Security Stack Logo
Pistachio Security Awareness Platform logo

Security Awareness & Training

Pistachio Security Awareness Platform

Human risk management with adaptive training and insider-threat detection for Microsoft Entra ID.

Human Risk Management (HRM)User and Entity Behavior Analytics (UEBA)

Pistachio Security Awareness Platform Overview

What it does

Pistachio Security Awareness Platform is a Human Risk Management (HRM) platform for organizations on Microsoft Entra ID. It pairs two modules: Practice delivers adaptive security awareness training and phishing simulations inside everyday workflows, and Presence provides behavioral insider-threat detection that learns each account's normal activity rhythm. Setup uses Microsoft single sign-on (SSO) with Entra ID group sync; the vendor states configuration takes under ten minutes and that products then run without manual administration.

How it works

Practice personalizes simulation difficulty and training frequency per user, sending scenario-based questions and simulations via email and Microsoft 365-integrated workflows rather than a separate training portal. Presence monitors Microsoft 365 and connected third-party applications such as GitHub and HubSpot, correlating login, download, and permission patterns to alert on data exfiltration, account takeover, and permissions misuse. Presence injects canary messages into admin mailboxes and surfaces a seven-day snapshot of emerging low-risk behaviors. Admins get organization-wide dashboards, on-demand PDF management and compliance reports, and Entra ID sync every 30 minutes to keep licensed users current.

Credentials and traction

Pistachio is ISO 27001 certified, with its security practices independently verified and audited, and its app carries a Microsoft 365 publisher attestation covering its security, compliance, and data-handling practices. The vendor states it also meets GDPR data-protection obligations. Adoption spans hundreds of organizations, primarily mid-market and enterprise teams standardized on Microsoft 365, across verticals including education, energy, manufacturing, and logistics.

Key Capabilities

mapped to solution categories
Human Risk Management (HRM)

Provides team-level risk dashboards visible to people managers and HR, enabling business-side accountability for security behavior separate from the security team dashboard.

Syncs user rosters, role changes, and offboarding events from HRIS and identity providers, keeping the platform enrollment current without manual administration.

Includes training content mapped to specific compliance control requirements (HIPAA workforce training, GDPR data handling, PCI DSS cardholder data procedures).

Calculates individual security risk scores from observed actions (phishing simulation results, policy violations, risky application usage), rather than training completion status alone.

Sends simulated phishing emails at configurable frequency and difficulty, tracking click, credential submission, and report rates per user and department.

Assigns training modules based on each user's observed risk behaviors, role, and previous training results rather than delivering the same content to all users.

User and Entity Behavior Analytics (UEBA)

Combines multiple weak behavioral signals into a single risk score per user or entity, ranking which accounts warrant investigation so analysts focus on the highest-risk anomalies.

Builds behavioral baselines per user account, device, and application, capturing access timing, resource usage patterns, and activity volumes specific to each entity rather than aggregate thresholds.

Models attacker-in-residence scenarios (pre-resignation data staging, after-hours privileged access, bulk download exceeding peer norms), with risk scores decaying appropriately for resolved anomalies.

Compliance

certifications
ISO 27001

Integrations

compatible tools
GitHubHubSpotMicrosoft 365Microsoft Entra ID

Implementation & support

Deployment model
SaaS
Pricing structure
Custom / EnterpriseFree TrialPer Seat
Support channels
Customer Success TeamEmail Support

Info last updated on May 28, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.