What does Picus Do?
Picus Security is a breach and attack simulation platform that continuously assesses the “readiness level” of your business’ security controls and relevant operations, using their proprietary threat and technique samples library – Picus Threat Library.
Picus assessments are vendor and platform agnostic and categorically safe. They can assess network, endpoint and email security controls in cloud, on-premise and in hybrid environments and, if Picus shows that a certain threat from the library has been missed, it means with a hundred percent certainty the security controls in the stack failed to detect and/or prevent the threat.
Picus Security’s Threat Labs team enrich the assessment findings with thousands of vendor-specific (for Picus Technology Alliance Partners) and generic mitigation rules. Mitigation empowers security teams to address any gaps on the spot and provide internalised, contextual threat information to SIEM/SOC platforms to enhance detection efficacy.
With customers across the globe ranging from financial, government energy, telecom, retail and manufacturing, Picus Security fills the gaps that pen-test, vulnerability management and policy management solutions cannot address.
Picus Security and Pentesec
Picus has been implemented within Pentesec’s Managed Service to enhance our ability to protect our customers. Our Managed Service gives you the support you need when you need it and our team are always here to answer your questions. We provide you with easy to read reports containing high level detail and provide rapid response SLAs that will protect you against new and known vulnerabilities. Our Technical Team operate out of our own NOC, with a dedicated out of hours phone number to ensure you always reach a Level 3 Engineer on your first call.
If you don’t need a fully Managed Service, we also offer Picus’ Breach and Attack Simulation solution as a standalone service. We will manage everything for you and provide reports about any gaps in your infrastructure and, if there are problems, we are available to provide a remediation consultation that dives into your configurations, logs and determines what fixes are required and if they can be applied within your environment.
4 Reasons to Choose Picus Security
Independent from any vendor or technology, the unparalleled Picus Platform is designed to continuously measure the effectiveness of security defences by using emerging threat samples in production environments. The four reasons to choose Picus Security are:
Intelligent Breach and Attack Simulation
Picus’ comprehensive threat and technique library contains nearly ten thousand samples is enriched with unique identifiers of the techniques, categorised based on targeted applications and operating systems, CVEs, CWEs and mapped to kill-chain and MITRE ATT&CK frameworks. This approach supports cyber security executives in enabling business while maintaining security readiness and mitigating threats quickly.
The Largest Technology Alliance Ecosystem
Picus assessments are completely agnostic to the brands of technologies deployed on assessment paths. Picus Security have established a large ecosystem of technology alliances to help mitigate any identified gaps quickly, effectively and with complete precision. As of January 2020, Picus has alliances with vendors like, Check Point, F5, McAfee and TrendMicro, reducing the risk of breaches with customer environments.
Unique Intelligent Automation Structure
Picus assessments are non-intrusive and have the capacity to emulate threat scenarios continuously, pulling new threats from Picus Threat Library to provide readiness assessments without any manual work.
If Picus finds gaps in your existing security controls, it will enrich its findings with quick mitigation guidance and map this to detection and prevention capabilities within your existing infrastructure. This helps to lower the number of incidents and automates your security control validation.
Assessment Outputs to Empower and Align Teams
The Picus Platform ties assessment findings to prevention and detection technologies, empowering SIEM, SOC, SIRT, Network Security Teams and Security Leaders to share and work around relevant context to create optimum solutions.
What is Picus Detection Analytics?
Picus Detection Analytics further enhances Security Control Validation activities by bringing the required log fidelity, defence capabilities and alerting efficacy insights to SOC context. Picus Detection Analytics is an automated module that queries SIEM security logs to identify the difference between the available and expected logs. Every emulated threat and adversary technique create a log in the relevant security controls should these emulations be detected or prevented. Picus Detection Analytics matches and compares SIEM queries with the results of the Picus Threat Emulations. As a result, undetected, unlogged, and non-alerted attacks are identified on the spot. All findings are mapped to MITRE ATT&CK framework to facilitate incident analysis, incident response and threat hunting activities.
Does Picus Detection Analytics also provide mitigation content to help address SIEM & EDR alerting gaps?
Yes, Picus provides ready to apply correlation rules for IBM Qradar, Splunk SIEM and VMWare CarbonBlack EDR platforms.
What SIEM Platforms does Picus Detection Analytics currently support?
IBM QRadar and Splunk
How does Picus Security Work?
Designed to identify gaps in security controls and offer mitigation options, Picus delivers on these promises with their four-step approach.
Step 1 – Deployment
You can install and configure Picus software solution in hours and your users start receiving results within minutes and increase the efficiency of your existing security infrastructure before investing in a new one.
Step 2 – Assessment
Picus Security fills the gaps that pen-test, vulnerability management and policy management solutions cannot address and allows you to take action in minutes with Picus’ mitigation guidance a click away.
Step 3 – Measure
Interactive dashboards capture the overall picture of your security controls with objective metrics and list the gaps revealed, empowering your staff to act and protect your network.
Step 4 – Mitigate
Picus provides vendor-specific remediation signatures for all the gaps revealed during the assessments and creates an actionable priority list.
Picus Security gives you the space to run risk free assessments in a production environment with an easily deployable solution. It focuses on security controls and increasing the efficiency of your existing security infrastructure through continuous validation.
How do Sigma Rules Work with Picus Security?
Today’s organisations suffer from lack of visibility and timely detection of security threats. Many implement SIEM technologies to centralise security logs and to improve detection capabilities in their infrastructure. With Sigma rules, SIEMs can achieve improved detection and correlation capabilities within an adversary threat context.
The cyber security industry shares threat context and adversary information using a common framework, such as MITRE ATT&CK. A common framework provides a channel to share information, however, there is no way to feed this information into SIEMs due to the lack of a common language and structure.
Sigma is proposed as an open standard to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file-based malware detection.
Using Sigma rules for SIEMs improves your incident detection with threat context, reduces the need for in-house expertise and effort and reduces “vendor lock-in” for detection signatures, by providing you with community support.
Picus mitigation guidance is now extended with Sigma rules (where applicable) to optimise the detection capabilities of organisations. This functionality takes visibility to another level. For each endpoint attack that cannot be prevented by endpoint controls, Picus now provides Sigma rules for the actions of the endpoint scenarios.
If the Sigma rules are applied, adversary activity that cannot be stopped by current endpoint controls can now be detected in a straightforward way. Sigma provides a practical way for enterprises to train their SIEM for better threat detection and visibility.
Integrated Security Solutions and Partnerships
With a large technology alliance ecosystem to support them, Picus Security integrates with vendors like Check Point and F5 to provide continuous security enhancement for end-users.
Check Point and Picus’ Integrated Security Solution
The technology partnership between Picus and Check Point helps customers increase efficiency and become more effective in their fight against cyber-attacks.
The combination of cutting-edge technologies for continuous automated detection and the identification of unaddressed threats, network configuration errors or deficiencies allows you to fix security gaps before they are discovered by real attackers in a real incident.
This alliance provides actionable insights, validates against over 6,500 threats of all types and empowers organisations to identify, respond and neutralise threats quickly.
F5 and Picus Technology Partnership
In partnership with F5, Picus Security helps users dynamically identify and mitigate security threats targeting web applications. Web Application Firewalls (WAFs) require effective policies to be set and maintained continuously – without interruption to the business.
With such a fast-changing attack surface and potential vulnerabilities in all applications, Picus simulates both victim and attacker systems, in production networks, by running cyber-attacks among the software components and providing the corresponding F5 signature name and ID to block missed attacks.
The partnership provides configuration recommendations to WAF admins and security managers to address any exposure and take mitigation action as soon as it is required.
Using emerging threat samples in production environments, Picus Continuous Security Validation and Breach and Attack Simulation platform enhances your security posture to help you get the most out of your investments.
It reduces the risk of breaches and non-compliance, lowers operating costs by optimising processes and people and lowers cap-ex costs by guiding cyber security investment decisions.