the results that you see. If you are testing your infrastructure where you want to develop something, or there are some financial and transition servers, which store your critical data, and you are assessing that network, I wouldn't recommend using a cloud-based SaaS offering from Picus. However, let's say you have a non-critical or a non-confidential network, where you want to assess those servers, applications and network, then, in that case, I would definitely recommend that you use a cloud SaaS offering also.

As far as the implementation is concerned, you definitely need to evaluate our own infrastructure first. I see a lot of customers installing the agents at an inappropriate place. For example, let's say we want to initiate an attack from the Picus cloud to somewhere inside your own network. You need to access and ensure that the traffic is going through every security device you're evaluating. Customers frequently install agents at a place which doesn't cover all the security devices. There is a need to ensure that traffic is going through all the security devices.

Picus Security is used for BAS, helping companies test their network security layers by simulating attacks from the cloud. It installs an agent behind the firewall to assess security configurations and policies, enabling both blue teaming and red teaming scenarios. Additionally, it provides prevention measures like URL bypass blocking to enhance firewall security.

The most valuable feature of Picus Security is its threat intelligence, providing suggestions to block and prevent attacks by identifying malicious files and providing threat IDs. This helps organizations prevent the latest ransomware and modern attacks from exploiting vulnerabilities in their systems.

To improve, Picus Security could consider establishing a data center in India to address trust issues and increase interest from Indian customers, potentially boosting revenue.

I have been using Picus Security for almost a year.

Picus Security is stable without any major bugs or breakdowns. It is considered a next-generation solution, suitable for customers who prioritize security and want to assess their security solutions effectively.

It can be challenging to reach Picus Security's support team due to time differences, as support mainly comes from the US and UK, even though deployment support is provided locally in India. Improving the support team presence could enhance customer satisfaction and impressions.

Installing and deploying Picus Security is relatively straightforward, with a simple process outlined in the documentation. It involves adding process names to run the agent and allowing domain features on the firewall to stimulate attacks, but overall, there are no significant challenges.

Picus Security offers good value for money.

Picus Security's continuous validation feature offers predefined attack templates and over ten thousand simulations. Users can see how well their security solutions prevent attacks on endpoints and receive suggestions for improvement. This helps enhance overall security measures.

Integrating Picus Security with existing security tools and workflows isn't straightforward as it requires manual installation of the agent, rather than seamless integration with other products.

For new users, my advice is to leverage Picus Security for simulation and prevention purposes, as it is considered one of the best options in both European and Asian countries.

Overall, I would rate Picus Security as a nine out of ten.