Picus Security Reviews

We enagage with customers in the Middle East to check the visibility of the use cases that we create, using the Picus solution. We want to check the strength of their infrastructure, their application servers. This is the type of integration exercise we do for our customers. We check if there are any loopholes or weak links that can be hardened using a visibility tool, of course like Picus Security. Customers in the Middle East are concerned about cloud solutions, the data or software component has to reside within their premise or at least inside the boundaries of this country. The majority of them prefer the on-premise solution, and sometimes we use cloud-based solutions as well. When using the cloud they have a SaaS service available and it's hosted on Amazon cloud. 

Primarily it's the visibility that they have in their infrastructure. It's just like a penetration testing exercise, where you don't require specific expertise or a pen-testing team. However, have to be IT aware to be able to use this tool. The Picus Security team configure this in your environment.

The list of vulnerabilities that get detected is the most valuable feature. The list of injections, basically that we identify within the infrastructure is the most valuable one, as they can see which attack has actually been successfully executed in their environment. You can navigate through different options on the product and you can do exercises. One of the beneficial features is that if you do not want to perform a specific set of attacks, you can uncheck them. Alternatively, if there are certain attacks that you want to execute, you can do that as well. You have the liberty of physically executing a specific set of rules in your environment.  For example, let's say the customers don't have Apache servers. If there are any vulnerabilities or injections that are performed on Apache servers, a lot of tools rely on those rules. Customers can basically uncheck those injections that are performed on servers that do not exist in their environment.

Picus tells you that an attack has bypassed your security controls, but it doesn't tell you exactly where, or on which device the attack has been bypassed.  I think that is one of the key components or features that is missing in the product, which requires some sort of enhancement. It doesn't provide patches automatically. It sends an update to the vendor, and the vendor will release the patch for you. If it allows or creates any sort of patch using Artificial Intelligence Modelling Language (AIML), it identifies the pattern of the signature and creates some sort of signature that will promptly block the attack, which will be most helpful as well. There are competitors of Picus which have been performing well. We have actually struggled to sell Picus in the market here because there are key enhancements that need to be implemented in the product. Especially the one where it has to identify which device has the loophole. Let's say if a customer's environment has 10 security devices and they need to know that there is an attack that has bypassed their devices, they cannot go and inspect every device and every rule in their security devices. They need to know exactly where that attack has been bypassed so that they can mitigate that weak link. That is one of the key aspects. Picus Security has competitors that are performing better. I'm not sure why we haven't assessed another product. Perhaps it is because they keep updating their rule sets. 

They're coming up with new features, and they are adding more UAB features to their products. There are a lot of other products, which are performing better. As far as Picus is concerned, we have been aggressively trying to reach out to customers to try to sell it, but have not been successful. Picus has also invested a lot of money in this product. They were coming here before the pandemic, every week. They've been sending their sales and pre-sales people to talk to our customers. Now they have permanently stationed one of their top executives in this region, he has been working in this region for about four months now, without a successful deal. So there are challenges that people see because when customers evaluate a product, they see other products as well. Very often customers acquire other competitor products. So we definitely need to do some more research about what others are doing.

I don't think it crashes. It definitely relies on a reliable internet as you're sending lots of attack traffic from one device to another. A lot of customers are concerned about the cloud solutions because the SaaS part, especially, of this product because when you execute attacks from, let's say a SaaS solution, you have all the reports in the cloud, the dashboard. If there are any loopholes in their environment, that is visible to any cloud provider, which is why a lot of them prefer to have everything on-premise, to avoid external visibility.

I don't see any limitations, because it's a software component that can be installed on a server. If you need to simulate more attacks, or you want to distribute the attack traffic that is coming in, the software can be installed on multiple servers and you can basically tie those servers together, to share the load that is coming in. I don't think the Picus solution has a should have a limitation you can install it on every server.

Picus Security is aggressively trying to acquire at least one customer so that it becomes a reference for the other customers. We haven't had any issues with support, whether it is a presale, sales or technical support. Every time we reached out to them, a resource was quickly assigned to us.

It was straightforward, It's not complex. There is good documentation and they provide immense support from the company. A lot of customers find it easier if you demonstrate to them what needs to be done. If you point the customer to the correct part of the documentation, the majority of the customers would be able to take care of the solution themselves. They would be able to do the initial setup as well.

It actually depends on the use case for each customer. If everything is in place, and the environment is ready, deployment can be achieved in four or five hours. If it's a cloud solution it takes much less time because there are two components. One is called the manager and the other is the agent. We set up two agents, one in the cloud and another one in their environment. The manager basically directs one agent to attack another agent. Therefore, the manager is basically the controller. If you have a cloud environment or if you're subscribing to the SaaS service, then it's much easier because the manager is pre-installed in the cloud services. It is a 5, to 10-minute job to set up a single agent, and then you set up another in the customer's environment. The attacks come in from the cloud service to their environment. So it's much easier in the cloud service and takes much less time, I'd say a couple of hours. This is provided everything is ready and there are no restrictions in the customer's environment. There are some prerequisites in the customer's environment. You have to ensure that you have a server available and that you allow communication from the cloud if it is happening from the cloud. If you are sending attacks from the cloud, you have to ensure that you whitelist that IP address, where the normal traffic would be coming in. So we basically have to establish the connection between two computers. One is the attacker, another one is the receiver. It depends if this is an on-premise use case, where both the attacker and the receiver are on-premise. In this case, you will have to ensure the communication between those two computers that host those agents can talk to each other. If it's coming from external cloud providers, let's say Amazon, then you need to ensure the communication from that Amazon attacker is basically allowed through every device in your environment. So there are some prerequisites around that. Some libraries in Java need to be installed, as per the software requirement, which is mentioned in the requirements document. So we have to ensure that is there.

It's a different region they're targeting at the moment. I think it's a fair price for us. I work with a distributor, which basically reorganizes or comes up with another pricing model for the customers. They take one price from the vendor and sell it for a different price to the customers here. We haven't been able to make a deal so far in this product, so I can't really tell whether we can sell it for a certain price. They have certain price ranges for their products, depending upon the use cases, and the number of applications the customer wants to try. It would really make sense if we have a customer here because they are willing to provide discounts at this time, due to not having a customer in this region.

If you're opting for cloud services, you are exposing your results to the internet. It's of paramount importance that customers, especially government organizations protect the data of their consumers and their own employees. They end up using the services, and we know there have been a lot of breaches in the major cloud providers as well. There have been breaches at Amazon, Oracle, and Microsoft previously. For this type of activity, I would personally recommend an on-premise solution where you would have entire control of the attacks, as well as the results that you see. If you are testing your infrastructure where you want to develop something, or there are some financial and transition servers, which store your critical data, and you are assessing that network, I wouldn't recommend using a cloud-based SaaS offering from Picus. However, let's say you have a non-critical or a non-confidential network, where you want to assess those servers, applications and network, then, in that case, I would definitely recommend that you use a cloud SaaS offering also.

As far as the implementation is concerned, you definitely need to evaluate our own infrastructure first. I see a lot of customers installing the agents at an inappropriate place. For example, let's say we want to initiate an attack from the Picus cloud to somewhere inside your own network. You need to access and ensure that the traffic is going through every security device you're evaluating. Customers frequently install agents at a place which doesn't cover all the security devices. There is a need to ensure that traffic is going through all the security devices.