# Best Breach and Attack Simulation (BAS) Software

*By [Brandon Summers-Miller](https://research.g2.com/insights/author/brandon-summers-miller)*


Breach and attack simulation (BAS) software is used to mimic real-world security threats to help businesses prepare incident response plans and discover potential vulnerabilities in their security systems. These simulated attacks might send fake phishing attacks to employees or attempt a cyberattack on a company’s [web application firewall](https://www.g2.com/categories/web-application-firewall-waf). Many tools even provide automated simulations with AI-based threat logic and continuous testing to ensure teams are always prepared to properly handle security incidents.

Most of these simulations are available at all times. Many businesses use them periodically as updates are made to security systems or security policies are changed. Without simulated attacks, it can be difficult to assess the efficacy of security operations; customized simulations can mimic various threats to different surface areas or within unique environments to help businesses prepare and evaluate their defense against all kinds of multivector threats.

Breach and attack simulation software tools are typically capable of performing [penetration tests](https://www.g2.com/categories/penetration-testing) or simulate attacks similar to some [dynamic application security testing](https://www.g2.com/categories/dynamic-application-security-testing-dast) tools and [vulnerability scanners](https://www.g2.com/categories/vulnerability-scanner). But most of those solutions only mimic a single kind of threat and are not continuously available. They also do not provide the same outcome details and report on vulnerabilities and security posture to the same degree of BAS solutions.

To qualify for inclusion in the Breach and Attack Simulation (BAS) software category, a product must:

- Deploy threats targeting various attack surfaces
- Simulate both cyberattacks and data breaches
- Quantify risk and evaluate security posture based on attack response
- Provide remediation process guidance and improvement suggestions






## G2 Grid® for Breach and Attack Simulation (BAS) Software
![G2 Grid® for Breach and Attack Simulation (BAS) Software plotting products by satisfaction and market presence](https://www.g2.com/categories/breach-and-attack-simulation-bas/grids.png?focus%5B%5D=56073&focus%5B%5D=56001&focus%5B%5D=1458180&focus%5B%5D=98391&focus%5B%5D=100365&focus%5B%5D=1584476&focus%5B%5D=168853&focus%5B%5D=124451)
Highlighted products: Picus Security, Cymulate, Adaptive Security, Pentera, Sophos PhishThreat, HTB CTF &amp; Threat Range, vPenTest, and Right-Hand Cybersecurity.
Underlying data: [Grid® JSON](https://www.g2.com/categories/breach-and-attack-simulation-bas/grids.json?focus%5B%5D=picus-security&amp;focus%5B%5D=cymulate&amp;focus%5B%5D=adaptive-security&amp;focus%5B%5D=pentera&amp;focus%5B%5D=sophos-phishthreat&amp;focus%5B%5D=htb-ctf-threat-range&amp;focus%5B%5D=vpentest&amp;focus%5B%5D=right-hand-cybersecurity)


## How Many Breach and Attack Simulation (BAS) Software Products Does G2 Track?
**Total Products under this Category:** 53

### Category Stats (Jul 2026)
- **Average Rating**: 4.55/5 The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: Cymulate (+0.04%) - Among all products in this category, Cymulate recorded the largest rating increase compared to last month
*Last updated: July 14, 2026*


## How Does G2 Rank Breach and Attack Simulation (BAS) Software Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 1,200+ Authentic Reviews
- 53+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Breach and Attack Simulation (BAS) Software Is Best for Your Use Case?

- **Leader:** [Picus Security](https://www.g2.com/products/picus-security/reviews)
- **Easiest to Use:** [Cymulate](https://www.g2.com/products/cymulate/reviews)
- **Top Trending:** [Adaptive Security](https://www.g2.com/products/adaptive-security/reviews)
- **Best Free Software:** [Picus Security](https://www.g2.com/products/picus-security/reviews)


---

**Sponsored**

### Picus Security

Picus Security helps enterprise security teams reduce cyber risk with the Picus Autonomous Exposure Validation Platform. Picus proves what attackers can actually exploit in your environment and what your security controls stop, turning every exposure into a defensible decision: patch, mitigate, monitor, or accept. The platform validates attack surfaces, exposures, and security controls as one continuous loop, uniting breach and attack simulation, automated penetration testing, and exposure validation. With techniques mapped to MITRE ATT&amp;CK, teams prioritize by real exploitation risk instead of severity scores, prove their EDR, SIEM, and firewall controls work, and report measurable risk reduction to leadership. Picus pioneered Breach and Attack Simulation in 2013 and works with security teams across financial services, healthcare, energy, and technology.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=2047&amp;secure%5Bchosen_at%5D=2026-07-14T15%3A19%3A46Z&amp;secure%5Bdisplayable_resource_id%5D=2047&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=2047&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=56073&amp;secure%5Bresource_id%5D=2047&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fbreach-and-attack-simulation-bas%3Fopen_modal_url%3D%252Fproducts%252Fadaptive-security%252Fwishlists%253Fhost_path%253D%25252Fcategories%25252Fbreach-and-attack-simulation-bas%2526source%253Dcategory&amp;secure%5Btoken%5D=70f5399430bcaff60f964072092b7678291bc13ecdbe2dfaa594cf3657108daf&amp;secure%5Burl%5D=https%3A%2F%2Fwww.picussecurity.com%2Fschedule-demo%3Futm_source%3Dg2%26utm_medium%3Dpaidsocial%26utm_campaign%3Dpicus_profile_promo&amp;secure%5Burl_type%5D=book_demo)

---

## What Are the Top-Rated Breach and Attack Simulation (BAS) Software Products in 2026?
### 1. [Picus Security](https://www.g2.com/products/picus-security/reviews)
Picus Security helps enterprise security teams reduce cyber risk with the Picus Autonomous Exposure Validation Platform. Picus proves what attackers can actually exploit in your environment and what your security controls stop, turning every exposure into a defensible decision: patch, mitigate, monitor, or accept. The platform validates attack surfaces, exposures, and security controls as one continuous loop, uniting breach and attack simulation, automated penetration testing, and exposure validation. With techniques mapped to MITRE ATT&amp;CK, teams prioritize by real exploitation risk instead of severity scores, prove their EDR, SIEM, and firewall controls work, and report measurable risk reduction to leadership. Picus pioneered Breach and Attack Simulation in 2013 and works with security teams across financial services, healthcare, energy, and technology.


**Average Rating:** 4.8/5.0
**Total Reviews:** 229

**Who Is the Company Behind Picus Security?**

- **Seller:** [Picus Security](https://www.g2.com/sellers/picus-security)
- **Company Website:** https://www.picussecurity.com
- **Year Founded:** 2013
- **HQ Location:** San Francisco, California
- **Twitter:** @PicusSecurity (2,916 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/picus-security/ (315 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Cyber Security Specialist, Cyber Security Engineer
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 38% Enterprise, 37% Mid-Market


#### What Are Picus Security's Pros and Cons?

**Pros:**

- Simulation (114 reviews)
- Ease of Use (75 reviews)
- Continuous Validation (63 reviews)
- Actionable Insights (58 reviews)
- Integration (55 reviews)

**Cons:**

- Reporting Limitations (44 reviews)
- Integration Issues (32 reviews)
- Steep Learning Curve (28 reviews)
- Complex Setup (26 reviews)
- Limited Customization (21 reviews)


### What Do G2 Reviewers Say About Picus Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value Picus Security for its **continuous threat simulation** , enhancing organizational resilience and proactive defense strategies.
- Users appreciate the **ease of use** of Picus Security, benefiting from its intuitive design and rapid threat identification.
- Users value the **continuous validation** of Picus Security, enhancing security posture through real-world attack simulations.
- Users value the **actionable insights** from Picus Security, enabling optimized defenses and improved security posture.
- Users commend Picus Security for its **seamless integration** with existing tools, enhancing cybersecurity effectiveness and operational efficiency.

**Cons:**

- Users face **reporting limitations** with Picus Security, leading to additional work and occasional simulation issues.
- Users face **integration issues** with limited third-party support, complicating initial setup and validation processes.
- Users note the **steep learning curve** for Picus Security, requiring time and training to fully leverage its features.
- Users find the **complex setup** of Picus Security requires additional configuration efforts, which can be time-consuming.
- Users feel that Picus Security has **limited customization** options for reports and dashboards, hindering tailored security assessments.

#### What Are Recent G2 Reviews of Picus Security?

**"[A Proactive Approach to Threat Readiness](https://www.g2.com/survey_responses/picus-security-review-11441729)"**

**Rating:** 4.5/5.0 stars
*— Rohit Y.*

[Read full review](https://www.g2.com/survey_responses/picus-security-review-11441729)

---

**"[Picus Makes Our Security Stronger](https://www.g2.com/survey_responses/picus-security-review-11497382)"**

**Rating:** 5.0/5.0 stars
*— Ved Prakash M.*

[Read full review](https://www.g2.com/survey_responses/picus-security-review-11497382)

---


#### What Are G2 Users Discussing About Picus Security?

- [What is Picus Security used for?](https://www.g2.com/discussions/what-is-picus-security-used-for)

### 2. [Cymulate](https://www.g2.com/products/cymulate/reviews)
Designed for security teams to continuously validate threats and build exposure-informed defenses, the Cymulate Platform combines advanced attack simulation with an agentic cyber defense engineering control plane to continuously prove, prioritize and adapt security controls for the latest threats. With a daily feed of threat intelligence and a comprehensive attack library, Cymulate is a SaaS offering that applies AI to tailor offensive testing to the environment while integrating with security stack to push updates for immediate prevention and detection. Core use cases include threat validation, control validation &amp; tuning, detection engineering, and vulnerability validation and prioritization.


**Average Rating:** 4.9/5.0
**Total Reviews:** 174

**Who Is the Company Behind Cymulate?**

- **Seller:** [Cymulate](https://www.g2.com/sellers/cymulate)
- **Company Website:** https://www.cymulate.com
- **Year Founded:** 2016
- **HQ Location:** Holon, Israel
- **Twitter:** @CymulateLtd (1,079 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cymulate (231 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Security Analyst, Cyber Security Engineer
- **Top Industries:** Financial Services, Banking
- **Company Size:** 56% Enterprise, 42% Mid-Market


#### What Are Cymulate's Pros and Cons?

**Pros:**

- Ease of Use (73 reviews)
- Security (41 reviews)
- Vulnerability Identification (41 reviews)
- Features (39 reviews)
- Customer Support (33 reviews)

**Cons:**

- Improvement Needed (12 reviews)
- Integration Issues (10 reviews)
- Reporting Issues (8 reviews)
- Complexity (6 reviews)
- Inefficient Alert System (6 reviews)


### What Do G2 Reviewers Say About Cymulate?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **intuitive and user-friendly platform** of Cymulate, making cybersecurity accessible for all organizations.
- Users value the **effective continuous security validation** offered by Cymulate, enhancing their ability to manage exposures.
- Users value the **actionable insights** from Cymulate&#39;s simulations, enhancing security and proving risk reduction effectively.
- Users appreciate the **extensive customization and feature set** of Cymulate, enhancing their security assessment capabilities.
- Users value the **excellent customer support** provided by Cymulate, enhancing their overall experience and effectiveness.

**Cons:**

- Users note that **dynamic reporting and integration stability** require improvement for better performance and execution.
- Users report that **integration issues** hinder functionality, particularly with threat intel platforms, leading to instability.
- Users find that **reporting is time-consuming** and can be overwhelming, especially for those new to Cymulate.
- Users find the **complexity of advanced features** and setup time overwhelming, particularly for beginners on Cymulate.
- Users find the **inefficient alert system** challenging, with delayed notifications and difficult management of assessments.

#### What Are Recent G2 Reviews of Cymulate?

**"[Realistic, Continuous Security Validation Without Disrupting Production](https://www.g2.com/survey_responses/cymulate-review-12619957)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Computer &amp; Network Security*

[Read full review](https://www.g2.com/survey_responses/cymulate-review-12619957)

---

**"[Comprehensive BAS with Easy Setup and Stellar Coverage](https://www.g2.com/survey_responses/cymulate-review-12504573)"**

**Rating:** 5.0/5.0 stars
*— Shubham A.*

[Read full review](https://www.g2.com/survey_responses/cymulate-review-12504573)

---



### 3. [Adaptive Security](https://www.g2.com/products/adaptive-security/reviews)
Adaptive Security is the security layer for the AI era, protecting organizations and their employees from modern cyberattacks. AI has changed how every company works, and it&#39;s changed how every company gets attacked. Employees use AI tools IT doesn&#39;t know about. Attackers craft deepfakes, vishing calls, and spear phishing emails that get past filters. Adaptive addresses all of it in one unified platform: managing AI tool usage before it becomes a liability, training employees on the threats they&#39;ll actually face, simulating AI-powered attacks in a safe environment, and protecting the inbox and browser so threats never reach their intended targets. Because it&#39;s one platform, Adaptive develops a complete risk picture and uses it automatically, applying targeted training, attack simulations, real-time interventions, and policy controls to lower risk over time. More than 1,000 organizations run Adaptive to manage their human security program, and the company has raised $150M+ from investors including NVIDIA, Andreessen Horowitz, Bain Capital Ventures, and Citi Ventures.


**Average Rating:** 4.9/5.0
**Total Reviews:** 91

**Who Is the Company Behind Adaptive Security?**

- **Seller:** [Adaptive Security](https://www.g2.com/sellers/adaptive-security)
- **Company Website:** https://www.adaptivesecurity.com
- **Year Founded:** 2024
- **HQ Location:** New York, US
- **LinkedIn® Page:** https://www.linkedin.com/company/adaptivesecurity (242 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** IT Manager
- **Top Industries:** Financial Services, Computer Software
- **Company Size:** 68% Mid-Market, 19% Enterprise


#### What Are Adaptive Security's Pros and Cons?

**Pros:**

- Training (22 reviews)
- Ease of Use (18 reviews)
- Customer Support (13 reviews)
- Easy Implementation (11 reviews)
- Awareness Increase (10 reviews)

**Cons:**

- Limited Customization (5 reviews)
- Group Management (3 reviews)
- Inadequate Reporting (2 reviews)
- Integration Issues (2 reviews)
- Learning Curve (2 reviews)


### What Do G2 Reviewers Say About Adaptive Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **engaging and relevant training** in Adaptive Security, enhancing awareness and participation across teams.
- Users appreciate the **ease of use** of Adaptive Security, highlighting its smooth deployment and user-friendly interface.
- Users commend the **great customer support** from Adaptive Security, noting their responsiveness and helpfulness around questions and issues.
- Users find the **easy implementation** of Adaptive Security enhances their experience and encourages regular engagement with its features.
- Users value the **significant awareness increase** from Adaptive Security, enjoying engaging training and effective phishing simulations.

**Cons:**

- Users find the **limited customization options** restrict helpful edits and content alignment, affecting overall user management.
- Users note that **group management is still under development** , lacking necessary features for improved training and user management.
- Users feel that **inadequate reporting** limits flexibility in data presentation, impacting exports and stakeholder reviews.
- Users find the **technical integration issues** of Adaptive Security challenging, especially for those lacking technical skills.
- Users find the **learning curve challenging** , particularly with technical setup and configuration for optimal use.

#### What Are Recent G2 Reviews of Adaptive Security?

**"[Excellent Performance, Polished UI/UX, and Responsive Support](https://www.g2.com/survey_responses/adaptive-security-review-13069570)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/adaptive-security-review-13069570)

---

**"[Generative AI Phishing Training That Feels Built for Today’s Threats](https://www.g2.com/survey_responses/adaptive-security-review-13079935)"**

**Rating:** 5.0/5.0 stars
*— Justin M R.*

[Read full review](https://www.g2.com/survey_responses/adaptive-security-review-13079935)

---



### 4. [Pentera](https://www.g2.com/products/pentera/reviews)
Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale. Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited. Its customers include Casey&#39;s General Stores, Emeria, LuLu International Exchange, IP Telecom PT, BrewDog, City National Bank, Schmitz Cargobull, and MBC Group. Pentera is backed by leading investors such as K1 Investment Management, Insight Partners, Blackstone, Evolution Equity Partners, and AWZ. Visit https://pentera.io for more information.


**Average Rating:** 4.5/5.0
**Total Reviews:** 171

**Who Is the Company Behind Pentera?**

- **Seller:** [Pentera](https://www.g2.com/sellers/pentera)
- **Company Website:** https://pentera.io/
- **Year Founded:** 2015
- **HQ Location:** Boston, MA
- **Twitter:** @penterasec (3,291 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/penterasecurity/ (483 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Banking, Government Administration
- **Company Size:** 52% Enterprise, 36% Mid-Market


#### What Are Pentera's Pros and Cons?

**Pros:**

- Vulnerability Identification (5 reviews)
- Automation (4 reviews)
- Customer Support (4 reviews)
- Improvement (4 reviews)
- Automated Testing (3 reviews)

**Cons:**

- Inadequate Reporting (2 reviews)
- Missing Features (2 reviews)
- Resource Intensive (2 reviews)
- Access Control (1 reviews)
- Access Restrictions (1 reviews)


### What Do G2 Reviewers Say About Pentera?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **powerful vulnerability scanning** capabilities of Pentera, enhancing their security posture and remediation strategies.
- Users value the **automation capabilities** of Pentera, enhancing usability and enabling continuous security validation.
- Users commend the **responsive customer support** of Pentera, enhancing the overall user experience significantly.
- Users value the **time-saving automation** and simplicity of Pentera, enhancing productivity and effective vulnerability management.
- Users appreciate the **fully automated testing** of Pentera, noting its user-friendly UI and quick implementation.

**Cons:**

- Users note the **inadequate reporting** features of Pentera, especially for enterprise-level insights and improvements needed.
- Users are frustrated by the **missing features** in Pentera, such as limited vulnerabilities and inadequate RBAC system.
- Users note the **high resource utilization** of Pentera, which can strain system performance and compatibility with existing setups.
- Users express concern about the **lack of a robust RBAC system** , limiting proper access control and user rights management.
- Users face **access restrictions** due to limited RBAC options and infrequent updates on new vulnerabilities.

#### What Are Recent G2 Reviews of Pentera?

**"[Cutting-Edge Security with a Real Attacker Approach](https://www.g2.com/survey_responses/pentera-review-12864952)"**

**Rating:** 4.5/5.0 stars
*— Yaron C.*

[Read full review](https://www.g2.com/survey_responses/pentera-review-12864952)

---

**"[Reliable Tool for Vulnerability Detection but Script Issues](https://www.g2.com/survey_responses/pentera-review-12864934)"**

**Rating:** 4.0/5.0 stars
*— Avitzur Y.*

[Read full review](https://www.g2.com/survey_responses/pentera-review-12864934)

---



### 5. [Sophos PhishThreat](https://www.g2.com/products/sophos-phishthreat/reviews)
Sophos Phish Threat is a cloud-based security awareness training and phishing simulation platform designed to educate employees on identifying and responding to phishing attacks. By simulating realistic phishing scenarios and providing interactive training modules, it helps organizations strengthen their human firewall against cyber threats. Key Features and Functionality: - Realistic Phishing Simulations: Offers hundreds of customizable templates that mimic real-world phishing attacks, enabling organizations to test and improve employee vigilance. - Automated Training Modules: Provides over 30 interactive training courses covering security and compliance topics, automatically enrolling users who fall for simulated attacks. - Comprehensive Reporting: Delivers actionable insights through intuitive dashboards, tracking user susceptibility, training progress, and overall organizational risk levels. - Multi-Language Support: Available in nine languages, ensuring accessibility for diverse workforces. - Seamless Integration: Integrates with Sophos Central, allowing unified management alongside other security solutions like email and endpoint protection. Primary Value and Problem Solved: Sophos Phish Threat addresses the critical challenge of human error in cybersecurity by transforming employees into proactive defenders against phishing attacks. By combining realistic simulations with targeted training, it reduces the likelihood of successful phishing attempts, thereby enhancing the organization&#39;s overall security posture and minimizing the risk of data breaches and financial loss.


**Average Rating:** 4.3/5.0
**Total Reviews:** 23

**Who Is the Company Behind Sophos PhishThreat?**

- **Seller:** [Sophos](https://www.g2.com/sellers/sophos)
- **Year Founded:** 1985
- **HQ Location:** Oxfordshire
- **Twitter:** @Sophos (36,759 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/5053/ (5,500 employees on LinkedIn®)
- **Ownership:** LSE:SOPH

**Who Uses This Product?**
- **Top Industries:** Computer &amp; Network Security
- **Company Size:** 54% Mid-Market, 29% Small-Business



#### What Are Recent G2 Reviews of Sophos PhishThreat?

**"[The ultimate tool to train your employees against phishing](https://www.g2.com/survey_responses/sophos-phishthreat-review-12949992)"**

**Rating:** 5.0/5.0 stars
*— Rodrigo C.*

[Read full review](https://www.g2.com/survey_responses/sophos-phishthreat-review-12949992)

---

**"[Easy, Authentic Phishing Simulations That Save Time](https://www.g2.com/survey_responses/sophos-phishthreat-review-12627047)"**

**Rating:** 4.5/5.0 stars
*— Rafael L.*

[Read full review](https://www.g2.com/survey_responses/sophos-phishthreat-review-12627047)

---


#### What Are G2 Users Discussing About Sophos PhishThreat?

- [How do you conduct a phishing test?](https://www.g2.com/discussions/how-do-you-conduct-a-phishing-test)
- [What are the available formats for Phish threat awareness training?](https://www.g2.com/discussions/what-are-the-available-formats-for-phish-threat-awareness-training)
- [How do I use Phish threat Sophos?](https://www.g2.com/discussions/how-do-i-use-phish-threat-sophos)
- [Does Sophos protect against phishing?](https://www.g2.com/discussions/does-sophos-protect-against-phishing)

### 6. [HTB CTF &amp; Threat Range](https://www.g2.com/products/htb-ctf-threat-range/reviews)
The HTB CTF Platform turns cyber training into an addictive team experience. Choose from 250+ scenarios, host events for hundreds of players, and launch in less than 10 minutes without additional setup required. Live scoreboards, team chat, and advanced reporting reveal strengths, gaps and next best steps. Leaders calling CTFs the best way to beat burnout and improve performance, HTB delivers the proven formula for engaged, attack-ready teams.


**Average Rating:** 4.7/5.0
**Total Reviews:** 22

**Who Is the Company Behind HTB CTF &amp; Threat Range?**

- **Seller:** [Hack The Box](https://www.g2.com/sellers/hack-the-box)
- **Company Website:** https://www.hackthebox.com/
- **Year Founded:** 2017
- **HQ Location:** Folkestone, GB
- **Twitter:** @hackthebox_eu (246,095 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/hackthebox/ (2,272 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer &amp; Network Security
- **Company Size:** 45% Enterprise, 36% Small-Business



#### What Are Recent G2 Reviews of HTB CTF &amp; Threat Range?

**"[The Easiest Platform for Hands-On Penetration Testing Learning](https://www.g2.com/survey_responses/htb-ctf-threat-range-review-11984171)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Security and Investigations*

[Read full review](https://www.g2.com/survey_responses/htb-ctf-threat-range-review-11984171)

---

**"[Outstanding Experience from Start to Finish](https://www.g2.com/survey_responses/htb-ctf-threat-range-review-12003820)"**

**Rating:** 5.0/5.0 stars
*— Sathish V.*

[Read full review](https://www.g2.com/survey_responses/htb-ctf-threat-range-review-12003820)

---



### 7. [vPenTest](https://www.g2.com/products/vpentest/reviews)
Vonahi Security is building the future of offensive cybersecurity by delivering automated, high-quality penetration testing through its SaaS platform, vPenTest. Designed to replicate the tools, techniques, and methodologies of experienced consultants, vPenTest brings the benefits of manual network penetration testing into an easy-to-use, automated solution. Traditionally, penetration testing has been a manual, time consuming, and expensive process that many organizations only perform once or twice a year. This often leaves businesses exposed to emerging threats between assessments. vPenTest addresses this gap by offering fast, consistent, and on-demand testing that helps organizations evaluate their real-time cybersecurity risk more effectively. Powered by a proprietary framework that evolves through continuous research and real-world insights, vPenTest stays aligned with the latest attack techniques and industry best practices. The platform is backed by over 13 years of offensive security expertise, with the team holding certifications such as CISSP, OSCP, OSCE, CEH, and more. Their knowledge is built directly into the platform, ensuring each test is conducted with depth, consistency, and accuracy—without the delays or variability of manual testing.  vPenTest enables organizations to run internal and external network penetration tests as often as needed monthly, quarterly, or prior to audits or insurance reviews. The automated reports provide actionable insights that make it easy to prioritize remediation and demonstrate progress toward compliance. Today, over 22,000 organizations rely on vPenTest to strengthen their security posture and reduce risk. This includes managed service providers, managed security service providers, financial institutions, compliance-driven organizations, and internal IT teams. Whether you&#39;re working to meet regulatory requirements, secure cyber insurance coverage, or proactively defend against evolving threats, vPenTest makes network penetration testing easy, affordable, and scalable.


**Average Rating:** 4.6/5.0
**Total Reviews:** 239

**Who Is the Company Behind vPenTest?**

- **Seller:** [Kaseya](https://www.g2.com/sellers/kaseya)
- **Company Website:** https://www.kaseya.com/
- **Year Founded:** 2000
- **HQ Location:** Miami, FL
- **Twitter:** @KaseyaCorp (17,411 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/kaseya/ (5,471 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CEO
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 68% Small-Business, 25% Mid-Market


#### What Are vPenTest's Pros and Cons?

**Pros:**

- Ease of Use (25 reviews)
- Reporting Quality (23 reviews)
- Pentesting Efficiency (22 reviews)
- Setup Ease (15 reviews)
- Ease of Implementation (12 reviews)

**Cons:**

- Complex Setup (7 reviews)
- Limited Scope (7 reviews)
- Expensive (5 reviews)
- Inadequate Reporting (5 reviews)
- Lack of Detail (5 reviews)


### What Do G2 Reviewers Say About vPenTest?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find vPenTest incredibly **easy to use** , making penetration testing accessible even for beginners.
- Users praise the **high-quality and detailed reporting** of vPenTest, leading to effective remediation and happy customers.
- Users appreciate the **pentesting efficiency** of vPenTest, which simplifies tasks and enhances productivity during security assessments.
- Users find the **initial setup easy** , enhancing their experience and facilitating smooth management across multiple clients.
- Users value the **ease of implementation** of vPenTest, enjoying a seamless setup that enhances productivity effortlessly.

**Cons:**

- Users find the **setup process complex** , requiring multiple attempts and leading to challenges with integration and customization.
- Users express frustration with the **limited scope** of vPenTest, as it overlooks certain known issues and SSO support.
- Users find the **costs prohibitive** for smaller organizations, complicating adoption due to pricing and contract commitments.
- Users find the **inadequate reporting** of vPenTest to be repetitive and limited in customization, impacting effectiveness.
- Users find the **lack of detail** in vPenTest&#39;s reports complicates understanding and necessitates additional explanation for clarity.

#### What Are Recent G2 Reviews of vPenTest?

**"[Great Product, Easy to Use, does exactly as described.](https://www.g2.com/survey_responses/vpentest-review-9009510)"**

**Rating:** 5.0/5.0 stars
*— Kamran H.*

[Read full review](https://www.g2.com/survey_responses/vpentest-review-9009510)

---

**"[Fast, Actionable Pen Testing Baselines with Clear, Customer-Ready Reports](https://www.g2.com/survey_responses/vpentest-review-12881608)"**

**Rating:** 4.5/5.0 stars
*— Darren .*

[Read full review](https://www.g2.com/survey_responses/vpentest-review-12881608)

---



### 8. [Right-Hand Cybersecurity](https://www.g2.com/products/right-hand-cybersecurity/reviews)
Right-Hand is a Human Risk Management company supporting organizations across North America and APAC, working with teams across a wide range of industries including finance, education, retail, healthcare, and manufacturing. The platform is built to help security leaders understand, measure, and reduce human-initiated risk in modern, distributed environments where technology alone is no longer enough. Most security programs generate large volumes of alerts and telemetry but struggle to translate that data into meaningful insight about human behavior. Right-Hand addresses this challenge by integrating with core security tools such as email security, EDR, DLP, CASB, and SIEM. These integrations surface high-signal events and contextual risk indicators tied directly to user actions, giving teams visibility into where risky behavior occurs, which patterns lead to incidents, and how human risk changes over time across the organization. Building on this foundation, Right-Hand provides purpose-built AI agents that support security awareness execution at scale. The vishing agent enables realistic voice-based simulations, the email agent supports the creation of phishing templates and scenarios, and the training agent helps generate and adapt learning content based on role, behavior, and exposure. Together, these agents allow teams to move beyond static programs and deliver continuous, relevant awareness without relying on one-size-fits-all content or manual effort. The primary value of Right-Hand is turning visibility into action. Instead of compliance-driven training disconnected from real risk, organizations gain a data-informed program that links behavior, learning, and outcomes. Security teams can reduce repeat incidents, lower operational noise, demonstrate progress over time, and build a stronger, more resilient security culture aligned with how people actually work.


**Average Rating:** 4.8/5.0
**Total Reviews:** 71

**Who Is the Company Behind Right-Hand Cybersecurity?**

- **Seller:** [Right-Hand Cybersecurity](https://www.g2.com/sellers/right-hand-cybersecurity)
- **Company Website:** https://right-hand.ai/
- **Year Founded:** 2019
- **HQ Location:** Lewes, Delaware
- **Twitter:** @righthand_ai (139 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/19126566 (44 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Financial Services, Information Technology and Services
- **Company Size:** 54% Mid-Market, 28% Enterprise


#### What Are Right-Hand Cybersecurity's Pros and Cons?

**Pros:**

- Customer Support (31 reviews)
- Ease of Use (23 reviews)
- Training (16 reviews)
- Helpful (15 reviews)
- Aware (8 reviews)

**Cons:**

- Inadequate Reporting (6 reviews)
- Limited Features (6 reviews)
- Phishing Issues (5 reviews)
- Integration Issues (4 reviews)
- Limited Customization (2 reviews)


### What Do G2 Reviewers Say About Right-Hand Cybersecurity?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highly value the **quick and professional customer support** provided by Right-Hand Cybersecurity, enhancing overall user experience.
- Users find Right-Hand Cybersecurity to be **extremely user-friendly** , making training and setup a breeze for everyone.
- Users appreciate the **engaging training modules** offered by Right-Hand Cybersecurity, enhancing knowledge and awareness in cybersecurity.
- Users appreciate the **dynamic phishing training** and easy-to-use features of Right-Hand Cybersecurity, enhancing overall security awareness.
- Users appreciate the **proactive approach** of Right-Hand Cybersecurity, enhancing client safety through prevention and collaboration.

**Cons:**

- Users note the **inadequate reporting** features of Right-Hand Cybersecurity, seeking more depth and advanced customization options.
- Users find the **limited automations and integrations** in Right-Hand Cybersecurity to be a drawback for enhanced functionality.
- Users suggest improving **PhishArm&#39;s resolution workflow** and visibility in dark mode for better user experience.
- Users face **integration issues** due to limited APIs and a lack of specific tool connections, affecting functionality.
- Users express concern over **limited customization** options in Right-Hand Cybersecurity, hindering adaptability to specific needs.

#### What Are Recent G2 Reviews of Right-Hand Cybersecurity?

**"[Human help for Human Risk](https://www.g2.com/survey_responses/right-hand-cybersecurity-review-10935784)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Primary/Secondary Education*

[Read full review](https://www.g2.com/survey_responses/right-hand-cybersecurity-review-10935784)

---

**"[Amazing Customer Success Team!](https://www.g2.com/survey_responses/right-hand-cybersecurity-review-12935468)"**

**Rating:** 5.0/5.0 stars
*— Charlize L.*

[Read full review](https://www.g2.com/survey_responses/right-hand-cybersecurity-review-12935468)

---


#### What Are G2 Users Discussing About Right-Hand Cybersecurity?

- [What is Right-Hand Cybersecurity used for?](https://www.g2.com/discussions/right-hand-cybersecurity-what-is-right-hand-cybersecurity-used-for)
- [What is Right-Hand Cybersecurity used for?](https://www.g2.com/discussions/what-is-right-hand-cybersecurity-used-for)

### 9. [RidgeBot](https://www.g2.com/products/ridgebot/reviews)
RidgeBot by Ridge Security is a leading agentic AI-driven offensive security platform, supporting continuous threat management programs. It enables CISOs to minimize cyber risks by continuously validating the cybersecurity posture and controls protecting attack surfaces against increasingly sophisticated and frequent attacks. RidgeBot automatically tests an organization’s entire IP-based environment, including network infrastructure, applications, websites, IoT, and OT, using ethical hacking techniques to pinpoint the most critical vulnerabilities. It&#39;s dynamic AI-powered decision-making supports DevSecOps, compliance, incident response verification, and custom attack simulations. RidgeBot maintains a library of over 36,000 plugins to launch complex penetration tests and attack simulations, with detailed reporting of results and remediation recommendations.


**Average Rating:** 4.5/5.0
**Total Reviews:** 98

**Who Is the Company Behind RidgeBot?**

- **Seller:** [Ridge Security Technology](https://www.g2.com/sellers/ridge-security-technology)
- **Company Website:** https://ridgesecurity.ai/
- **Year Founded:** 2020
- **HQ Location:** Santa Clara, California
- **Twitter:** @RidgeSecurityAI (1,291 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/ridge-security/ (47 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 51% Small-Business, 45% Mid-Market


#### What Are RidgeBot's Pros and Cons?

**Pros:**

- Ease of Use (12 reviews)
- Automation (11 reviews)
- Pentesting Efficiency (10 reviews)
- Vulnerability Identification (9 reviews)
- Efficiency (8 reviews)

**Cons:**

- Complex Setup (4 reviews)
- Complexity (3 reviews)
- Missing Features (3 reviews)
- Poor Customer Support (3 reviews)
- Poor Documentation (3 reviews)


### What Do G2 Reviewers Say About RidgeBot?
*AI-generated summary from verified user reviews*

**Pros:**

- Users love the **ease of use** of RidgeBot, making security validation simple and efficient with just a few clicks.
- Users value the **automation capabilities** of RidgeBot, streamlining penetration testing and enhancing security management effortlessly.
- Users praise RidgeBot for its **efficient pentesting automation** , saving time and providing clear, actionable security insights.
- Users value the **automated vulnerability identification** of RidgeBot, enhancing security testing efficiency and accuracy.
- Users value the **efficiency of RidgeBot** , as it automates testing and saves time while ensuring robust security checks.

**Cons:**

- Users find the **complex setup** process challenging, often requiring self-research due to insufficient documentation and support.
- Users find RidgeBot&#39;s initial **complexity in configuration** challenging, particularly with customized or legacy systems.
- Users note that there are **missing features** like improved API testing and customizable compliance templates for reporting.
- Users find the **poor customer support** of RidgeBot frustrating, often leaving them to troubleshoot issues independently.
- Users find the **poor documentation** unhelpful for beginners, making setup and usability more challenging than necessary.

#### What Are Recent G2 Reviews of RidgeBot?

**"[Powerful and Efficient, Although It Requires Manual Validations](https://www.g2.com/survey_responses/ridgebot-review-12940521)"**

**Rating:** 4.5/5.0 stars
*— Henry A.*

[Read full review](https://www.g2.com/survey_responses/ridgebot-review-12940521)

---

**"[Powerful Vulnerability Assessment and Remediation Capabilities](https://www.g2.com/survey_responses/ridgebot-review-12910247)"**

**Rating:** 5.0/5.0 stars
*— Daniel Felipe P.*

[Read full review](https://www.g2.com/survey_responses/ridgebot-review-12910247)

---



### 10. [Defendify All-In-One Cybersecurity Solution](https://www.g2.com/products/defendify-all-in-one-cybersecurity-solution/reviews)
Founded in 2017, Defendify is pioneering All-In-One Cybersecurity® for organizations with growing security needs, backed by experts offering ongoing guidance and support. Delivering multiple layers of protection, Defendify provides an all-in-one, easy-to-use platform designed to strengthen cybersecurity across people, process, and technology, continuously. With Defendify, organizations streamline cybersecurity assessments, testing, policies, training, detection, response &amp; containment in one consolidated and cost-effective cybersecurity solution. 3 layers, 13 solutions, 1 platform, including: • Managed Detection &amp; Response • Cyber Incident Response Plan • Cybersecurity Threat Alerts • Phishing Simulations • Cybersecurity Awareness Training • Cybersecurity Awareness Videos • Cybersecurity Awareness Posters &amp; Graphics • Technology Acceptable Use Policy • Cybersecurity Risk Assessments • Penetration Testing • Vulnerability Scanning • Compromised Password Scanning • Website Security Scanning See Defendify in action at www.defendify.com.


**Average Rating:** 4.7/5.0
**Total Reviews:** 57

**Who Is the Company Behind Defendify All-In-One Cybersecurity Solution?**

- **Seller:** [Defendify](https://www.g2.com/sellers/defendify)
- **Year Founded:** 2017
- **HQ Location:** Portland, Maine
- **Twitter:** @defendify (305 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/11098948/ (37 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 65% Small-Business, 35% Mid-Market


#### What Are Defendify All-In-One Cybersecurity Solution's Pros and Cons?

**Pros:**

- Ease of Use (8 reviews)
- Cybersecurity (6 reviews)
- Easy Setup (5 reviews)
- Insights (5 reviews)
- Monitoring (5 reviews)

**Cons:**

- Inadequate Reporting (4 reviews)
- Poor Reporting (4 reviews)
- Lack of Information (2 reviews)
- Limited Customization (2 reviews)
- Limited Features (2 reviews)


### What Do G2 Reviewers Say About Defendify All-In-One Cybersecurity Solution?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of implementation and integration** with other systems, enhancing overall cybersecurity management effortlessly.
- Users appreciate the **all-in-one cybersecurity solution** from Defendify, enhancing security and user awareness seamlessly.
- Users value the **easy setup** of Defendify, allowing quick implementation and integration with minimal hassle.
- Users value the **comprehensive training and proactive security insights** provided by Defendify&#39;s All-In-One Cybersecurity Solution.
- Users value the **comprehensive monitoring features** of Defendify, enhancing their cybersecurity posture effectively and efficiently.

**Cons:**

- Users find the **reporting inadequate** , noting a need for more concise and customizable reporting options.
- Users find the **poor reporting** of Defendify lacking custom options and concise formats for better communication.
- Users express a desire for **more concise reports** and detailed penetration testing steps in the Defendify solution.
- Users note the **limited customization options** , wishing for more tailored reporting and branding features for their organization.
- Users note the lack of **custom reporting options** , which limits personalization and future monitoring adaptability.

#### What Are Recent G2 Reviews of Defendify All-In-One Cybersecurity Solution?

**"[Comprehensive and robust protection](https://www.g2.com/survey_responses/defendify-all-in-one-cybersecurity-solution-review-10560878)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Computer &amp; Network Security*

[Read full review](https://www.g2.com/survey_responses/defendify-all-in-one-cybersecurity-solution-review-10560878)

---

**"[Perfect  Vulnerability Management for Software Companies](https://www.g2.com/survey_responses/defendify-all-in-one-cybersecurity-solution-review-10488301)"**

**Rating:** 4.5/5.0 stars
*— Akhil V.*

[Read full review](https://www.g2.com/survey_responses/defendify-all-in-one-cybersecurity-solution-review-10488301)

---


#### What Are G2 Users Discussing About Defendify All-In-One Cybersecurity Solution?

- [What is Defendify Cybersecurity Platform used for?](https://www.g2.com/discussions/what-is-defendify-cybersecurity-platform-used-for)

### 11. [Simulations Labs](https://www.g2.com/products/simulations-labs/reviews)
Simulations Labs is an ai-powered platform that enables organizations, educators, and security teams to create realistic, reusable, and scalable hands-on cybersecurity simulations—without complex setup or infrastructure. Fully Managed Hosting Without Infrastructure Overhead Organizations run CTFs and simulations without DevOps, server setup, or maintenance. No Worries About Attacks or Server Downtime Simulations Labs automatically manages security, monitoring, and uptime, even during large-scale events. Organizers don’t need to worry about servers being attacked, crashing, or going offline. Custom Simulation Creation with Dashboard Simulations Labs offers a dashboard that allows organizers to create and manage fully custom simulations. Each simulation provisions isolated environments for participants, supports web application challenges, and can include dynamic flags to prevent cheating AI-Powered Challenge Creation Unlike traditional platforms that require technical expertise, our AI-powered tools enable non-technical users to create simulations and challenges quickly and easily.


**Average Rating:** 4.8/5.0
**Total Reviews:** 10

**Who Is the Company Behind Simulations Labs?**

- **Seller:** [Simulations Labs](https://www.g2.com/sellers/simulations-labs)
- **HQ Location:** N/A
- **LinkedIn® Page:** https://www.linkedin.com/company/simulation-labs-linkedin/ (1 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of Simulations Labs?

**"[ASA Awareness CTFs Review](https://www.g2.com/survey_responses/simulations-labs-review-11772604)"**

**Rating:** 4.0/5.0 stars
*— Mubiito G.*

[Read full review](https://www.g2.com/survey_responses/simulations-labs-review-11772604)

---

**"[CTF Platform](https://www.g2.com/survey_responses/simulations-labs-review-11774124)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Computer &amp; Network Security*

[Read full review](https://www.g2.com/survey_responses/simulations-labs-review-11774124)

---



### 12. [Datto SaaS Defense](https://www.g2.com/products/datto-saas-defense/reviews)
SaaS Defense is an advanced threat protection [ATP] and spam filtering solution that detects zero-day threats. This means it identifies and prevents threats that competitive solutions are missing. It proactively defends against malware, phishing, and business email compromise (BEC) attacks that target Microsoft 365 including Exchange, OneDrive, SharePoint, and Teams. Benefits to MSPs ✔Close detection gaps: Proactively monitor, detect, and eliminate the unknown cyber threats that other solutions miss with data-independent technology. ✔ Go beyond email security: SaaS Defense protects from a range of malicious attacks across the Microsoft 365 suite, not just email. ✔ Improve your bottom line: This tool is a profit builder that can be used to attract new market share and triple MSP margins. ✔ Seamless deployment &amp; management: Get new clients up and running in minutes with two-click onboarding &amp; multi-tenant management. ✔ Easily demonstrate your value: robust reporting capabilities, that can be shared with clients, that articulate why a threat was identified as malicious. ✔ Multi-layered detection, protection and recovery for Microsoft 365 with complete SaaS Protection integration.


**Average Rating:** 4.2/5.0
**Total Reviews:** 12

**Who Is the Company Behind Datto SaaS Defense?**

- **Seller:** [Kaseya](https://www.g2.com/sellers/kaseya)
- **Year Founded:** 2000
- **HQ Location:** Miami, FL
- **Twitter:** @KaseyaCorp (17,411 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/kaseya/ (5,471 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 58% Small-Business, 33% Mid-Market



#### What Are Recent G2 Reviews of Datto SaaS Defense?

**"[Datto SaaS](https://www.g2.com/survey_responses/datto-saas-defense-review-10728884)"**

**Rating:** 4.0/5.0 stars
*— Aaron K.*

[Read full review](https://www.g2.com/survey_responses/datto-saas-defense-review-10728884)

---

**"[Very helpful, quiet is good no calls from clients](https://www.g2.com/survey_responses/datto-saas-defense-review-9591017)"**

**Rating:** 5.0/5.0 stars
*— Cary S.*

[Read full review](https://www.g2.com/survey_responses/datto-saas-defense-review-9591017)

---


#### What Are G2 Users Discussing About Datto SaaS Defense?

- [What is Datto SaaS Defense used for?](https://www.g2.com/discussions/what-is-datto-saas-defense-used-for)

### 13. [NetSPI](https://www.g2.com/products/netspi-2026-02-04/reviews)
NetSPI PTaaS is a type of penetration testing as a service (PTaaS) solution designed to help organizations identify and remediate vulnerabilities within their systems, applications, and networks. This service utilizes a combination of skilled professionals, established processes, and advanced AI technology to provide contextualized security outcomes in real time, all accessible through a unified platform. By addressing the limitations of traditional penetration testing methods, NetSPI PTaaS offers a more efficient and comprehensive approach to security assessments. This service is targeted at businesses of all sizes, from startups to large enterprises, making it particularly beneficial for security teams looking to enhance their vulnerability management strategies. NetSPI PTaaS caters to a variety of use cases, including application security assessments, infrastructure testing, and evaluations of emerging technologies such as artificial intelligence. With over 50 different types of penetration tests available, including traditional point in time testing and our continuous offerings, organizations can customize their security evaluations to meet specific needs, ensuring thorough coverage across all potential attack surfaces. A key feature of NetSPI PTaaS is its commitment to delivering real-time findings through a single platform. This capability allows security teams to receive immediate insights into vulnerabilities, enabling them to act swiftly to mitigate risks based on role and priority, managing testing in just a few clicks. The platform&#39;s integration capabilities enhance its usability, allowing organizations to seamlessly incorporate findings into their existing security workflows. This streamlined approach not only saves time but also ensures that remediation efforts are based on high-fidelity, manually validated findings, thus improving overall security effectiveness. The expertise of NetSPI&#39;s team of over 350 in-house security professionals is another significant differentiator. Their extensive experience and knowledge in the field of cybersecurity ensure that the testing methodologies employed are rigorous and consistent, uncovering vulnerabilities, exposures, and misconfigurations that may be overlooked by other solutions. This white-glove approach to penetration testing emphasizes the importance of manual validation, providing organizations with reliable and actionable insights that can significantly enhance their security posture. NetSPI PTaaS stands out in the realm of penetration testing services by combining expert human analysis with advanced AI technology, delivering timely and accurate results. This empowers organizations to strengthen their defenses against evolving cyber threats, ensuring that they remain resilient in an increasingly complex security landscape.


**Average Rating:** 4.9/5.0
**Total Reviews:** 13

**Who Is the Company Behind NetSPI?**

- **Seller:** [NetSPI](https://www.g2.com/sellers/netspi)
- **Company Website:** https://www.netspi.com
- **Year Founded:** 2001
- **HQ Location:** Minneapolis, MN
- **Twitter:** @NetSPI (4,041 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/netspi/ (568 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 46% Enterprise, 38% Mid-Market


#### What Are NetSPI's Pros and Cons?

**Pros:**

- Expertise (4 reviews)
- Team Quality (4 reviews)
- Communication (3 reviews)
- Ease of Use (3 reviews)
- Service Quality (3 reviews)

**Cons:**

- Difficult Navigation (1 reviews)
- False Positives (1 reviews)
- Information Management (1 reviews)
- Lack of Detail (1 reviews)
- Lack of Information (1 reviews)


### What Do G2 Reviewers Say About NetSPI?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **expertise** of NetSPI, praising their exceptional penetration testing and project management capabilities.
- Users commend the **top-notch quality of the NetSPI team** for their exceptional support and effective engagement.
- Users appreciate the **effective communication** with NetSPI, ensuring clarity and transparency throughout their assessments.
- Users value the **ease of use** of NetSPI, appreciating the simple interface and effective communication tools.
- Users commend NetSPI for their **exceptional service quality** , highlighting strong leadership and effective communication throughout engagements.

**Cons:**

- Users find the **difficult navigation** of NetSPI&#39;s interface to be a significant challenge in their workflow.
- Users experience **false positives** in vulnerability reports, leading to confusion about impacted devices.
- Users experience **confusion regarding impacted devices** on vulnerability reports, which affects clarity and response strategies.
- Users find a **lack of detail** in vulnerability reports regarding impacted devices, leading to confusion and uncertainty.
- Users face a **lack of information** regarding device impact on vulnerability reports, leading to confusion and uncertainty.

#### What Are Recent G2 Reviews of NetSPI?

**"[Attentive, Knowledgeable NetSPI Specialists with a Truly Human Touch](https://www.g2.com/survey_responses/netspi-review-12678851)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Transportation/Trucking/Railroad*

[Read full review](https://www.g2.com/survey_responses/netspi-review-12678851)

---

**"[Exceptional Pentesting and Seamless Collaboration](https://www.g2.com/survey_responses/netspi-review-12705364)"**

**Rating:** 4.5/5.0 stars
*— Jake B.*

[Read full review](https://www.g2.com/survey_responses/netspi-review-12705364)

---



### 14. [Reflex Security](https://www.g2.com/products/reflex-security/reviews)
Reflex Security builds real incident response readiness through AI-driven tabletop exercises that adapt in real time to your team&#39;s decisions. The platform generates hyper-customized scenarios in minutes by researching your actual tech stack, industry, and threat landscape from public data. Every exercise is tailored to your organization, not pulled from a generic template. Exercises fight back. AI adversaries respond dynamically to participant decisions, creating realistic pressure and unpredictable outcomes that keep teams engaged throughout. An AI facilitator can join Zoom, Google Meet, or Teams to guide discussion, capture notes, and challenge individuals with role-specific questions. After each exercise, Reflex generates audit-ready reports with performance analytics and remediation guidance designed to support compliance requirements such as SOC 2, ISO 27001, and cyber insurance requirements. Built for CISOs and MSSPs who want to run tabletop exercises frequently at a fraction of the prep time and cost of traditional facilitated sessions.


**Average Rating:** 5.0/5.0
**Total Reviews:** 4

**Who Is the Company Behind Reflex Security?**

- **Seller:** [Reflex Security](https://www.g2.com/sellers/reflex-security)
- **Year Founded:** 2025
- **HQ Location:** Los Angeles, US
- **LinkedIn® Page:** https://www.linkedin.com/company/reflexsecurity/ (5 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 75% Small-Business, 25% Enterprise



#### What Are Recent G2 Reviews of Reflex Security?

**"[Real time tabletop simulator](https://www.g2.com/survey_responses/reflex-security-review-12609729)"**

**Rating:** 5.0/5.0 stars
*— Jared M.*

[Read full review](https://www.g2.com/survey_responses/reflex-security-review-12609729)

---

**"[Reflex Raises the Bar on Tabletop Exercises](https://www.g2.com/survey_responses/reflex-security-review-12577737)"**

**Rating:** 5.0/5.0 stars
*— Lee C.*

[Read full review](https://www.g2.com/survey_responses/reflex-security-review-12577737)

---



### 15. [Infection Monkey](https://www.g2.com/products/infection-monkey/reviews)
By deploying the Infection Monkey as an ongoing testing solution, you can verify the security baseline of your network and achieve full network coverage.


**Average Rating:** 4.8/5.0
**Total Reviews:** 3

**Who Is the Company Behind Infection Monkey?**

- **Seller:** [GuardiCore](https://www.g2.com/sellers/guardicore)
- **HQ Location:** Cambridge, US
- **Twitter:** @GuardiCore (2,636 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/akamai-technologies/ (10,201 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market



#### What Are Recent G2 Reviews of Infection Monkey?

**"[Best Open Source Breach and Attack Simulation tool](https://www.g2.com/survey_responses/infection-monkey-review-5232218)"**

**Rating:** 4.5/5.0 stars
*— Satykam A.*

[Read full review](https://www.g2.com/survey_responses/infection-monkey-review-5232218)

---

**"[Best Breach and attack Simulation Tool](https://www.g2.com/survey_responses/infection-monkey-review-5277995)"**

**Rating:** 5.0/5.0 stars
*— Trilok A.*

[Read full review](https://www.g2.com/survey_responses/infection-monkey-review-5277995)

---


#### What Are G2 Users Discussing About Infection Monkey?

- [What is Infection Monkey used for?](https://www.g2.com/discussions/what-is-infection-monkey-used-for)

### 16. [Atrapa](https://www.g2.com/products/atrapa/reviews)
The all-in-one platform to capture, convert, and retain customers across every messaging channel.


**Average Rating:** 5.0/5.0
**Total Reviews:** 2

**Who Is the Company Behind Atrapa?**

- **Seller:** [Atrapa](https://www.g2.com/sellers/atrapa)
- **HQ Location:** N/A
- **LinkedIn® Page:** https://www.linkedin.com/company/atrapa/ (1 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 50% Mid-Market, 50% Small-Business



#### What Are Recent G2 Reviews of Atrapa?

**"[Ergonomic Interface and Smooth Navigation with Real Utility](https://www.g2.com/survey_responses/atrapa-review-12650302)"**

**Rating:** 5.0/5.0 stars
*— Taha E.*

[Read full review](https://www.g2.com/survey_responses/atrapa-review-12650302)

---

**"[Strong Value Proposition and Smooth Omnichannel Experience](https://www.g2.com/survey_responses/atrapa-review-12639541)"**

**Rating:** 5.0/5.0 stars
*— Aymane A.*

[Read full review](https://www.g2.com/survey_responses/atrapa-review-12639541)

---



### 17. [RADAR™](https://www.g2.com/products/mazebolt-technologies-radar/reviews)
MazeBolt RADAR is a patented DDoS Vulnerability Management solution. Using thousands of non-disruptive DDoS attack simulations and without affecting online services, RADAR identifies and enables the remediation of vulnerabilities in deployed DDoS protection solutions.


**Average Rating:** 4.3/5.0
**Total Reviews:** 2

**Who Is the Company Behind RADAR™?**

- **Seller:** [MazeBolt Technologies](https://www.g2.com/sellers/mazebolt-technologies)
- **Year Founded:** 2013
- **HQ Location:** Ramat Gan, IL
- **LinkedIn® Page:** https://www.linkedin.com/company/mazebolt-technologies (33 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of RADAR™?

**"[Groundbreaking tech  that offers Proactive Mitigation Intelligence to eliminate DDoS vulns.](https://www.g2.com/survey_responses/radar-review-7858847)"**

**Rating:** 5.0/5.0 stars
*— Jim K.*

[Read full review](https://www.g2.com/survey_responses/radar-review-7858847)

---



### 18. [AttackIQ Platform](https://www.g2.com/products/attackiq-platform/reviews)
AttackIQ is the industry’s leading Continuous Threat Exposure Management (CTEM) platform, enabling organizations to measure true exposure, prioritize risk, and disrupt real-world attack paths. By moving beyond static vulnerability data, AttackIQ operationalizes CTEM by continuously validating exposures against real adversary behavior and defensive controls. The platform connects vulnerabilities, configurations, identities, and detections into adversary-validated attack paths—quantifying the likelihood of attacker movement and impact. This evidence-based approach empowers security leaders to focus on what matters most, optimize defensive investments, and strengthen resilience through threat-informed, AI-driven security operations. The company is committed to supporting its MSSP partners with a Flexible Preactive Partner Program that provides turn-key solutions, empowering them to elevate client security. AttackIQ is passionate about giving back to the cybersecurity community through its free award-winning AttackIQ Academy and founding research partnership with MITRE Center for Threat-Informed Defense.


**Average Rating:** 4.5/5.0
**Total Reviews:** 1

**Who Is the Company Behind AttackIQ Platform?**

- **Seller:** [AttackIQ](https://www.g2.com/sellers/attackiq)
- **Year Founded:** 2013
- **HQ Location:** Los Altos, US
- **Twitter:** @AttackIQ (7,101 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/attackiq (168 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market



#### What Are Recent G2 Reviews of AttackIQ Platform?

**"[Great Cybersecurity platform](https://www.g2.com/survey_responses/attackiq-platform-review-10656745)"**

**Rating:** 4.5/5.0 stars
*— Shah F.*

[Read full review](https://www.g2.com/survey_responses/attackiq-platform-review-10656745)

---



### 19. [CyBot](https://www.g2.com/products/cybot/reviews)
CyBot is a next-generation vulnerability management tool as well as the world first Automated pen testing solution, that continuously showcases validated, global, multi-vector, Attack Path Scenarios (APS), so you can focus your time and resources on those vulnerabilities that threaten your critical assets and business processes. CyBot has one core engine: CyBot Pro, plus two additional management consoles. One for Enterprises and one for MSSPs.


**Average Rating:** 4.5/5.0
**Total Reviews:** 1

**Who Is the Company Behind CyBot?**

- **Seller:** [Cronus-Cyber](https://www.g2.com/sellers/cronus-cyber)
- **Year Founded:** 2014
- **HQ Location:** Haifa, IL
- **Twitter:** @CronusCyber (97 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/10337915 (6 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of CyBot?

**"[Checking GDPR compliance of website with cookies](https://www.g2.com/survey_responses/cybot-review-7553573)"**

**Rating:** 4.5/5.0 stars
*— Etornam K.*

[Read full review](https://www.g2.com/survey_responses/cybot-review-7553573)

---



### 20. [FourCore ATTACK](https://www.g2.com/products/fourcore-attack/reviews)
FourCore ATTACK provides a comprehensive view of security effectiveness by validating controls with realistic attacks. • Identify gaps in endpoint, email and network security controls before real attackers do • Continuously test defenses in production without disrupting users or IT operations • Focus internal red teams on high value assets while FourCore ATTACK covers routine controls testing • Give blue teams real attack data to improve threat detection and response capabilities • Enable security and IT teams to make effective risk-based security decisions FourCore ATTACK is backed by FourCore&#39;s advanced adversary emulation technology. Emulate threats consistently and realistically, to make sure you can defend against the script kiddies and advanced APTs alike.


**Average Rating:** 3.5/5.0
**Total Reviews:** 1

**Who Is the Company Behind FourCore ATTACK?**

- **Seller:** [FourCore](https://www.g2.com/sellers/fourcore)
- **Year Founded:** 2021
- **HQ Location:** New Delhi, IN
- **LinkedIn® Page:** https://www.linkedin.com/company/fourcorelabs (12 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business





### 21. [OpenAEV by Filigran](https://www.g2.com/products/openaev-by-filigran/reviews)
OpenAEV (formerly OpenBAS) Community Edition (CE) is the free base platform, while the Enterprise Edition (EE) is a commercial license upgrade that provides powerful AI-driven features and automation for faster, more contextual scenario creation and remediation actions. Convert threat/exposure data into validated, actionable security outcomes with industry’s first open-source, threat-informed AEV platform. - Unified Threat Context: Know what you need to defend against - Proactive Defense: Emulate real-world attacks to see how your defenses hold up - Adaptable interface: Customize for your use case – validate tools, people &amp; processes - Accelerated Time-to-Remediation: Quickly detect and fix vulnerabilities


**Average Rating:** 4.5/5.0
**Total Reviews:** 1

**Who Is the Company Behind OpenAEV by Filigran?**

- **Seller:** [Filigran](https://www.g2.com/sellers/filigran)
- **Company Website:** https://filigran.io/
- **Year Founded:** 2022
- **HQ Location:** New York, US
- **Twitter:** @FiligranHQ (841 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/filigran (250 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market



#### What Are Recent G2 Reviews of OpenAEV by Filigran?

**"[OBAS - Conduct Crisis Exercises](https://www.g2.com/survey_responses/openaev-by-filigran-review-11012215)"**

**Rating:** 4.5/5.0 stars
*— Margaux M.*

[Read full review](https://www.g2.com/survey_responses/openaev-by-filigran-review-11012215)

---



### 22. [SafeBreach](https://www.g2.com/products/safebreach/reviews)
SafeBreach is the only enterprise-grade Adversarial Exposure Validation (AEV) platform that simulates attacker behavior both before and after a breach—validating not just whether defenses fail, but how far an attacker could go and what they could impact. Our dual-engine platform combines breach and attack simulation (Validate) with live, attack path validation (Propagate), using real credential harvesting, lateral movement, and EDR bypass to reveal the blast radius of an attack. SafeBreach Validate is an award-winning breach and attack simulation (BAS) tool that uses patented technology to test the efficacy of deployed security controls against real-world threats. Leveraging the tactics, techniques, and procedures (TTPs) used by malicious actors, Validate automates adversarial attacks to help you continuously test your defenses, understand and limit your exposure, reduce your attack surface and improve security posture, and accelerate remediation. SafeBreach Propagate is the enterprise-grade automated penetration testing and attack path validation tool that emulates lateral movement, privilege escalation, and credential harvesting within the network—safely, automatically, and continuously—to help security teams understand potential post-breach impact. SafeBreach Propagate allows you to uncover high-risk paths to critical organizational assets, identify security gaps and strengths, prioritize remediation activities, and streamline communication with key stakeholders using built-in reports and dashboards. These dashboards distill data into business-ready metrics: breach likelihood, control failure rates, and remediation priorities—aligned to frameworks like MITRE ATT&amp;CK, NIST CSF, DORA, and NIS2. With 30,000+ threat actions and a 24-hour SLA on CISA alerts, we help security teams walk into board meetings with clarity, credibility, and proof. Powered by SafeBreach Labs, and the industry’s largest threat library, we help teams continuously prove and improve their cyber readiness at enterprise scale.


**Average Rating:** 4.5/5.0
**Total Reviews:** 1

**Who Is the Company Behind SafeBreach?**

- **Seller:** [SafeBreach](https://www.g2.com/sellers/safebreach)
- **Year Founded:** 2014
- **HQ Location:** Sunnyvale, California, United States
- **Twitter:** @safebreach (2,504 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/safebreach/ (135 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of SafeBreach?

**"[SafeBreach is highly regarded for its accuracy in replicating real-world attack scenarios.](https://www.g2.com/survey_responses/safebreach-review-10462957)"**

**Rating:** 4.5/5.0 stars
*— Tarun D.*

[Read full review](https://www.g2.com/survey_responses/safebreach-review-10462957)

---



### 23. [SCYTHE](https://www.g2.com/products/scythe-scythe/reviews)
SCYTHE is an adversary emulation platform (BAS+) catering to the commercial, government, and cybersecurity consulting market. The SCYTHE platform empowers Red, Blue, and Purple teams to swiftly construct and simulate real-world attacks. SCYTHE serves as a robust proactive security tool for scrutinizing detective and preventive controls across multiple communication vectors. Through SCYTHE, with its prepackaged action/behavior logic and threat intelligence, organizations can maintain a continuous evaluation of their risk profile, prioritize vulnerabilities, and take action against threats that matter.


**Average Rating:** 4.5/5.0
**Total Reviews:** 1

**Who Is the Company Behind SCYTHE?**

- **Seller:** [SCYTHE](https://www.g2.com/sellers/scythe)
- **Company Website:** https://www.scythe.io/
- **Year Founded:** 2017
- **HQ Location:** Columbia, US
- **Twitter:** @scythe_io (6,863 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/scythe_io (33 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market



#### What Are Recent G2 Reviews of SCYTHE?

**"[Purple Teaming for the People](https://www.g2.com/survey_responses/scythe-review-9341251)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Banking*

[Read full review](https://www.g2.com/survey_responses/scythe-review-9341251)

---



### 24. [SimLight](https://www.g2.com/products/simlight/reviews)
SimLight by Thawd is an advanced Breach and Attack Simulation solution designed to deploy in minutes and continuously validate your security controls by simulating realistic attacker behaviors. SimLight provides comprehensive visibility into your organization&#39;s security posture, empowering proactive defense against real-world threats.


**Average Rating:** 5.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind SimLight?**

- **Seller:** [Thawd Security](https://www.g2.com/sellers/thawd-security)
- **HQ Location:** Ryiadh, SA
- **LinkedIn® Page:** https://www.linkedin.com/company/thawd-security/ (7 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Enterprise



#### What Are Recent G2 Reviews of SimLight?

**"[The Smartest Way to Stay Ahead of Cyber Threats](https://www.g2.com/survey_responses/simlight-review-12643966)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Government Administration*

[Read full review](https://www.g2.com/survey_responses/simlight-review-12643966)

---



### 25. [Validato - Continuous Security Validation Platform](https://www.g2.com/products/validato-continuous-security-validation-platform/reviews)
Validato is a leading Continuous Security Controls Validation platform designed to empower modern security teams to definitively prove their cyber resilience. As a pioneer in the Adversarial Exposure Validation (AEV) and Breach &amp; Attack Simulation (BAS) market, Validato provides an automated, evidence-based approach to identifying hidden misconfigurations and security gaps within live production environments. Why Validato? In an era of evolving regulations like DORA and NIS2, and board-level concerns such as Ransomware, traditional annual penetration testing and static vulnerability scans are no longer sufficient. Validato transforms security from a &quot;check-box&quot; exercise into a proactive, continuous strategy for operational resilience. Threat-Informed Defence: We safely simulate the methods cyber adversaries use to manipulate standard features and over-privileged users across Windows, Linux, and Mac environments. MITRE ATT&amp;CK® Alignment: Unlike tools that merely emulate Indicators of Compromise (IOCs), Validato directly tests the specific MITRE ATT&amp;CK Techniques exploited by threat actors to validate the actual effectiveness of your detection and protection capabilities. Safe for Production: Our simulations are engineered to be non-disruptive, allowing for continuous validation without risk to critical business operations. Actionable Remediation: We move beyond identifying issues by providing clear, guided hardening steps based on the Principle of Least Privilege, helping you strategically reduce your attack surface. Key Outcomes for Security Leaders CISOs &amp; Risk Teams: Access impartial, fact-based data to demonstrate cyber resilience to the Board and meet strict regulatory compliance mandates (DORA, NIS2, ISO 27001). SOC &amp; Security Engineering: Optimise the ROI of existing security investments, such as EDR and SIEM tools, by validating log data fidelity and fine-tuning threat detection. Red Teams: Scale testing efficiency by automating repetitive TTP testing, freeing expert resources to focus on complex, high-value adversarial emulations. Deploy in Minutes, Validate Forever Validato is a cloud-based SaaS platform that can be operational within 30 minutes. By providing a continuous feedback loop on security effectiveness, Validato helps organisations shift from reactive defence to a proactive, resilient security posture.


**Average Rating:** 4.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind Validato - Continuous Security Validation Platform?**

- **Seller:** [Validato](https://www.g2.com/sellers/validato)
- **Year Founded:** 2021
- **HQ Location:** London, GB
- **LinkedIn® Page:** https://www.linkedin.com/company/validato/ (10 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market


#### What Are Validato - Continuous Security Validation Platform's Pros and Cons?

**Pros:**

- Features (1 reviews)
- Reliability (1 reviews)

**Cons:**

- Lack of Training (1 reviews)


### What Do G2 Reviewers Say About Validato - Continuous Security Validation Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend Validato for its **superior continuous system validation and simulation services** , enhancing their firm&#39;s security practices.
- Users value the **top-notch continuous system validation** services of Validato, enhancing their firm&#39;s security and efficiency.

**Cons:**

- Users indicate a need for **more comprehensive training** to effectively onboard new users to Validato.

#### What Are Recent G2 Reviews of Validato - Continuous Security Validation Platform?

**"[Validato&#39;s Services are unparalleled!](https://www.g2.com/survey_responses/validato-continuous-security-validation-platform-review-10651067)"**

**Rating:** 4.0/5.0 stars
*— Shah F.*

[Read full review](https://www.g2.com/survey_responses/validato-continuous-security-validation-platform-review-10651067)

---




## What Is Breach and Attack Simulation (BAS) Software?

[System Security Software](https://www.g2.com/categories/system-security)

## What Software Categories Are Similar to Breach and Attack Simulation (BAS) Software?

- [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)


---
## What Are the Most Common Questions About Breach and Attack Simulation (BAS) Software?
*AI-generated · Last updated: June  3, 2026*
### Which Breach And Attack Simulation BAS vendors provide strong implementation guidance for team adoption
Based on G2 reviews, these BAS vendors are most often praised for onboarding, setup, and guidance.

- [Picus Security](https://www.g2.com/products/picus-security) — onboarding help and vendor-specific remediation.
- [Cymulate](https://www.g2.com/products/cymulate) — easy setup with actionable mitigation guidance.
- [Right-Hand Cybersecurity](https://www.g2.com/products/right-hand-cybersecurity) — hands-on support for campaigns and rollout.
- [RidgeBot](https://www.g2.com/products/ridgebot) — straightforward setup with validated findings.


### Breach And Attack Simulation BAS solutions combining ease of use with advanced integration capabilities
According to verified users, BAS buyers often look for a balance between fast deployment and meaningful integrations with the rest of the security stack. In recent G2 reviews, that combination shows up in mentions of intuitive dashboards, simple setup, and the ability to connect with SIEM, EDR, XDR, firewalls, web application firewalls, and other existing controls. Reviewers value platforms that make simulations easy to run without heavy operational overhead, while still helping teams validate logs, isolate which control blocked an attack, and turn findings into remediation steps. Integration breadth matters most when it improves visibility, reduces manual testing, and supports continuous validation across multiple layers of defense.


### Most reliable Breach And Attack Simulation BAS platforms proven by long-term enterprise deployments
Based on G2 reviews, these BAS platforms appear most often in feedback describing dependable use in ongoing programs.

- [Picus Security](https://www.g2.com/products/picus-security) — continuous validation across enterprise security controls.
- [Cymulate](https://www.g2.com/products/cymulate) — recurring assessments with broad control coverage.
- [Right-Hand Cybersecurity](https://www.g2.com/products/right-hand-cybersecurity) — sustained phishing and awareness program management.
- [Adaptive Security](https://www.g2.com/products/adaptive-security) — ongoing simulations and training at scale.


### What are the most important features in bas tools
According to verified users, the most important features in bas tools are realistic attack simulation, continuous validation, and clear remediation guidance. Recent reviews also emphasize broad threat libraries, support for MITRE-aligned scenarios, and reporting that helps both technical teams and leadership understand gaps. Buyers repeatedly mention integration with SIEM, EDR, XDR, firewalls, and web security tools as a priority because it helps confirm whether controls are detecting or blocking attacks as expected. Ease of setup and ease of use also matter because teams want to run assessments regularly, not just occasionally. The strongest products help teams find misconfigurations, validate detections, prioritize fixes, and keep security programs proactive instead of reactive.


### How do teams use Breach and Attack Simulation (BAS) for remediation guidance
G2 reviewers mention that teams use BAS to move from identifying gaps to fixing them faster. In recent reviews, users describe running attack simulations to expose weak points across endpoint, network, email, web, and broader security controls, then using the resulting guidance to tune configurations, improve detection rules, and prioritize remediation work. Some reviewers specifically value vendor-specific or easy-to-apply recommendations because they reduce guesswork for analysts and administrators. Others highlight retesting after changes to confirm that fixes actually worked. For buyers, the practical value of BAS is not just finding exposure, but making remediation more measurable, repeatable, and aligned with how real attacks would interact with existing defenses.



