Picus Security Reviews & Product Details

Picus Security stands out with its ability to simulate real-world cyber threats across multiple threat vectors—network, endpoint, email, and more—without any disruption to production environments.

I've conducted multiple PoCs, demo sessions with various customers and the idea, the simpleness of it all always amazes everyone.

It has a great range of Integrations with various tools like SIEM, EDR/XDR, FWs, IPS, WAF etc. and with a click of a few buttons, you can setup attack simulations to test them all.

Integrating Picus is as easy as installing an agent on your Golden Imaged machines.

No brainer for any Security Team that takes Security seriously :) Review collected by and hosted on G2.com.

Nothing in particular to dislike about the product. It does it job perfectly Review collected by and hosted on G2.com.

What makes Picus Security stand out is its ability to continuously validate an organization's cyber defense posture in real-world conditions. The platform provides a proactive and measurable approach to threat simulation, helping us to identify configuration gaps, evaluate detection capabilities, and prioritize mitigation actions across both IT and OT environments.

Picus seamlessly integrates with our existing Cyber ecosystem, providing actionable insights rather than generic scoring. Its Attack Path Validation and Security Control Validation modules have drastically improved our CYBER FUSION CENTER -CROCvisibility into exposure and control effectiveness.

Moreover, the dashboard is intuitive and the ability to generate executive-level reports that translate technical risks into business impact is a major plus when communicating with leadership and board-level stakeholders. Review collected by and hosted on G2.com.

While the platform offers great technical depth, there is room for improvement in the customization of reporting templates and API flexibility for large-scale automation use cases.

That said, the Picus team is highly responsive, and we have already seen improvements in these areas through roadmap updates. Review collected by and hosted on G2.com.

I like the way of using gui- which is so easy to use/has understandable menu's. With Fast/non-problematic integrations. Threats are always up to date almost daily basis and dynamic threat scheduling feature discards the need of the frequent care. After implementing the system correctly, you only need follow up the reports and take actions afterwise.

The other thing that i like about picus security is customer support. I don't remember anytime that i waited more than 1-2 hours for a response from picus, and support engineers are really skilled about the product. If any bug or some problem appears which r&d should take care; this procedure also are so fast comparing the other vendor's support teams.

We can ask for a new feature via the portal and somebody from Picus always returns our input. Review collected by and hosted on G2.com.

On prems systems may have new features a bit late than cloud systems.

Integrations are working well after you configured correctly but while trying to first time implementing; fail logs are not so clear to troubleshoot the issue. Review collected by and hosted on G2.com.

What I like best about Picus Security is that it has completely transformed the way we measure and strengthen our cyber defenses. The platform delivers exceptionally realistic and constantly updated attack simulations, ensuring we are always prepared for the latest threats.

Its intuitive, beautifully designed interface makes running simulations, reviewing insights, and implementing improvements effortless — even for complex environments. The reporting is world-class, providing clear, actionable intelligence that not only improves our security posture but also impresses management and simplifies compliance audits.

Most importantly, Picus empowers us to move from a reactive stance to a truly proactive, intelligence-driven security strategy, giving us unmatched confidence in our ability to defend against evolving cyber threats. Simply put, it’s one of the most impactful security solutions we have ever implemented. Review collected by and hosted on G2.com.

Honestly, there’s very little to dislike about Picus Security.

If I had to mention something, it would be that the platform offers so many capabilities and features that it can feel overwhelming at first. However, this is more a sign of its depth and power than a real drawback — and the excellent onboarding resources and responsive support team make the learning curve short and manageable. Review collected by and hosted on G2.com.

My favourite thing about Picus Security is how well it replicates actual cyberattacks in a safe setting, which enables me to spot weaknesses in detection and reaction. Its modules for Email Infiltration and Attack Path Validation (APV) are especially helpful for comprehending how threats might spread laterally throughout the network. Continuously validating and enhancing our defences was made simpler by the user-friendly dashboard, thorough reporting, and integration with SIEM platforms. Review collected by and hosted on G2.com.

Despite Picus Security's strength, I occasionally encountered delays in detection, particularly when integrating with SIEM platforms such as RSA NetWitness. Simulations can occasionally run for an excessive amount of time and take too long to start, which delays the evaluation process. According my experience. Review collected by and hosted on G2.com.

What I like most about Picus is how easy it makes running attack simulations aligned with the MITRE ATT&CK framework. I can clearly see which security controls are effective and where the gaps are — not just in detection, but also in prevention. It saves me a lot of time by providing ready-to-use remediation content for SIEMs, EDRs, and other tools. The integrations worked smoothly in my environment, and it’s useful for both red and blue team activities.

The customer support team also deserves credit — they’re highly responsive, proactive, and genuinely helpful whenever I reach out. That kind of support makes the implementation and daily usage way easier.

Initial setup is very straightforward and doesn’t require complex configuration. You just need to pay some attention during the first phase to properly align things with your infrastructure, but once it's up and running, it’s low-maintenance and continues to deliver value without extra effort. Review collected by and hosted on G2.com.

The attack scenarios are top-notch, but I find the reporting capabilities a bit limited. I’d like more flexibility to tailor reports based on the audience — for example, a high-level summary for management vs. detailed views for technical teams. Also, the export options could offer better filtering and formatting to meet different reporting needs. Review collected by and hosted on G2.com.

My favorite aspect is being able to see in real time how effectively I'm detecting and preventing cyberattacks. Being able to measure the effectiveness of both my external and internal security measures is a tremendous comfort. Review collected by and hosted on G2.com.

I expect automated processes to become more efficient. Manually managing workflows in large environments is difficult. Advanced automation and workflow integrations would be fantastic. Review collected by and hosted on G2.com.

What I really like about Picus Security is that it feels like having a smart teammate constantly testing our defenses for us. It doesn’t just tell you what’s wrong — it actually shows you how real attacks would happen and helps fix things before problems arise. It’s straightforward, easy to use, and gives you peace of mind knowing you’re one step ahead of the bad guys. Review collected by and hosted on G2.com.

One thing I find a bit frustrating about Picus Security is that the initial setup can be somewhat complex and time-consuming, especially if you don’t have much prior experience with similar tools. Also, sometimes the volume of data and alerts can feel overwhelming at first. However, once you get used to it, the platform becomes much easier to manage and the insights it provides are really valuable. Review collected by and hosted on G2.com.

What we value most about Picus Security is its ability to continuously validate security controls with real-world threat simulations aligned to the MITRE ATT&CK framework. Picus is highly integrable, easy to deploy, and incredibly effective in demonstrating tangible risk reduction. The platform enhances our joint value proposition by enabling us to help clients measure, improve, and prove the effectiveness of their existing security investments. Their team is also very collaborative and responsive, making co-selling and joint implementations smooth and impactful. Review collected by and hosted on G2.com.

Picus offers a robust and comprehensive platform, some of our clients have expressed a desire for more flexible and customizable reporting options, especially for executive-level dashboards. Review collected by and hosted on G2.com.

I think, the platform's greatest strength is producing accurate and actionable outputs for security controls. Besides, It helps our customers to select the right product by testing the products with real world scenarios. Finally, It easy to deploy and there is nearly no maintenance effort required. The product's integration to the other systems are easy. The customer support is fast to find solutions to escalated problems. Review collected by and hosted on G2.com.

I haven't seen a downside about Picus yet. Review collected by and hosted on G2.com.