# Best Breach and Attack Simulation (BAS) Software *By [Brandon Summers-Miller](https://research.g2.com/insights/author/brandon-summers-miller)* Breach and attack simulation (BAS) software is used to mimic real-world security threats to help businesses prepare incident response plans and discover potential vulnerabilities in their security systems. These simulated attacks might send fake phishing attacks to employees or attempt a cyberattack on a company’s [web application firewall](https://www.g2.com/categories/web-application-firewall-waf). Many tools even provide automated simulations with AI-based threat logic and continuous testing to ensure teams are always prepared to properly handle security incidents. Most of these simulations are available at all times. Many businesses use them periodically as updates are made to security systems or security policies are changed. Without simulated attacks, it can be difficult to assess the efficacy of security operations; customized simulations can mimic various threats to different surface areas or within unique environments to help businesses prepare and evaluate their defense against all kinds of multivector threats. Breach and attack simulation software tools are typically capable of performing [penetration tests](https://www.g2.com/categories/penetration-testing) or simulate attacks similar to some [dynamic application security testing](https://www.g2.com/categories/dynamic-application-security-testing-dast) tools and [vulnerability scanners](https://www.g2.com/categories/vulnerability-scanner). But most of those solutions only mimic a single kind of threat and are not continuously available. They also do not provide the same outcome details and report on vulnerabilities and security posture to the same degree of BAS solutions. To qualify for inclusion in the Breach and Attack Simulation (BAS) software category, a product must: - Deploy threats targeting various attack surfaces - Simulate both cyberattacks and data breaches - Quantify risk and evaluate security posture based on attack response - Provide remediation process guidance and improvement suggestions ## Category Overview **Total Products under this Category:** 53 ## Trust & Credibility Stats **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 1,100+ Authentic Reviews - 53+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Best Breach and Attack Simulation (BAS) Software At A Glance - **Leader:** [Picus Security](https://www.g2.com/products/picus-security/reviews) - **Easiest to Use:** [Cymulate](https://www.g2.com/products/cymulate/reviews) - **Top Trending:** [Pentera](https://www.g2.com/products/pentera/reviews) - **Best Free Software:** [Picus Security](https://www.g2.com/products/picus-security/reviews) --- **Sponsored** ### Picus Security Picus Security is the pioneer of Breach and Attack Simulation (BAS) and Adversarial Exposure Validation (AEV). The Picus Security Validation Platform unifies exposure assessment, security control validation, and exposure validation to help organizations continuously measure and reduce real cyber risk. By safely simulating real-world attacks across network, endpoint, and cloud, Picus quantifies security control effectiveness and provides a transparent Exposure Score, revealing the \<2% of vulnerabilities still exploitable and instantly deprioritizing the rest. This validation-led approach enables teams to cut patch backlogs by 86%, reduce MTTR from 74 to 14 days, and strengthen operational resilience. Trusted globally and rated 98% willingness to recommend on Gartner Peer Insights™, Picus empowers organizations to pinpoint exploitable risks, close gaps faster, continuously validate cyber readiness, and sustain proven resilience. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=2047&secure%5Bdisplayable_resource_id%5D=2047&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=2047&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=56073&secure%5Bresource_id%5D=2047&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fbreach-and-attack-simulation-bas&secure%5Btoken%5D=74b491b678e5a22f76cabefe9873cd862844f44ee8b2ed8de7600f7f8ac7064d&secure%5Burl%5D=https%3A%2F%2Fwww.picussecurity.com%2Fschedule-demo%3Futm_source%3Dg2%26utm_medium%3Dpaidsocial%26utm_campaign%3Dpicus_profile_promo&secure%5Burl_type%5D=book_demo) --- ## Top-Rated Products (Ranked by G2 Score) ### 1. [Picus Security](https://www.g2.com/products/picus-security/reviews) Picus Security is the pioneer of Breach and Attack Simulation (BAS) and Adversarial Exposure Validation (AEV). The Picus Security Validation Platform unifies exposure assessment, security control validation, and exposure validation to help organizations continuously measure and reduce real cyber risk. By safely simulating real-world attacks across network, endpoint, and cloud, Picus quantifies security control effectiveness and provides a transparent Exposure Score, revealing the \<2% of vulnerabilities still exploitable and instantly deprioritizing the rest. This validation-led approach enables teams to cut patch backlogs by 86%, reduce MTTR from 74 to 14 days, and strengthen operational resilience. Trusted globally and rated 98% willingness to recommend on Gartner Peer Insights™, Picus empowers organizations to pinpoint exploitable risks, close gaps faster, continuously validate cyber readiness, and sustain proven resilience. **Average Rating:** 4.8/5.0 **Total Reviews:** 229 **Seller Details:** - **Seller:** [Picus Security](https://www.g2.com/sellers/picus-security) - **Company Website:** https://www.picussecurity.com - **Year Founded:** 2013 - **HQ Location:** San Francisco, California - **Twitter:** @PicusSecurity (2,911 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/picus-security/ (306 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Cyber Security Specialist, Cyber Security Engineer - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 38% Enterprise, 37% Mid-Market #### Pros & Cons **Pros:** - Simulation (114 reviews) - Ease of Use (75 reviews) - Continuous Validation (63 reviews) - Actionable Insights (58 reviews) - Integration (55 reviews) **Cons:** - Reporting Limitations (44 reviews) - Integration Issues (32 reviews) - Steep Learning Curve (28 reviews) - Complex Setup (26 reviews) - Limited Customization (21 reviews) ### 2. [Cymulate](https://www.g2.com/products/cymulate/reviews) Cymulate is a leading on-prem and cloud-based Security Validation and Exposure Management Platform leveraging the industry's most comprehensive and user-friendly Breach and Attack Simulation technology. We empower security teams to prioritize remediation by continuously testing and harden defenses against immediate threats from the attacker's point of view. Cymulate deploys within an hour, integrating with a vast tech alliance of security controls, from EDR, to email gateways, web gateways, SIEM, WAF and more across hybrid, on-premise, cloud and Kubernetes environments. Customers see increased prevention, detection and improvement to overall security posture from optimizing their existing defense investments end-to-end across the MITRE ATT&CK® framework. The platform provides out-of-the-box, expert, and threat intelligence-led risk assessments that are simple to deploy and use for all maturity levels, and are constantly updated. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies. **Average Rating:** 4.9/5.0 **Total Reviews:** 175 **Seller Details:** - **Seller:** [Cymulate](https://www.g2.com/sellers/cymulate) - **Company Website:** https://www.cymulate.com - **Year Founded:** 2016 - **HQ Location:** Holon, Israel - **Twitter:** @CymulateLtd (1,086 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/cymulate (251 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Analyst, Cyber Security Engineer - **Top Industries:** Financial Services, Banking - **Company Size:** 56% Enterprise, 42% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (73 reviews) - Security (41 reviews) - Vulnerability Identification (41 reviews) - Features (39 reviews) - Customer Support (33 reviews) **Cons:** - Improvement Needed (12 reviews) - Integration Issues (10 reviews) - Reporting Issues (8 reviews) - Complexity (6 reviews) - Inefficient Alert System (6 reviews) ### 3. [Adaptive Security](https://www.g2.com/products/adaptive-security/reviews) Adaptive Security is OpenAI’s investment for AI cyber threats. The company was founded in 2024 by serial entrepreneurs Brian Long and Andrew Jones. Adaptive has raised $50M+ from investors like OpenAI, a16z and executives at Google Cloud, Fidelity, Plaid, Shopify, and other leading companies. Adaptive protects customers from AI-powered cyber threats like deepfakes, vishing, smishing, and email spear phishing with its next-generation security awareness training and AI phishing simulation platform. With Adaptive, security teams can prepare employees for advanced threats with incredible, highly customized training content that is personalized for employee role and access levels, features open-source intelligence about their company, and includes amazing deepfakes of their own executives. Employees can take Adaptive training across mobile or desktop, and workforces rate Adaptive’s security awareness content an incredible 4.9/5 stars on average. Customers can measure the success of their training program over time with AI-powered phishing simulations. Hyper-realistic deepfake, voice, SMS, and email phishing tests assess risk levels across all threat vectors, including emerging surfaces like employee mobile devices. Adaptive simulations are powered by an AI open-source intelligence engine that gives clients visibility into how their company's digital footprint can be leveraged by cybercriminals. Today, Adaptive’s customers include leading global organizations like Figma, The Dallas Mavericks, BMC Software, and Stone Point Capital. The company has a world class NPS score of 94, among the highest in cybersecurity. To get an interactive self-guided preview of Adaptive’s platform, or talk to our team, visit https://www.adaptivesecurity.com. **Average Rating:** 4.9/5.0 **Total Reviews:** 75 **Seller Details:** - **Seller:** [Adaptive Security](https://www.g2.com/sellers/adaptive-security) - **Company Website:** https://www.adaptivesecurity.com - **Year Founded:** 2024 - **HQ Location:** New York, US - **LinkedIn® Page:** https://www.linkedin.com/company/adaptivesecurity (180 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Financial Services, Computer Software - **Company Size:** 68% Mid-Market, 19% Enterprise #### Pros & Cons **Pros:** - Training (22 reviews) - Ease of Use (18 reviews) - Customer Support (13 reviews) - Easy Implementation (11 reviews) - Awareness Increase (10 reviews) **Cons:** - Limited Customization (5 reviews) - Group Management (3 reviews) - Inadequate Reporting (2 reviews) - Integration Issues (2 reviews) - Learning Curve (2 reviews) ### 4. [Sophos PhishThreat](https://www.g2.com/products/sophos-phishthreat/reviews) Sophos Phish Threat is a cloud-based security awareness training and phishing simulation platform designed to educate employees on identifying and responding to phishing attacks. By simulating realistic phishing scenarios and providing interactive training modules, it helps organizations strengthen their human firewall against cyber threats. Key Features and Functionality: - Realistic Phishing Simulations: Offers hundreds of customizable templates that mimic real-world phishing attacks, enabling organizations to test and improve employee vigilance. - Automated Training Modules: Provides over 30 interactive training courses covering security and compliance topics, automatically enrolling users who fall for simulated attacks. - Comprehensive Reporting: Delivers actionable insights through intuitive dashboards, tracking user susceptibility, training progress, and overall organizational risk levels. - Multi-Language Support: Available in nine languages, ensuring accessibility for diverse workforces. - Seamless Integration: Integrates with Sophos Central, allowing unified management alongside other security solutions like email and endpoint protection. Primary Value and Problem Solved: Sophos Phish Threat addresses the critical challenge of human error in cybersecurity by transforming employees into proactive defenders against phishing attacks. By combining realistic simulations with targeted training, it reduces the likelihood of successful phishing attempts, thereby enhancing the organization's overall security posture and minimizing the risk of data breaches and financial loss. **Average Rating:** 4.3/5.0 **Total Reviews:** 22 **Seller Details:** - **Seller:** [Sophos](https://www.g2.com/sellers/sophos) - **Year Founded:** 1985 - **HQ Location:** Oxfordshire - **Twitter:** @Sophos (36,757 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5053/ (5,561 employees on LinkedIn®) - **Ownership:** LSE:SOPH **Reviewer Demographics:** - **Top Industries:** Computer & Network Security - **Company Size:** 57% Mid-Market, 30% Small-Business ### 5. [Pentera](https://www.g2.com/products/pentera/reviews) Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale. Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited. Its customers include Casey's General Stores, Emeria, LuLu International Exchange, IP Telecom PT, BrewDog, City National Bank, Schmitz Cargobull, and MBC Group. Pentera is backed by leading investors such as K1 Investment Management, Insight Partners, Blackstone, Evolution Equity Partners, and AWZ. Visit https://pentera.io for more information. **Average Rating:** 4.5/5.0 **Total Reviews:** 141 **Seller Details:** - **Seller:** [Pentera](https://www.g2.com/sellers/pentera) - **Company Website:** https://pentera.io/ - **Year Founded:** 2015 - **HQ Location:** Boston, MA - **Twitter:** @penterasec (3,327 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/penterasecurity/ (486 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Banking, Information Technology and Services - **Company Size:** 51% Enterprise, 40% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (9 reviews) - Vulnerability Identification (8 reviews) - Automation (7 reviews) - Customer Support (7 reviews) - Security (6 reviews) **Cons:** - Inadequate Reporting (3 reviews) - Access Control (2 reviews) - False Positives (2 reviews) - Limited Reporting (2 reviews) - Missing Features (2 reviews) ### 6. [HTB CTF & Threat Range](https://www.g2.com/products/htb-ctf-threat-range/reviews) The HTB CTF Platform turns cyber training into an addictive team experience. Choose from 250+ scenarios, host events for hundreds of players, and launch in less than 10 minutes without additional setup required. Live scoreboards, team chat, and advanced reporting reveal strengths, gaps and next best steps. Leaders calling CTFs the best way to beat burnout and improve performance, HTB delivers the proven formula for engaged, attack-ready teams. **Average Rating:** 4.7/5.0 **Total Reviews:** 22 **Seller Details:** - **Seller:** [Hack The Box](https://www.g2.com/sellers/hack-the-box) - **Company Website:** https://www.hackthebox.com/ - **Year Founded:** 2017 - **HQ Location:** Folkestone, GB - **Twitter:** @hackthebox_eu (244,029 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/hackthebox/ (2,226 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security - **Company Size:** 45% Enterprise, 36% Small-Business ### 7. [vPenTest](https://www.g2.com/products/vpentest/reviews) Vonahi Security is building the future of offensive cybersecurity by delivering automated, high-quality penetration testing through its SaaS platform, vPenTest. Designed to replicate the tools, techniques, and methodologies of experienced consultants, vPenTest brings the benefits of manual network penetration testing into an easy-to-use, automated solution. Traditionally, penetration testing has been a manual, time consuming, and expensive process that many organizations only perform once or twice a year. This often leaves businesses exposed to emerging threats between assessments. vPenTest addresses this gap by offering fast, consistent, and on-demand testing that helps organizations evaluate their real-time cybersecurity risk more effectively. Powered by a proprietary framework that evolves through continuous research and real-world insights, vPenTest stays aligned with the latest attack techniques and industry best practices. The platform is backed by over 13 years of offensive security expertise, with the team holding certifications such as CISSP, OSCP, OSCE, CEH, and more. Their knowledge is built directly into the platform, ensuring each test is conducted with depth, consistency, and accuracy—without the delays or variability of manual testing.
 vPenTest enables organizations to run internal and external network penetration tests as often as needed monthly, quarterly, or prior to audits or insurance reviews. The automated reports provide actionable insights that make it easy to prioritize remediation and demonstrate progress toward compliance. Today, over 22,000 organizations rely on vPenTest to strengthen their security posture and reduce risk. This includes managed service providers, managed security service providers, financial institutions, compliance-driven organizations, and internal IT teams. Whether you're working to meet regulatory requirements, secure cyber insurance coverage, or proactively defend against evolving threats, vPenTest makes network penetration testing easy, affordable, and scalable. **Average Rating:** 4.6/5.0 **Total Reviews:** 229 **Seller Details:** - **Seller:** [Kaseya](https://www.g2.com/sellers/kaseya) - **Company Website:** https://www.kaseya.com/ - **Year Founded:** 2000 - **HQ Location:** Miami, FL - **Twitter:** @KaseyaCorp (17,429 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/kaseya/ (5,512 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CEO - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 68% Small-Business, 25% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (29 reviews) - Reporting Quality (28 reviews) - Pentesting Efficiency (26 reviews) - Setup Ease (18 reviews) - Ease of Implementation (14 reviews) **Cons:** - Limited Scope (12 reviews) - Complex Setup (8 reviews) - Lack of Detail (7 reviews) - Inadequate Reporting (6 reviews) - Expensive (5 reviews) ### 8. [Right-Hand Cybersecurity](https://www.g2.com/products/right-hand-cybersecurity/reviews) Right-Hand is a Human Risk Management company supporting organizations across North America and APAC, working with teams across a wide range of industries including finance, education, retail, healthcare, and manufacturing. The platform is built to help security leaders understand, measure, and reduce human-initiated risk in modern, distributed environments where technology alone is no longer enough. Most security programs generate large volumes of alerts and telemetry but struggle to translate that data into meaningful insight about human behavior. Right-Hand addresses this challenge by integrating with core security tools such as email security, EDR, DLP, CASB, and SIEM. These integrations surface high-signal events and contextual risk indicators tied directly to user actions, giving teams visibility into where risky behavior occurs, which patterns lead to incidents, and how human risk changes over time across the organization. Building on this foundation, Right-Hand provides purpose-built AI agents that support security awareness execution at scale. The vishing agent enables realistic voice-based simulations, the email agent supports the creation of phishing templates and scenarios, and the training agent helps generate and adapt learning content based on role, behavior, and exposure. Together, these agents allow teams to move beyond static programs and deliver continuous, relevant awareness without relying on one-size-fits-all content or manual effort. The primary value of Right-Hand is turning visibility into action. Instead of compliance-driven training disconnected from real risk, organizations gain a data-informed program that links behavior, learning, and outcomes. Security teams can reduce repeat incidents, lower operational noise, demonstrate progress over time, and build a stronger, more resilient security culture aligned with how people actually work. **Average Rating:** 4.8/5.0 **Total Reviews:** 68 **Seller Details:** - **Seller:** [Right-Hand Cybersecurity](https://www.g2.com/sellers/right-hand-cybersecurity) - **Company Website:** https://right-hand.ai/ - **Year Founded:** 2019 - **HQ Location:** Lewes, Delaware - **Twitter:** @righthand_ai (140 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/19126566 (44 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 54% Mid-Market, 28% Enterprise #### Pros & Cons **Pros:** - Customer Support (31 reviews) - Ease of Use (23 reviews) - Training (16 reviews) - Helpful (15 reviews) - Aware (8 reviews) **Cons:** - Inadequate Reporting (6 reviews) - Limited Features (6 reviews) - Phishing Issues (5 reviews) - Integration Issues (4 reviews) - Limited Customization (2 reviews) ### 9. [RidgeBot](https://www.g2.com/products/ridgebot/reviews) RidgeBot® is a sophisticated AI-powered automated penetration testing solution designed to assist organizations in evaluating their cybersecurity posture and controls. By simulating real-world attacks, RidgeBot enables users to identify vulnerabilities and potential attack surfaces across a diverse range of IP assets. This innovative tool leverages advanced threat intelligence, tactics, and techniques to provide a comprehensive assessment of an organization's security defenses without necessitating additional personnel or tools. The primary target audience for RidgeBot includes cybersecurity teams, IT professionals, and organizations of various sizes that require a robust solution for vulnerability management and risk assessment. As cyber threats continue to evolve, organizations must stay ahead of potential breaches by regularly testing their defenses. RidgeBot serves as a critical resource for these teams, allowing them to conduct thorough penetration tests efficiently and effectively. This is particularly beneficial for organizations that may lack the resources to maintain a full-time security staff or those looking to enhance their existing security measures. RidgeBot's key features include automated attack simulations, extensive vulnerability identification, and prioritization of risks based on the latest threat intelligence. The automated nature of RidgeBot allows organizations to conduct frequent and thorough testing without the need for manual intervention, thereby saving time and reducing operational costs. Additionally, the tool's ability to validate cybersecurity controls ensures that organizations can confidently address identified vulnerabilities, enhancing their overall security posture. One of the standout aspects of RidgeBot is its capability to adapt to the ever-changing threat landscape. By incorporating the latest tactics and techniques used by cyber adversaries, RidgeBot ensures that its assessments remain relevant and effective. This continuous updating process not only helps organizations stay informed about emerging threats but also empowers them to proactively address vulnerabilities before they can be exploited. As a result, RidgeBot not only identifies weaknesses but also provides actionable insights that can be used to strengthen security measures and reduce the risk of cyber incidents. Overall, RidgeBot offers a comprehensive solution for organizations seeking to enhance their cybersecurity defenses through automated penetration testing and attack simulations. By providing a detailed understanding of vulnerabilities and the effectiveness of existing controls, RidgeBot enables organizations to make informed decisions about their cybersecurity strategies, ultimately leading to a more secure digital environment. **Average Rating:** 4.5/5.0 **Total Reviews:** 94 **Seller Details:** - **Seller:** [Ridge Security Technology](https://www.g2.com/sellers/ridge-security-technology) - **Company Website:** https://ridgesecurity.ai/ - **Year Founded:** 2020 - **HQ Location:** Santa Clara, California - **Twitter:** @RidgeSecurityAI (1,290 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/ridge-security/ (43 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 52% Small-Business, 44% Mid-Market #### Pros & Cons **Pros:** - Automation (16 reviews) - Ease of Use (15 reviews) - Pentesting Efficiency (12 reviews) - Vulnerability Identification (12 reviews) - Efficiency (9 reviews) **Cons:** - Complexity (4 reviews) - Complex Setup (4 reviews) - Missing Features (4 reviews) - Poor Customer Support (3 reviews) - Poor Documentation (3 reviews) ### 10. [Defendify All-In-One Cybersecurity Solution](https://www.g2.com/products/defendify-all-in-one-cybersecurity-solution/reviews) Founded in 2017, Defendify is pioneering All-In-One Cybersecurity® for organizations with growing security needs, backed by experts offering ongoing guidance and support. Delivering multiple layers of protection, Defendify provides an all-in-one, easy-to-use platform designed to strengthen cybersecurity across people, process, and technology, continuously. With Defendify, organizations streamline cybersecurity assessments, testing, policies, training, detection, response & containment in one consolidated and cost-effective cybersecurity solution. 3 layers, 13 solutions, 1 platform, including: • Managed Detection & Response • Cyber Incident Response Plan • Cybersecurity Threat Alerts • Phishing Simulations • Cybersecurity Awareness Training • Cybersecurity Awareness Videos • Cybersecurity Awareness Posters & Graphics • Technology Acceptable Use Policy • Cybersecurity Risk Assessments • Penetration Testing • Vulnerability Scanning • Compromised Password Scanning • Website Security Scanning See Defendify in action at www.defendify.com. **Average Rating:** 4.7/5.0 **Total Reviews:** 57 **Seller Details:** - **Seller:** [Defendify](https://www.g2.com/sellers/defendify) - **Year Founded:** 2017 - **HQ Location:** Portland, Maine - **Twitter:** @defendify (307 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/11098948/ (38 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 65% Small-Business, 35% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (8 reviews) - Cybersecurity (6 reviews) - Easy Setup (5 reviews) - Insights (5 reviews) - Monitoring (5 reviews) **Cons:** - Inadequate Reporting (4 reviews) - Poor Reporting (4 reviews) - Lack of Information (2 reviews) - Limited Customization (2 reviews) - Limited Features (2 reviews) ### 11. [Simulations Labs](https://www.g2.com/products/simulations-labs/reviews) Simulations Labs is an ai-powered platform that enables organizations, educators, and security teams to create realistic, reusable, and scalable hands-on cybersecurity simulations—without complex setup or infrastructure. Fully Managed Hosting Without Infrastructure Overhead Organizations run CTFs and simulations without DevOps, server setup, or maintenance. No Worries About Attacks or Server Downtime Simulations Labs automatically manages security, monitoring, and uptime, even during large-scale events. Organizers don’t need to worry about servers being attacked, crashing, or going offline. Custom Simulation Creation with Dashboard Simulations Labs offers a dashboard that allows organizers to create and manage fully custom simulations. Each simulation provisions isolated environments for participants, supports web application challenges, and can include dynamic flags to prevent cheating AI-Powered Challenge Creation Unlike traditional platforms that require technical expertise, our AI-powered tools enable non-technical users to create simulations and challenges quickly and easily. **Average Rating:** 4.8/5.0 **Total Reviews:** 10 **Seller Details:** - **Seller:** [Simulations Labs](https://www.g2.com/sellers/simulations-labs) - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/simulation-labs-linkedin/ (1 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Small-Business ### 12. [Datto SaaS Defense](https://www.g2.com/products/datto-saas-defense/reviews) SaaS Defense is an advanced threat protection [ATP] and spam filtering solution that detects zero-day threats. This means it identifies and prevents threats that competitive solutions are missing. It proactively defends against malware, phishing, and business email compromise (BEC) attacks that target Microsoft 365 including Exchange, OneDrive, SharePoint, and Teams. Benefits to MSPs ✔Close detection gaps: Proactively monitor, detect, and eliminate the unknown cyber threats that other solutions miss with data-independent technology. ✔ Go beyond email security: SaaS Defense protects from a range of malicious attacks across the Microsoft 365 suite, not just email. ✔ Improve your bottom line: This tool is a profit builder that can be used to attract new market share and triple MSP margins. ✔ Seamless deployment & management: Get new clients up and running in minutes with two-click onboarding & multi-tenant management. ✔ Easily demonstrate your value: robust reporting capabilities, that can be shared with clients, that articulate why a threat was identified as malicious. ✔ Multi-layered detection, protection and recovery for Microsoft 365 with complete SaaS Protection integration. **Average Rating:** 4.2/5.0 **Total Reviews:** 12 **Seller Details:** - **Seller:** [Kaseya](https://www.g2.com/sellers/kaseya) - **Year Founded:** 2000 - **HQ Location:** Miami, FL - **Twitter:** @KaseyaCorp (17,429 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/kaseya/ (5,512 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 58% Small-Business, 33% Mid-Market ### 13. [NetSPI](https://www.g2.com/products/netspi-2026-02-04/reviews) NetSPI PTaaS is a type of penetration testing as a service (PTaaS) solution designed to help organizations identify and remediate vulnerabilities within their systems, applications, and networks. This service utilizes a combination of skilled professionals, established processes, and advanced AI technology to provide contextualized security outcomes in real time, all accessible through a unified platform. By addressing the limitations of traditional penetration testing methods, NetSPI PTaaS offers a more efficient and comprehensive approach to security assessments. This service is targeted at businesses of all sizes, from startups to large enterprises, making it particularly beneficial for security teams looking to enhance their vulnerability management strategies. NetSPI PTaaS caters to a variety of use cases, including application security assessments, infrastructure testing, and evaluations of emerging technologies such as artificial intelligence. With over 50 different types of penetration tests available, organizations can customize their security evaluations to meet specific needs, ensuring thorough coverage across all potential attack surfaces. A key feature of NetSPI PTaaS is its commitment to delivering real-time findings through a single platform. This capability allows security teams to receive immediate insights into vulnerabilities, enabling them to act swiftly to mitigate risks based on role and priority, managing testing in just a few clicks. The platform's integration capabilities enhance its usability, allowing organizations to seamlessly incorporate findings into their existing security workflows. This streamlined approach not only saves time but also ensures that remediation efforts are based on high-fidelity, manually validated findings, thus improving overall security effectiveness. The expertise of NetSPI's team of over 350 in-house security professionals is another significant differentiator. Their extensive experience and knowledge in the field of cybersecurity ensure that the testing methodologies employed are rigorous and consistent, uncovering vulnerabilities, exposures, and misconfigurations that may be overlooked by other solutions. This white-glove approach to penetration testing emphasizes the importance of manual validation, providing organizations with reliable and actionable insights that can significantly enhance their security posture. NetSPI PTaaS stands out in the realm of penetration testing services by combining expert human analysis with advanced AI technology, delivering timely and accurate results. This empowers organizations to strengthen their defenses against evolving cyber threats, ensuring that they remain resilient in an increasingly complex security landscape. **Average Rating:** 4.9/5.0 **Total Reviews:** 13 **Seller Details:** - **Seller:** [NetSPI](https://www.g2.com/sellers/netspi) - **Company Website:** https://www.netspi.com - **Year Founded:** 2001 - **HQ Location:** Minneapolis, MN - **Twitter:** @NetSPI (4,038 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/netspi/ (592 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 46% Enterprise, 38% Mid-Market #### Pros & Cons **Pros:** - Expertise (4 reviews) - Team Quality (4 reviews) - Communication (3 reviews) - Ease of Use (3 reviews) - Service Quality (3 reviews) **Cons:** - Difficult Navigation (1 reviews) - False Positives (1 reviews) - Information Management (1 reviews) - Lack of Detail (1 reviews) - Lack of Information (1 reviews) ### 14. [Reflex Security](https://www.g2.com/products/reflex-security/reviews) Reflex Security builds real incident response readiness through AI-driven tabletop exercises that adapt in real time to your team's decisions. The platform generates hyper-customized scenarios in minutes by researching your actual tech stack, industry, and threat landscape from public data. Every exercise is tailored to your organization, not pulled from a generic template. Exercises fight back. AI adversaries respond dynamically to participant decisions, creating realistic pressure and unpredictable outcomes that keep teams engaged throughout. An AI facilitator can join Zoom, Google Meet, or Teams to guide discussion, capture notes, and challenge individuals with role-specific questions. After each exercise, Reflex generates audit-ready reports with performance analytics and remediation guidance designed to support compliance requirements such as SOC 2, ISO 27001, and cyber insurance requirements. Built for CISOs and MSSPs who want to run tabletop exercises frequently at a fraction of the prep time and cost of traditional facilitated sessions. **Average Rating:** 5.0/5.0 **Total Reviews:** 4 **Seller Details:** - **Seller:** [Reflex Security](https://www.g2.com/sellers/reflex-security) - **Year Founded:** 2025 - **HQ Location:** Los Angeles, US - **LinkedIn® Page:** https://www.linkedin.com/company/reflexsecurity/ (5 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 75% Small-Business, 25% Enterprise ### 15. [Infection Monkey](https://www.g2.com/products/infection-monkey/reviews) By deploying the Infection Monkey as an ongoing testing solution, you can verify the security baseline of your network and achieve full network coverage. **Average Rating:** 4.8/5.0 **Total Reviews:** 3 **Seller Details:** - **Seller:** [GuardiCore](https://www.g2.com/sellers/guardicore) - **HQ Location:** Cambridge, US - **Twitter:** @GuardiCore (2,643 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/akamai-technologies/ (10,201 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Mid-Market ### 16. [Atrapa](https://www.g2.com/products/atrapa/reviews) The all-in-one platform to capture, convert, and retain customers across every messaging channel. **Average Rating:** 5.0/5.0 **Total Reviews:** 2 **Seller Details:** - **Seller:** [Atrapa](https://www.g2.com/sellers/atrapa) - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/atrapa/ (1 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 50% Mid-Market, 50% Small-Business ### 17. [RADAR™](https://www.g2.com/products/mazebolt-technologies-radar/reviews) MazeBolt RADAR is a patented DDoS Vulnerability Management solution. Using thousands of non-disruptive DDoS attack simulations and without affecting online services, RADAR identifies and enables the remediation of vulnerabilities in deployed DDoS protection solutions. **Average Rating:** 4.3/5.0 **Total Reviews:** 2 **Seller Details:** - **Seller:** [MazeBolt Technologies](https://www.g2.com/sellers/mazebolt-technologies) - **Year Founded:** 2013 - **HQ Location:** Ramat Gan, IL - **LinkedIn® Page:** https://www.linkedin.com/company/mazebolt-technologies (33 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Small-Business ### 18. [AttackIQ Platform](https://www.g2.com/products/attackiq-platform/reviews) AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Breach and Attack Simulation Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyber defenses work as expected, aligned with the MITRE ATT&CK framework. The company is committed to supporting its MSSP partners with a flexible Preactive Partner Program that provides turn-key solutions, empowering them to elevate client security. AttackIQ is passionate about giving back to the cybersecurity community through its free award-winning AttackIQ Academy and partnership with MITRE Engenuity’s Center for Threat-Informed Defense. **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [AttackIQ](https://www.g2.com/sellers/attackiq) - **Year Founded:** 2013 - **HQ Location:** Los Altos, US - **Twitter:** @AttackIQ (7,122 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/attackiq (168 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Mid-Market ### 19. [CyBot](https://www.g2.com/products/cybot/reviews) CyBot is a next-generation vulnerability management tool as well as the world first Automated pen testing solution, that continuously showcases validated, global, multi-vector, Attack Path Scenarios (APS), so you can focus your time and resources on those vulnerabilities that threaten your critical assets and business processes. CyBot has one core engine: CyBot Pro, plus two additional management consoles. One for Enterprises and one for MSSPs. **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [Cronus-Cyber](https://www.g2.com/sellers/cronus-cyber) - **Year Founded:** 2014 - **HQ Location:** Haifa, IL - **Twitter:** @CronusCyber (98 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10337915 (6 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Small-Business ### 20. [FourCore ATTACK](https://www.g2.com/products/fourcore-attack/reviews) FourCore ATTACK provides a comprehensive view of security effectiveness by validating controls with realistic attacks. • Identify gaps in endpoint, email and network security controls before real attackers do • Continuously test defenses in production without disrupting users or IT operations • Focus internal red teams on high value assets while FourCore ATTACK covers routine controls testing • Give blue teams real attack data to improve threat detection and response capabilities • Enable security and IT teams to make effective risk-based security decisions FourCore ATTACK is backed by FourCore's advanced adversary emulation technology. Emulate threats consistently and realistically, to make sure you can defend against the script kiddies and advanced APTs alike. **Average Rating:** 3.5/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [FourCore](https://www.g2.com/sellers/fourcore) - **Year Founded:** 2021 - **HQ Location:** New Delhi, IN - **LinkedIn® Page:** https://www.linkedin.com/company/fourcorelabs (12 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Small-Business ### 21. [OpenAEV by Filigran](https://www.g2.com/products/openaev-by-filigran/reviews) OpenAEV (formerly OpenBAS) Community Edition (CE) is the free base platform, while the Enterprise Edition (EE) is a commercial license upgrade that provides powerful AI-driven features and automation for faster, more contextual scenario creation and remediation actions. Convert threat/exposure data into validated, actionable security outcomes with industry’s first open-source, threat-informed AEV platform. - Unified Threat Context: Know what you need to defend against - Proactive Defense: Emulate real-world attacks to see how your defenses hold up - Adaptable interface: Customize for your use case – validate tools, people & processes - Accelerated Time-to-Remediation: Quickly detect and fix vulnerabilities **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [Filigran](https://www.g2.com/sellers/filigran) - **Company Website:** https://filigran.io/ - **Year Founded:** 2022 - **HQ Location:** New York, US - **Twitter:** @FiligranHQ (829 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/filigran (218 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Mid-Market ### 22. [SafeBreach](https://www.g2.com/products/safebreach/reviews) SafeBreach is the only enterprise-grade Adversarial Exposure Validation (AEV) platform that simulates attacker behavior both before and after a breach—validating not just whether defenses fail, but how far an attacker could go and what they could impact. Our dual-engine platform combines breach and attack simulation (Validate) with live, attack path validation (Propagate), using real credential harvesting, lateral movement, and EDR bypass to reveal the blast radius of an attack. SafeBreach Validate is an award-winning breach and attack simulation (BAS) tool that uses patented technology to test the efficacy of deployed security controls against real-world threats. Leveraging the tactics, techniques, and procedures (TTPs) used by malicious actors, Validate automates adversarial attacks to help you continuously test your defenses, understand and limit your exposure, reduce your attack surface and improve security posture, and accelerate remediation. SafeBreach Propagate is the enterprise-grade automated penetration testing and attack path validation tool that emulates lateral movement, privilege escalation, and credential harvesting within the network—safely, automatically, and continuously—to help security teams understand potential post-breach impact. SafeBreach Propagate allows you to uncover high-risk paths to critical organizational assets, identify security gaps and strengths, prioritize remediation activities, and streamline communication with key stakeholders using built-in reports and dashboards. These dashboards distill data into business-ready metrics: breach likelihood, control failure rates, and remediation priorities—aligned to frameworks like MITRE ATT&CK, NIST CSF, DORA, and NIS2. With 30,000+ threat actions and a 24-hour SLA on CISA alerts, we help security teams walk into board meetings with clarity, credibility, and proof. Powered by SafeBreach Labs, and the industry’s largest threat library, we help teams continuously prove and improve their cyber readiness at enterprise scale. **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [SafeBreach](https://www.g2.com/sellers/safebreach) - **Year Founded:** 2014 - **HQ Location:** Sunnyvale, California, United States - **Twitter:** @safebreach (2,489 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/safebreach/ (135 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Small-Business ### 23. [SCYTHE](https://www.g2.com/products/scythe-scythe/reviews) SCYTHE is an adversary emulation platform (BAS+) catering to the commercial, government, and cybersecurity consulting market. The SCYTHE platform empowers Red, Blue, and Purple teams to swiftly construct and simulate real-world attacks. SCYTHE serves as a robust proactive security tool for scrutinizing detective and preventive controls across multiple communication vectors. Through SCYTHE, with its prepackaged action/behavior logic and threat intelligence, organizations can maintain a continuous evaluation of their risk profile, prioritize vulnerabilities, and take action against threats that matter. **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [SCYTHE](https://www.g2.com/sellers/scythe) - **Company Website:** https://www.scythe.io/ - **Year Founded:** 2017 - **HQ Location:** Columbia, US - **Twitter:** @scythe_io (6,867 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/scythe_io (33 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Mid-Market ### 24. [SimLight](https://www.g2.com/products/simlight/reviews) SimLight by Thawd is an advanced Breach and Attack Simulation solution designed to deploy in minutes and continuously validate your security controls by simulating realistic attacker behaviors. SimLight provides comprehensive visibility into your organization's security posture, empowering proactive defense against real-world threats. **Average Rating:** 5.0/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [Thawd Security](https://www.g2.com/sellers/thawd-security) - **HQ Location:** Ryiadh, SA - **LinkedIn® Page:** https://www.linkedin.com/company/thawd-security/ (7 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Enterprise ### 25. [Validato - Continuous Security Validation Platform](https://www.g2.com/products/validato-continuous-security-validation-platform/reviews) Validato is a leading Continuous Security Controls Validation platform designed to empower modern security teams to definitively prove their cyber resilience. As a pioneer in the Adversarial Exposure Validation (AEV) and Breach & Attack Simulation (BAS) market, Validato provides an automated, evidence-based approach to identifying hidden misconfigurations and security gaps within live production environments. Why Validato? In an era of evolving regulations like DORA and NIS2, and board-level concerns such as Ransomware, traditional annual penetration testing and static vulnerability scans are no longer sufficient. Validato transforms security from a "check-box" exercise into a proactive, continuous strategy for operational resilience. Threat-Informed Defence: We safely simulate the methods cyber adversaries use to manipulate standard features and over-privileged users across Windows, Linux, and Mac environments. MITRE ATT&CK® Alignment: Unlike tools that merely emulate Indicators of Compromise (IOCs), Validato directly tests the specific MITRE ATT&CK Techniques exploited by threat actors to validate the actual effectiveness of your detection and protection capabilities. Safe for Production: Our simulations are engineered to be non-disruptive, allowing for continuous validation without risk to critical business operations. Actionable Remediation: We move beyond identifying issues by providing clear, guided hardening steps based on the Principle of Least Privilege, helping you strategically reduce your attack surface. Key Outcomes for Security Leaders CISOs & Risk Teams: Access impartial, fact-based data to demonstrate cyber resilience to the Board and meet strict regulatory compliance mandates (DORA, NIS2, ISO 27001). SOC & Security Engineering: Optimise the ROI of existing security investments, such as EDR and SIEM tools, by validating log data fidelity and fine-tuning threat detection. Red Teams: Scale testing efficiency by automating repetitive TTP testing, freeing expert resources to focus on complex, high-value adversarial emulations. Deploy in Minutes, Validate Forever Validato is a cloud-based SaaS platform that can be operational within 30 minutes. By providing a continuous feedback loop on security effectiveness, Validato helps organisations shift from reactive defence to a proactive, resilient security posture. **Average Rating:** 4.0/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [Validato](https://www.g2.com/sellers/validato) - **Year Founded:** 2021 - **HQ Location:** London, GB - **LinkedIn® Page:** https://www.linkedin.com/company/validato/ (10 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Mid-Market #### Pros & Cons **Pros:** - Features (1 reviews) - Reliability (1 reviews) **Cons:** - Lack of Training (1 reviews) ## Parent Category [System Security Software](https://www.g2.com/categories/system-security) ## Related Categories - [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)