Latest news with #PicusSecurity
Techday NZ
22-05-2025
- Business
- Techday NZ
Picus launches tool for real-time validation of exploitable risks
Picus Security has introduced a new capability designed to help security teams determine which vulnerabilities in their environments are actually exploitable. The new feature, called Picus Exposure Validation, uses real-time attack simulations to provide evidence-based assessments of vulnerability risks within a specific organisation's environment. This approach aims to address the challenge of large numbers of vulnerabilities that are often identified but not all requiring immediate attention or remediation. With more than 40,000 new Common Vulnerabilities and Exposures (CVEs) disclosed in 2024 - with 61% ranked as high or critical - security teams often struggle to respond effectively, as traditional vulnerability management methods can lead to inefficient allocation of resources. Picus Security says the new capability assists security teams in distinguishing between vulnerabilities that can actually be exploited in their unique systems and those that can be safely deprioritised. Traditional vulnerability management is typically driven by severity metrics such as Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS), which provide generalised risk indicators but may not account for an individual organisation's existing security controls and asset criticality. Picus Exposure Validation aims to fill this gap with the Picus Exposure Score, an evidence-based, context-aware metric intended to reflect actual risk, according to the company. The system continuously tests security controls using real-world attack techniques to determine whether known vulnerabilities can be exploited given the organisation's current defences. The findings are automatically updated and presented in transparent reports, enabling quicker and more confident decision-making in response to new security threats. Volkan Ertürk, Co-Founder and Chief Technology Officer at Picus Security, commented: "The challenge today isn't finding vulnerabilities, it's knowing which ones matter in your unique environment. CVSS, EPSS and KEV offer theoretical risk signals. Picus Exposure Validation delivers proof by testing threats against your production defenses in real time. It replaces assumptions with evidence so security teams can focus on vulnerabilities that are actually exploitable." Key features highlighted by the company include the ability for security teams to more accurately prioritise remediation work, safely deprioritise less urgent vulnerabilities, and reduce manual workloads through the use of automated validation processes. The solution is said to include tailored recommendations to quickly improve the effectiveness of security controls, offering an alternative when immediate patching is not feasible. A global industrial firm reported that, upon deploying Picus Exposure Validation, it was able to reduce its list of critical patches by 85%. Based solely on CVSS ratings, 63% of the vulnerabilities in the organisation's systems were initially classified as critical. However, after applying Picus Exposure Validation, it was found that only 9% of those were truly high risk and required prioritisation. This reduction reportedly saved the organisation thousands of hours on patching activity and allowed the security team to focus resources more efficiently. The company positions Picus Exposure Validation as a new methodology for combining data about vulnerabilities with automated attack simulation to create an organisation-specific analysis of exploitability. This approach, according to Picus, offers security teams a more focused view on where to deploy efforts for mitigation and remediation and thereby enables more effective closing of security gaps. The Picus Exposure Validation feature is now available to organisations seeking enhanced vulnerability validation for their own environments. Follow us on: Share on:
Bahrain News Gazette
01-04-2025
- Business
- Bahrain News Gazette
Picus Security Announces Recognition in Gartner® Market Guide for Adversarial Exposure Validation
Picus Security strives to empower offensive and defensive security teams working to validate threat exposures against attack scenarios and techniques. SAN FRANCISCO, March 31, 2025 (GLOBE NEWSWIRE) — Picus Security , the leading security validation company, today announced that it has been named a Representative Vendor in the Gartner ® Market Guide for Adversarial Exposure Validation (AEV). The AEV category includes technology that validates vulnerabilities and identifies techniques that allow adversaries to exploit an organization. This research helps security and risk management leaders understand the key use cases of adversarial exposure validation and navigate the AEV solution market. The AEV market category brings breach and attack simulation (BAS), automated penetration testing and red teaming technologies together, three categories that were previously separate in the Gartner ® Hype Cycle for Security Operations. Gartner states that by '2027, 40% of organizations will have adopted formal exposure validation initiatives, most relying on AEV technologies and managed service providers for maturity and consistency.' The Picus Security Validation Platform enables organizations to simulate real-world attack scenarios, providing continuous, automated validation of exploitable exposures while assessing the effectiveness of security controls. By emulating adversarial tactics, techniques and procedures (TTPs), Picus assists security teams in identifying critical vulnerabilities, prioritizing remediation efforts and enhancing overall security posture without increasing the skill level required by security defense teams. 'The flood of analyst inquiries proves that organizations want to validate threat exposures through real-world attack scenarios to justify security investments and prioritize vulnerabilities,' said Picus Security co-founder and CTO Volkan Ertürk. 'Organizations have too many vulnerabilities that are disconnected from their security controls and context. The Picus platform uniquely provides evidence-based exposure prioritization and validation, derisking critical vulnerabilities that are not truly exploitable, so security teams can focus on what matters the most.' After a comprehensive review of the Gartner Market Guide for Adversarial Exposure Validation, Picus Security found: AEV solutions help organizations strengthen defenses, prioritize vulnerabilities and improve readiness for real-world attacks. The AEV market is rapidly evolving, with vendors offering both specialized and comprehensive capabilities to address diverse security validation needs. AEV technology reduces complexity and lowers the skills barrier required for offensive testing. Integration and automation capabilities within AEV solutions streamline security operations, enhance collaboration among teams and improve the precision and effectiveness of security testing. To learn more, download the Gartner ® Market Guide for Adversarial Exposure Validation or read our recent blog on how AEV is a force multiplier. About Gartner ® GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. About Picus Security Picus Security, the leading security validation company, gives organizations a clear picture of their cyber risk based on business context. Picus transforms security practices by correlating, prioritizing and validating exposures across siloed findings so teams can focus on critical gaps and high-impact fixes. With Picus, security teams can quickly take action with one-click mitigations to stop more threats with less effort. Offering Adversarial Exposure Validation with Breach and Attack Simulation and Automated Penetration Testing working together for greater outcomes Picus delivers award-winning, threat-centric technology that allows teams to pinpoint fixes worth pursuing. Follow Picus Security on X and LinkedIn . Contact Jennifer Tanner Look Left Marketing [email protected] GlobeNewswire Distribution ID 9414071
Yahoo
13-02-2025
- Yahoo
Password managers are the new target for hackers
Password managers are one of the most effective ways internet users keep their online lives in order. Many popular services include 1Password, LastPass, and NordPass, which can be used for storing and generating passwords, and recalling login credentials. However, while you may think your passwords are secure with these platforms, cybercriminals are getting more sophisticated with their methods of hacking password managers and getting access to your digital information. A recent report by cybersecurity firm Picus Security indicates cyberattacks on password managers were three times more likely to occur in 2024 than in the year prior. The research, detailed in the firm's Red Report 2025 also noted that of the one million malware variants studied, 25% of them targeted password managers or some method of other password storage, such as web browsers that allow for saving login credentials. 'For the first time ever, stealing credentials from password stores is in the top 10 techniques listed in the MITRE ATT&CK Framework,' Picus Security said in a press release. 'The report reveals that these top 10 techniques accounted for 93% of all malicious actions in 2024.' The firm uses its MITRE ATT&CK Framework to classify cyberattacks. Picus has determined that hackers have developed a multi-stage method of cyberattack it's calling 'SneakThief,' which entails 'increased stealth, persistence, and automation.' Hackers perform over a 'dozen malicious actions' to collect data without detection. Picus calls the method 'the perfect heist.' 'Threat actors are leveraging sophisticated extraction methods, including memory scraping, registry harvesting, and compromising local and cloud-based password stores, to obtain credentials that give attackers the keys to the kingdom,' Picus Security co-founder and VP of Picus Labs, Dr. Suleyman Ozarslan said in a statement. Ozarslan recommends that password manager users utilize multi-factor authentication alongside the primary password-storing method. Additionally, he suggests never reusing passwords, particularly if they are being stored in a password manager. While artificial intelligence is a quickly growing trend in today's cybersecurity space, Red Report noted no significant increase in cybercriminals using AI-driven malware in 2024.
