Battlecard February 2022 v.

Company Overview The Picus Platform The Picus Platform (cont.)

Picus Security is the pioneer of Breach and Attack Simulation, a security
control validation methodology coalescing offensive (red team) and
defensive (blue team) security approaches.
• Founded by industry veterans in 2013
• Offers the most complete Breach and Attack Simulation platform
• Global partner network in 20+ countries
• Offices in London, San Francisco, Milan, Dubai, Istanbul
• Recognised by industry thought leaders – Gartner Cool Vendor 2019,
Frost & Sullivan Leading BAS Vendor 2020
• Backed by credible investors – completed Series b $24m in Oct 2021
Continuous Security Control Validation & Mitigation
By simulating over 10k threats and attack scenarios, the Picus platform
enables security teams to continuously test the effectiveness of security
controls across threat prevention and detection layers.
• Identify security weaknesses and visibility blind spots
• Validate the effectiveness of controls and processes
• Obtain a continuous view of an organisation’s security posture
• Address exposures with prevention signatures and detection rules
• Track security scores and measure the impact of changes
The Picus platform is offered as an annual subscription and priced
according to the number modules.
Security controls which can be assessed include: Firewalls, IPSs, Web
Application Firewalls, Web Proxies, Mail and End Point Security.
Using the threat library Picus can run an attack simulation (red team
attack) and demonstrate the security efficacy of a client’s existing
security controls. As part of its Blue Team module, Picus can then mitigate
the attacks through integrations (via API) into these security controls.
Picus has integrations with Palo Alto, Fortinet, Check Point, McAfee, F5,
Cisco, Splunk, IBM Q-Radar, Carbon Black, amongst others.

Customer Challenges
To minimise the risk of suffering data breaches and resultant financial
and reputational damage, all organisations need to ensure they have
suitable controls in place to continuously protect their data and assets.
This involves not just preventing threats but swiftly detecting and
responding to ones that are able to bypass defences.

However, ensuring a robust security posture at all times is increasingly

challenging. Common issues faced by security teams include:

• Keeping up with the rapidly evolving threat landscape. Indeed, 80% of

organisations are not confident that they are prepared to face major
cyberattacks
• Protecting a growing attack surface, including cloud workloads and
endpoints used by remote workers
• Managing, maintaining and monitoring multiple disparate security
tools, 24/7 – keeping them updated and configured correctly
• Obtaining a clear view of an organisation’s security posture at all times
and reporting accurate status to the board
 Battlecard February 2022 v.1

Customer Benefits Customer Targets Sales Qualification Questions

Lower Risk Most Successful Verticals • Does your company have plans to deploy breach and attack simulation
• Swiftly identify and respond to changes technology?
• Enhance threat coverage • Finance, Banking & Insurance • Do you continually test your security controls using known attacker tools
• Avoid visibility blindspots • Manufacturing and methodologies?
• Improve mean time to detect and respond • Retails • How sure are you that your defences can block the latest threats?
• Telecommunications • How would you rate your company’s security resilience to ransomware?
Improve Productivity • Transport/Automotive • How effective are your current testing methodologies in identifying
• Reduce manual processes • Pharmaceutical misconfigured security controls?
• Improve SOC efficiency • Public Sector – Central Government and Universities • How effective is your current SIEM/SOC in alerting and detecting?
• Prioritise mitigation

Save Money Use Cases Objection Handling

• Rationalise investments
• Sweat your assets further Picus can be used for a variety of use cases and projects: How does Picus differ from vulnerability management?
• Justify spending decisions Vulnerability management tools are great solutions but with no
• Continuous security validation specific focus on adversarial techniques and behaviours. The Picus
• Reducing exposure to new cyber attacks BAS solution validates the readiness of all prevention and defence
Picus Customer Persona layers from people, process and technology angles against
• Rationalising cybersecurity investments through security validation
• Optimising SIEM and EDR threat detection capabilities sophisticated cyber threats and provides the agility required to
Picus clients typically have the following profile: address cyber attacks.
• Enabling compliance
• 1,000-10,000 users • Pre-acquisition assessments We may consider using Picus after completing our main security
• Medium to good security maturity • Post-acquisition performance improvements investments such as WAF etc Please get in touch with us later.
• Assessing new controls before purchase It is strongly recommended that companies assess their existing
• NGFW, IPS, WAF investments already in place
defensive capabilities and shortcomings before committing to new
• SOC/SIEM is a plus as we add huge value and differentiation with cyber security investments. Threat-centric validation provides
Detection Analytics Door Opening Strategies invaluable insights for planning security investments with the right
• Common characteristics priorities.
• Short of staff Compliment Pen Testing - Supplement focused pen testing with a
• Trying to keep up with day-to-day operations broader, automated approach. Our team are already busy. We do not want to buy yet another tool.
• Moderate compliance requirements Based on surveys on different customer environments, Picus’ Customer
Replace Red Teaming - Use Picus’ solution to automate purple teaming Success Team found that Picus can increase efficiency by as much as
• Hybrid environments exercises, replacing expensive manual red teams 300%.

Investment Validation - Use Picus reporting function of Security
Control Validation to evidence success of security investment
SOC/SIEM Optimisation - Use Picus Detection Analytics technology to
extend the value of their current investment
We do not have the resources to take corrective action against Picus
continuous mitigation output.
Picus’ rich threat library, easy-to-use UI and mitigation and reporting
content enables junior security team members as well as IT personnel with
no security background to take corrective actions swiftly and confidently.