#cybersecurity | hacker | Picus Security Platform v2402 | SC Media


Vendor: Picus Security Inc.
Price: $25,000 per assessment vector
Contact: picussecurity.com

What it does: Leverages continuous, metrics-based validation to harden security controls and provide mitigation suggestions.
What we liked: The mitigation suggestions are remediations that have been tailored to an organization and its specific defense stack.

Picus Security Platform
takes a threat-centric approach to achieving cyber resilience by leveraging
continuous, metrics-based validation to harden security controls and provide
analysts with contextual information surrounding findings, as well as offering
mitigation suggestions. Simply investing in security does not guarantee
security readiness. To have merit, tools must be effective.

The platform focuses on
three problem areas that must be addressed to achieve security effectiveness:
understanding the threat landscape, hardening prevention and optimizing
detection. Indicators of compromise can’t solely provide sufficient security
agility because threats occur too frequently. When organizations don’t
understand the threat landscape adequately it is impossible to prevent attacks
earlier and more often. Without the more accurate detections needed for timely
and effective response, prioritization is difficult. This solution, therefore,
bridges cyberthreats and builds resiliency in defense stacks.

The platform is broken
into three sections: Picus Echo, Picus Base and Picus Enablement Platform.

Picus Echo is an in-depth,
full coverage threat database that provides extensive information on which
signatures can prevent attacks, with more than 7,600 real-world payloads that
are updated daily, and adversary-based attack scenarios and techniques mapped
to the MITRE ATT&ACK framework to cover web application attacks,
exploitations, malware, data exfiltration and endpoint scenarios.

The platform’s assessment
technology ability is key to helping security teams understand their level of
security readiness and validate network, endpoint, email and cloud security
controls that reside in the Picus Base. The assessments are false-positive,
risk-free and conducted within the production network.

Picus Enable Platform
houses more than 34,000 mitigation signatures and 10 security vendor
partnerships so analysts can gain insight into the most viable defense actions
in response to adversaries, with immediate mitigation validation. It even
covers vendor-specific or -agnostic endpoint, mail gateway and network segment
mitigation. Picus Security provides actionable remediation recommendations
tailored to organizations and their defense stacks and focusing only on attacks
with mitigation solutions. Picus has committed to helping build out controls
and says it finds no value in highlighting problems that do not have solutions.

The vendor has designed
the platform for efficiency, offering a clean and organized interface that
provides a lot of high-level information. We think the platform would be
improved by reducing the congestion of the MITRE ATT&ACK dashboard. It is
interactive and provides tremendous information, but the busy layout is hard to
sift through and offers no quick visibility.

With Picus Security,
organizations can expect to reduce breach risk and non-compliance with
historical and real-time visibility into cyberthreat readiness to fix potential
security gaps before
they are compromised and to detect gaps faster by eliminating alert fatigue.
Automated security controls validation that supercharge security teams and
increase cyber resilience, lowering the number of incidents requiring
attention, reduce operational expenditures. Those capabilities help guide an
organization’s cybersecurity investment decisions by ensuring existing security
infrastructure attains maximum efficiency before investing in new security
tools, subsequently lowering capital expenditures.

Starting price is $25,000
per assessment vector. Access to phone support is 9/5 and a 24/7 ticketing
system comes standard with purchase.

Tested by Tested by Tom Weil



Original Source link

Leave a Reply