Latest news with #VolkanErtürk
Techday NZ
22-05-2025
- Business
- Techday NZ
Picus launches tool for real-time validation of exploitable risks
Picus Security has introduced a new capability designed to help security teams determine which vulnerabilities in their environments are actually exploitable. The new feature, called Picus Exposure Validation, uses real-time attack simulations to provide evidence-based assessments of vulnerability risks within a specific organisation's environment. This approach aims to address the challenge of large numbers of vulnerabilities that are often identified but not all requiring immediate attention or remediation. With more than 40,000 new Common Vulnerabilities and Exposures (CVEs) disclosed in 2024 - with 61% ranked as high or critical - security teams often struggle to respond effectively, as traditional vulnerability management methods can lead to inefficient allocation of resources. Picus Security says the new capability assists security teams in distinguishing between vulnerabilities that can actually be exploited in their unique systems and those that can be safely deprioritised. Traditional vulnerability management is typically driven by severity metrics such as Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS), which provide generalised risk indicators but may not account for an individual organisation's existing security controls and asset criticality. Picus Exposure Validation aims to fill this gap with the Picus Exposure Score, an evidence-based, context-aware metric intended to reflect actual risk, according to the company. The system continuously tests security controls using real-world attack techniques to determine whether known vulnerabilities can be exploited given the organisation's current defences. The findings are automatically updated and presented in transparent reports, enabling quicker and more confident decision-making in response to new security threats. Volkan Ertürk, Co-Founder and Chief Technology Officer at Picus Security, commented: "The challenge today isn't finding vulnerabilities, it's knowing which ones matter in your unique environment. CVSS, EPSS and KEV offer theoretical risk signals. Picus Exposure Validation delivers proof by testing threats against your production defenses in real time. It replaces assumptions with evidence so security teams can focus on vulnerabilities that are actually exploitable." Key features highlighted by the company include the ability for security teams to more accurately prioritise remediation work, safely deprioritise less urgent vulnerabilities, and reduce manual workloads through the use of automated validation processes. The solution is said to include tailored recommendations to quickly improve the effectiveness of security controls, offering an alternative when immediate patching is not feasible. A global industrial firm reported that, upon deploying Picus Exposure Validation, it was able to reduce its list of critical patches by 85%. Based solely on CVSS ratings, 63% of the vulnerabilities in the organisation's systems were initially classified as critical. However, after applying Picus Exposure Validation, it was found that only 9% of those were truly high risk and required prioritisation. This reduction reportedly saved the organisation thousands of hours on patching activity and allowed the security team to focus resources more efficiently. The company positions Picus Exposure Validation as a new methodology for combining data about vulnerabilities with automated attack simulation to create an organisation-specific analysis of exploitability. This approach, according to Picus, offers security teams a more focused view on where to deploy efforts for mitigation and remediation and thereby enables more effective closing of security gaps. The Picus Exposure Validation feature is now available to organisations seeking enhanced vulnerability validation for their own environments. Follow us on: Share on:
Bahrain News Gazette
01-04-2025
- Business
- Bahrain News Gazette
Picus Security Announces Recognition in Gartner® Market Guide for Adversarial Exposure Validation
Picus Security strives to empower offensive and defensive security teams working to validate threat exposures against attack scenarios and techniques. SAN FRANCISCO, March 31, 2025 (GLOBE NEWSWIRE) — Picus Security , the leading security validation company, today announced that it has been named a Representative Vendor in the Gartner ® Market Guide for Adversarial Exposure Validation (AEV). The AEV category includes technology that validates vulnerabilities and identifies techniques that allow adversaries to exploit an organization. This research helps security and risk management leaders understand the key use cases of adversarial exposure validation and navigate the AEV solution market. The AEV market category brings breach and attack simulation (BAS), automated penetration testing and red teaming technologies together, three categories that were previously separate in the Gartner ® Hype Cycle for Security Operations. Gartner states that by '2027, 40% of organizations will have adopted formal exposure validation initiatives, most relying on AEV technologies and managed service providers for maturity and consistency.' The Picus Security Validation Platform enables organizations to simulate real-world attack scenarios, providing continuous, automated validation of exploitable exposures while assessing the effectiveness of security controls. By emulating adversarial tactics, techniques and procedures (TTPs), Picus assists security teams in identifying critical vulnerabilities, prioritizing remediation efforts and enhancing overall security posture without increasing the skill level required by security defense teams. 'The flood of analyst inquiries proves that organizations want to validate threat exposures through real-world attack scenarios to justify security investments and prioritize vulnerabilities,' said Picus Security co-founder and CTO Volkan Ertürk. 'Organizations have too many vulnerabilities that are disconnected from their security controls and context. The Picus platform uniquely provides evidence-based exposure prioritization and validation, derisking critical vulnerabilities that are not truly exploitable, so security teams can focus on what matters the most.' After a comprehensive review of the Gartner Market Guide for Adversarial Exposure Validation, Picus Security found: AEV solutions help organizations strengthen defenses, prioritize vulnerabilities and improve readiness for real-world attacks. The AEV market is rapidly evolving, with vendors offering both specialized and comprehensive capabilities to address diverse security validation needs. AEV technology reduces complexity and lowers the skills barrier required for offensive testing. Integration and automation capabilities within AEV solutions streamline security operations, enhance collaboration among teams and improve the precision and effectiveness of security testing. To learn more, download the Gartner ® Market Guide for Adversarial Exposure Validation or read our recent blog on how AEV is a force multiplier. About Gartner ® GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. About Picus Security Picus Security, the leading security validation company, gives organizations a clear picture of their cyber risk based on business context. Picus transforms security practices by correlating, prioritizing and validating exposures across siloed findings so teams can focus on critical gaps and high-impact fixes. With Picus, security teams can quickly take action with one-click mitigations to stop more threats with less effort. Offering Adversarial Exposure Validation with Breach and Attack Simulation and Automated Penetration Testing working together for greater outcomes Picus delivers award-winning, threat-centric technology that allows teams to pinpoint fixes worth pursuing. Follow Picus Security on X and LinkedIn . Contact Jennifer Tanner Look Left Marketing [email protected] GlobeNewswire Distribution ID 9414071
