Picus advances automated penetration testing

SAN FRANCISCO – Picus Security has introduced new innovations to its Attack Path Validation (APV) product.

The new Picus APV now offers security teams accurate, risk-free, and continuous automated penetration testing to uncover critical risks, while significantly reducing business disruptions and time spent on threat research. Combined with its Breach and Attack Simulation technology, Picus provides a comprehensive approach to Adversarial Exposure Validation for enterprise organizations.

By pairing evasive automated penetration testing alongside attack path-mapping capabilities, Picus allows users to easily find and map critical exposures that could be used by attackers. Legacy pentesting products often produce too many alerts or false positives and can take multiple days to complete, causing intermittent usage. Picus APV mimics the evasiveness of real-world attackers, including techniques such as lateral movement, data exfiltration, and encrypting files on the target network often associated with ransomware attacks. This ensures that testing remains stealthy, avoiding premature detection and ultimately providing a far more accurate representation of genuine threat scenarios.

“We are the only vendor offering a comprehensive Exposure Validation solution,” said Volkan Ertürk, Picus cofounder and CTO. “We are bullish about the future of this exciting new cybersecurity market and our position within it. Our expertise in threat simulation and attack paths has enabled us to develop a stealthier automated pentesting product that closely mirrors real-world threats, giving our customers a significant advantage.

Designed to ensure safe testing, Picus APV prevents harmful exploits from running in production which minimizes risks like system crashes and network outages. To help security operations teams save precious time and effort, Picus APV can run continuously on autopilot or on a set schedule, even while allowing multiple assessments to run in parallel. Continuous testing improves the visibility of critical vulnerabilities between point-in-time tests.

The new Picus APV is available in January 2025.