Picus provides automated pentesting testing to help uncover critical risks

Picus Security announced new innovations to its Attack Path Validation (APV) product. The new Picus APV now offers security teams accurate, risk-free, and continuous automated penetration testing to uncover critical risks, while significantly reducing business disruptions and time spent on threat research.

Combined with its Breach and Attack Simulation technology, Picus provides a comprehensive approach to Adversarial Exposure Validation for enterprise organizations.

By pairing evasive automated penetration testing alongside attack path-mapping capabilities, Picus allows users to easily find and map critical exposures that could be used by attackers. Legacy pentesting products often produce too many alerts or false positives and can take multiple days to complete, causing intermittent usage.

Picus APV mimics the evasiveness of real-world attackers, including techniques such as lateral movement, data exfiltration, and encrypting files on the target network often associated with ransomware attacks. This ensures that testing remains stealthy, avoiding premature detection and ultimately providing a far more accurate representation of genuine threat scenarios.

Designed to ensure safe testing, Picus APV prevents harmful exploits from running in production which minimizes risks like system crashes and network outages. To help security operations teams save precious time and effort, Picus APV can run continuously on autopilot or on a set schedule, even while allowing multiple assessments to run in parallel. Continuous testing improves the visibility of critical vulnerabilities between point-in-time tests. 

“Picus APV has been instrumental in elevating our proactive defense capabilities, particularly through its automated pentesting features. Its capabilities allow us to identify gaps swiftly and enhance our cybersecurity posture in real-time,” says Andrea Licciardi, Senior Cybersecurity Manager, MAIRE Group. “Additionally, the platform’s ability to adapt to specific client requirements has been a determining factor in meeting our unique security needs. We’ve seen a significant improvement in our overall threat readiness, making Picus APV a key component of our cyber resilience strategy.”

According to Gartner, “A good validation process needs to overcome a few challenges. It requires a mix of technical assessments — such as penetration testing, breach and attack simulation, and attack path mapping.”* 

“We are the only vendor offering a comprehensive Exposure Validation solution,” said Volkan Ertürk, Picus CTO. “We are bullish about the future of this exciting new cybersecurity market and our position within it. Our expertise in threat simulation and attack paths has enabled us to develop a stealthier automated pentesting product that closely mirrors real-world threats, giving our customers a significant advantage.

The Picus Adversarial Exposure Validation solution brings together Automated Penetration Testing, Attack Path Mapping, and Breach and Attack Simulation (BAS) capabilities in a single open platform. 

The new Picus APV is available in January 2025.