Picus Security launches Exposure Validation to help teams focus on exploitable vulnerabilities – News

Cybersecurity validation startup Picus Security Inc. today announced the launch of Picus Exposure Validation, a new service that allows security teams to verify the exploitability of vulnerabilities based on their unique environments.

The new capability has been designed to continuously test security controls against real-world attack techniques to identify which vulnerabilities are truly exploitable and which can safely be deprioritized.

The offering differs from traditional vulnerability management products that overlook internal factors such as asset criticality and security controls, treating vulnerabilities as being equally critical irrespective of the user being a Fortune 100 company with sophisticated defenses or a regional business relying on basic protections. Picus Exposure Score closes that gap with an evidence-based, context-aware metric that accurately quantifies actual risk by accounting for how effectively current security controls mitigate real threats.

“The challenge today isn’t finding vulnerabilities, it’s knowing which ones matter in your unique environment,” said co-founder and Chief Technology Officer Volkan Ertürk. “Common Vulnerability Scoring System, Exploit Prediction Scoring System and Known Exploited Vulnerabilities offer theoretical risk signals. Picus Exposure Validation delivers proof by testing threats against your production defenses in real time. It replaces assumptions with evidence so security teams can focus on vulnerabilities that are actually exploitable.”

Picus Exposure Validation allows security teams to prioritize accurately and deprioritize safely. The service leverages a transparent, automated Exposure Score and advanced security validation technologies to allow teams to focus on threats that truly matter and confidently set aside vulnerabilities that pose no real risk.

The new service also enables faster, more confident decision-making. With real-time reporting, continuous attack simulations and in-depth security control testing, users are provided with the evidence needed for compliance documentation and executive communication.

Picus Exposure Validation additionally helps save time and improve mitigation efforts via automated validation that reduces manual workloads. The resulting tailored recommendations support rapid improvements in security control effectiveness, even when immediate patching isn’t feasible.

In early testing, an unnamed global industrial enterprise is said by Picus to have saved thousands of hours on patching low-impact vulnerabilities. Based on CVSS scores alone, 63% of the vulnerabilities in the organization’s environment were critical, but Picus determined that only 9% were truly high-risk and must be prioritized.

Picus is a venture capital-backed company that has raised $80 million over five rounds, including a round of $45 million in September. Investors in the company include Riverwood Capital, Earlybird Venture Capital GmbH & Co. KG, Mastercard Inc. and Turkven Private Equity Fund Management Inc.

Image: News/Reve