Pistachio Security Awareness Platform
Human cybersecurity risk management with adaptive training and insider-threat detection for Microsoft Entra ID.
Info last updated on May 23, 2026
Vendor Information
Pistachio Security Awareness Platform Overview
Pistachio Security Awareness Platform is a Human Risk Management (HRM) platform for organizations on Microsoft Entra ID. It pairs two modules: Practice delivers adaptive security awareness training and phishing simulations inside everyday workflows, and Presence provides behavioral insider-threat detection that learns each account's normal activity rhythm. Setup uses Microsoft single sign-on (SSO) with Entra ID group sync; the vendor states configuration takes under ten minutes and that products then run without manual administration.
Practice personalizes simulation difficulty and training frequency per user, sending scenario-based questions and simulations via email and Microsoft 365-integrated workflows rather than a separate training portal. Presence monitors Microsoft 365 and connected third-party applications such as GitHub and HubSpot, correlating login, download, and permission patterns to alert on data exfiltration, account takeover, and permissions misuse. Presence injects canary messages into admin mailboxes and surfaces a seven-day snapshot of emerging low-risk behaviors. Admins get organization-wide dashboards, on-demand PDF management and compliance reports, and Entra ID sync every 30 minutes to keep licensed users current.
Pistachio is ISO 27001 certified, with security practices independently audited as stated on its website. Presence is designed to flag potentially harmful anomalies without device inspection, productivity tracking, or reporting on routine user activity. Founded in 2019 in Oslo, Norway, Pistachio operates from offices in Oslo, London, and Valencia and requires Microsoft Entra ID for product deployment.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Provides team-level risk dashboards visible to people managers and HR, enabling business-side accountability for security behavior separate from the security team dashboard.
Syncs user rosters, role changes, and offboarding events from HRIS and identity providers, keeping the platform enrollment current without manual administration.
Includes training content mapped to specific compliance control requirements (HIPAA workforce training, GDPR data handling, PCI DSS cardholder data procedures).
Calculates individual security risk scores from observed actions (phishing simulation results, policy violations, risky application usage), rather than training completion status alone.
Sends simulated phishing emails at configurable frequency and difficulty, tracking click, credential submission, and report rates per user and department.
Assigns training modules based on each user's observed risk behaviors, role, and previous training results rather than delivering the same content to all users.
Integrations
Compatible tools and platforms
Solution Details
Compliance & Certifications
Regulatory frameworks and security certifications
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
Pricing Model
How this solution is priced
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile