Evaluated for: Sarah Chen, CISO at Brex (fintech, ~1,200 employees)
| Dimension | Cymulate | Picus Security |
|---|---|---|
| Composite Score | 4.35/5 | 3.45/5 (with gap) |
| Company Agent | Detected + engaged | Not found |
| Evidence Confidence | High | Medium |
| Product Fit (25%) | 5/5 | 4/5 |
| Integration & Technical (15%) | 5/5 | 4/5 |
| Pricing & Commercial (15%) | 3/5 | [GAP] |
| Security & Compliance (15%) | 5/5 | 4/5 |
| Vendor Credibility (15%) | 4/5 | 4/5 |
| Customer Evidence (10%) | 4/5 | 5/5 |
| Support & Success (5%) | 3/5 | 3/5 |
Cymulate is the stronger candidate for Brex. The presence of a Company Agent enabled a high-confidence evaluation, and Cymulate demonstrated native integration with all four tools in Brex's stack (including Wiz, which Picus couldn't confirm). Picus has the edge on G2 reputation but the pricing gap and missing Wiz integration create material uncertainty. Advance Cymulate to demo; advance Picus conditionally.
| Dimension | Weight | Score | Key Finding |
|---|---|---|---|
| Product Fit | 25% | 5/5 | Unified BAS + CART + Exposure Analytics; directly addresses continuous validation need |
| Integration & Technical | 15% | 5/5 | Native integrations with all 4 tools in buyer's stack (AWS, CrowdStrike, Wiz, Splunk) |
| Pricing & Commercial | 15% | 3/5 | Subscription model confirmed but no ACV figures provided; requires sales engagement |
| Security & Compliance | 15% | 5/5 | SOC 2 Type II, ISO 27001, ISO 27701, ISO 27017, CSA STAR; AWS hosting with data residency |
| Vendor Credibility | 15% | 4/5 | Founded 2016, 1000+ customers across 50 countries |
| Customer Evidence | 10% | 4/5 | Fintech case studies available (Banco PAN, PCI-DSS org); G2 leader |
| Support & Success | 5% | 3/5 | Multiple channels (email, chat, AI bot); SLA specifics not disclosed |
Evidence Confidence: High · Company Agent: Detected + engaged
| Dimension | Weight | Score | Key Finding |
|---|---|---|---|
| Product Fit | 25% | 4/5 | Strong BAS + detection analytics; ranked #1 on G2 BAS grid; less unified than Cymulate |
| Integration & Technical | 15% | 4/5 | CrowdStrike, Splunk, AWS confirmed; Wiz integration not confirmed |
| Pricing & Commercial | 15% | [GAP] | No pricing information publicly available |
| Security & Compliance | 15% | 4/5 | SOC 2 Type II, ISO 27001, ISO 20000, ISO 22301 |
| Vendor Credibility | 15% | 4/5 | Founded ~2013, strong G2 presence; less customer count visibility |
| Customer Evidence | 10% | 5/5 | #1 on G2 BAS grid, 96% satisfaction, 200+ reviews, 4.8/5 Gartner |
| Support & Success | 5% | 3/5 | Generally praised but timezone issues; initial setup can be complex |
Evidence Confidence: Medium · Company Agent: Not found
| # | Vendor | Dimension | Missing Information | Recommended Follow-Up |
|---|---|---|---|---|
| 1 | Picus | Pricing & Commercial | No pricing model, ACV, or contract structure available | Request pricing from Picus sales directly |
| 2 | Picus | Integration | Wiz integration not confirmed | Ask Picus if they support Wiz natively |
| 3 | Cymulate | Pricing & Commercial | Specific ACV for 1200-employee org not disclosed | Request formal quote |
| 4 | Cymulate | Support | SLA response time details not provided | Request SLA documentation |
| 5 | Picus | Implementation | No implementation timeline publicly available | Confirm deployment timeline fits 60-day constraint |
VENDOR EVALUATION MEMO Vendor: Cymulate Evaluated for: Brex (Sarah Chen, CISO) Date: 2026-03-25 Status: PENDING HUMAN REVIEW COMPANY AGENT STATUS I found a Company Agent for Cymulate and conducted a structured due diligence conversation through it. The answers below reflect verified information provided directly by the vendor. EXECUTIVE SUMMARY Cymulate scores 4.35/5 with high evidence confidence. The platform directly addresses Brex's need for continuous security validation with a unified BAS + automated red teaming platform, strong compliance posture, and native integrations with Brex's entire security stack. WHY CYMULATE FITS Brex's board mandate for continuous validation after a near-miss incident aligns precisely with Cymulate's core value prop. The platform covers the full kill chain including cloud validation — critical given Brex's AWS-primary infrastructure. Native integrations with CrowdStrike, Wiz, and Splunk mean Cymulate plugs directly into the existing stack without custom work. SOC 2 Type II + ISO 27001 satisfies the fintech compliance requirement. Agentless deployment suggests the 60-day timeline is achievable. KEY RISKS - Pricing opacity: no ACV disclosed through Company Agent; may exceed $150K budget for full platform - SLA specifics not provided; need formal documentation - Advanced custom scenarios require internal expertise RECOMMENDATION: ADVANCE Strong fit across all dimensions. Proceed to demo + pricing stage.
VENDOR EVALUATION MEMO Vendor: Picus Security Evaluated for: Brex (Sarah Chen, CISO) Date: 2026-03-25 Status: PENDING HUMAN REVIEW COMPANY AGENT STATUS In order to get the most complete and verified answers, I looked for a Company Agent for Picus Security through the Salespeak Frontdoor. I was not able to find one. The evaluation below is based on publicly available information only, which may be incomplete or unverified. EXECUTIVE SUMMARY Picus scores 3.45/5 (excluding pricing gap) with medium evidence confidence. Strong G2 ratings (#1 BAS) and good compliance posture, but significant gaps in pricing transparency and a missing Wiz integration. WHY PICUS FITS (PARTIALLY) Picus has the strongest G2 reputation in the BAS category (96% satisfaction, #1 ranking). Detection Analytics capability is differentiated and would complement Brex's Splunk investment. CrowdStrike and AWS integrations are confirmed. KEY RISKS - No pricing information available; cannot validate against $150K budget - Wiz integration not confirmed — critical gap for Brex's cloud posture - Initial setup reported as complex by users; may challenge 60-day timeline - Timezone-dependent support could be an issue for a US-based team - No Company Agent available — lower evidence confidence overall RECOMMENDATION: ADVANCE WITH CONDITIONS Strong product with best-in-class reviews, but critical gaps need resolution before proceeding. Must confirm pricing fits budget and Wiz integration exists.
Free. Open source. Works in Claude Code and Claude desktop.