[{"data":1,"prerenderedAt":3297},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":95,"navbar-about-highlight":155,"navbar-resource-highlight":211,"use-case-page":256,"blog/cyber-essentials-april-2026-update":1276},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8,59,76],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":14,"data":15,"variations":50,"lastUpdated":51,"firstPublished":52,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":54,"meta":55,"rev":58},1742213002749,"efff2a27faf4408e9f908eba4b5542fe","inductive-automation","1c6207a5f24948ab82d4a0b17f251193","published",[],{"testimonial":16,"description":43,"type":19,"link":44,"title":47,"testimonialLink":48,"image":49},{"@type":17,"id":18,"model":19,"value":20},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79","testimonial",{"query":21,"folders":22,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":26,"variations":30,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":35,"rev":42},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":27,"jobTitle":28,"quote":24,"image":29},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,1,"ST0tXQM8slWpFrmioqKHmENB2qe2",{"kind":36,"lastPreviewUrl":37,"breakpoints":38,"hasAutosaves":41},"data","",{"small":39,"medium":40},640,768,true,"3v32gocrrqz","Join the industry's top security minds as they break down the browser attack landscape.",{"url":45,"text":46},"https://pushsecurity.com/webinar/state-of-browser-security","Save Your Spot","State of Browser Attacks Series","/customer-stories/inductive-automation","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe94fca10aa7b46ac8052b7ea22de54cd",{},1776257019270,1742221533648,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2",[],{"breakpoints":56,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},320,"motto9r9yg",{"createdDate":60,"id":61,"name":62,"modelId":12,"published":13,"query":63,"data":64,"variations":69,"lastUpdated":70,"firstPublished":71,"testRatio":33,"createdBy":53,"lastUpdatedBy":72,"folders":73,"meta":74,"rev":58},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner",[],{"type":65,"url":66,"text":67,"link":68},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,"jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":36,"lastPreviewUrl":37,"breakpoints":75,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},{"createdDate":77,"id":78,"name":79,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":80,"data":81,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":92,"meta":93,"rev":58},1742208469288,"6763051b201f44a0838c6400c580ca67","Resource highlight",[],{"image":82,"type":83,"description":84,"link":85,"title":88},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9","resource","Learn about the latest techniques being used in the wild.",{"url":86,"text":87},"/resources/browser-attacks-report","Download now","Report: 2026 Browser Attack Techniques",{},1776255866789,1742208570400,[],{"kind":36,"lastPreviewUrl":37,"breakpoints":94,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},{"createdDate":96,"id":97,"name":98,"modelId":99,"published":13,"query":100,"data":101,"variations":145,"lastUpdated":146,"firstPublished":147,"testRatio":33,"createdBy":34,"lastUpdatedBy":148,"folders":149,"meta":150,"rev":154},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":102,"text":103,"url":37,"blocks":104,"state":141},"ewrererw","testrfesssssssssss",[105,129],{"@type":106,"@version":107,"id":108,"component":109,"responsiveStyles":119},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":110,"tag":110,"options":111,"isRSC":118},"TopBannerContent",{"text":112,"ctaText":46,"url":45,"mainText":113,"cta":116},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks",{"content":114,"fontSize":115},"\u003Cp>New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks\u003C/p>","text-base",{"content":117,"fontSize":115,"url":45},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">Save Your Spot\u003C/strong>\u003C/p>\n",null,{"large":120},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"marginTop":126,"marginBottom":126,"fontSize":127,"fontWeight":128},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":130,"@type":106,"tagName":131,"properties":132,"responsiveStyles":136},"builder-pixel-08zrjigffq5t","img",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":137},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},"block","hidden","none",{"deviceSize":142,"location":143},"large",{"path":37,"query":144},{},{},1775137295127,1774968080803,"ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"breakpoints":151,"hasLinks":6,"kind":152,"lastPreviewUrl":153,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","2lvuonnywj",[156,180],{"createdDate":157,"id":158,"name":159,"modelId":160,"published":13,"stageModifiedSincePublish":6,"query":161,"data":162,"variations":173,"lastUpdated":174,"firstPublished":175,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":176,"meta":177,"rev":179},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":163,"type":19,"testimonialLink":48,"testimonial":164},{},{"@type":17,"id":18,"model":19,"value":165},{"query":166,"folders":167,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":168,"variations":169,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":170,"rev":172},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":171,"hasAutosaves":41},{"small":39,"medium":40},"7t755zfvte3",{},1776247404986,1776247404973,[],{"breakpoints":178,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"4moh0qpywtr",{"createdDate":181,"id":182,"name":88,"modelId":160,"published":13,"meta":183,"stageModifiedSincePublish":6,"query":185,"data":186,"variations":207,"lastUpdated":208,"firstPublished":209,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":210,"rev":179},1776255761419,"05a9322735fc427db12e2740e4302300",{"breakpoints":184,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":187,"link":206,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":189},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":190,"folders":191,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":194,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":203,"rev":205},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":36,"lastPreviewUrl":37,"breakpoints":204,"hasAutosaves":41},{"small":39,"medium":40},"6s8ic0w0ao6",{"text":87,"url":86},{},1776255810913,1776255810900,[],[212,235],{"createdDate":213,"id":214,"name":88,"modelId":215,"published":13,"meta":216,"stageModifiedSincePublish":6,"query":218,"data":219,"variations":230,"lastUpdated":231,"firstPublished":232,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":233,"rev":234},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":217,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":220,"link":229,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":221},{"query":222,"folders":223,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":224,"variations":225,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":226,"rev":228},[],[],{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":227,"hasAutosaves":41},{"small":39,"medium":40},"r77qqueuo3j",{"text":87,"url":86},{},1776256937553,1776256937540,[],"q0jkez80wkg",{"createdDate":236,"id":237,"name":11,"modelId":215,"published":13,"stageModifiedSincePublish":6,"query":238,"data":239,"variations":250,"lastUpdated":251,"firstPublished":252,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":253,"meta":254,"rev":234},1776256949234,"ce043785b71b4ece98eac811ecf4ba10",[],{"link":240,"type":19,"testimonial":241,"testimonialLink":48},{},{"@type":17,"id":18,"model":19,"value":242},{"query":243,"folders":244,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":245,"variations":246,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":247,"rev":249},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":248,"hasAutosaves":41},{"small":39,"medium":40},"mnaneamy308",{},1776256974140,1776256974130,[],{"breakpoints":255,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[257,441,560,679,797,917,1037,1157],{"createdDate":258,"id":259,"name":260,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":262,"data":268,"variations":429,"lastUpdated":430,"firstPublished":431,"testRatio":33,"screenshot":432,"createdBy":34,"lastUpdatedBy":433,"folders":434,"meta":435,"rev":440},1744829487099,"387451215c314dd5bd654668cdc1a197","Zero-day phishing","cca4143377554c5a9163cc203a8ed2ba",[263],{"@type":264,"property":265,"operator":266,"value":267},"@builder.io/core:Query","urlPath","is","/uc/zero-day-phishing-protection",{"inputs":269,"customFonts":270,"seoTitle":318,"title":318,"tsCode":37,"seoDescription":319,"fontAwesomeIcon":320,"jsCode":37,"blocks":321,"url":267,"state":426},[],[271],{"family":272,"kind":273,"version":274,"lastModified":275,"files":276,"category":295,"menu":296,"subsets":297,"variants":300},"DM Sans","webfonts#webfont","v14","2023-07-13",{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"900italic":286,"700italic":287,"100italic":288,"italic":289,"regular":290,"200italic":291,"500italic":292,"300italic":293,"600italic":294},"https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAop1hTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwA_JxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAkJxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAfJthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwARZthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAC5thTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8gCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9uCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDG3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-7DW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat_XDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9XCm3zRmYJpso5.ttf","sans-serif","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRT23z.ttf",[298,299],"latin","latin-ext",[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"100","200","300","regular","500","600","800","900","100italic","200italic","300italic","italic","500italic","600italic","700italic","800italic","900italic","Zero-day phishing protection","Detect phishing TTPs directly in the browser and stop credential theft.","faFishingRod",[322,421],{"@type":106,"@version":107,"tagName":323,"id":324,"children":325},"div","builder-76c6b8d1499346c7bc1fd56ae4e93638",[326,343,351,358,370,385,396,407,413],{"@type":106,"@version":107,"layerName":327,"id":328,"component":329,"responsiveStyles":340},"UseCaseHero","builder-5228fe062bef4a40a91e43f1112832fa",{"name":327,"options":330,"isRSC":118},{"title":318,"description":331,"points":332,"video":339},"\u003Cp>Push detects phishing as it happens. Autonomous agents hunt for new phishing techniques, identify kit signatures, and deploy detections within minutes of a new attack being analyzed. From cloned login pages to AiTM credential harvesting, Push sees what traditional filters miss and stops threats before they escalate.\u003C/p>",[333,335,337],{"item":334},"Detect phishing that bypasses traditional filters, including AiTM, SSO password theft, and fake login pages",{"item":336},"Stop never-before-seen attacks with AI-native behavioral and on-page analysis inside the browser",{"item":338},"Investigate faster with unified browser, user, and page context","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F40433ceeb4f94b43a82e039a0f4fd411%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=40433ceeb4f94b43a82e039a0f4fd411&alt=media&optimized=true",{"large":341},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},"transparent",{"@type":106,"@version":107,"id":344,"component":345,"responsiveStyles":348},"builder-96634044407e491299e291ed64669e39",{"name":346,"options":347,"isRSC":118},"TrustedBy",{"AllPartners":41,"backgroundTransparent":6},{"large":349},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},"#000",{"@type":106,"@version":107,"id":352,"component":353,"responsiveStyles":356},"builder-2c3768f930534557bb8978e32b6a6a0f",{"name":354,"options":355,"isRSC":118},"Diagonal",{"darkMode":41},{"large":357},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":360,"component":361,"responsiveStyles":368},"TextImageBlockVertical","builder-7c3c1c2840424db2ad2ccbfaf382dd64",{"name":359,"tag":359,"options":362,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":365,"description":366,"animatedTitle":37,"image":367,"reverse":6,"descriptionPaddingHorizontal":118},1200,800,"\u003Ch2>Why stop at the inbox?\u003C/h2>","\u003Cp>Phishing attacks have evolved. Whether attackers lure users with QR codes, instant messages, or OAuth consent screens, the outcome is the same: it plays out in the browser. Push gives you real-time detection for in-browser threats, stopping phishing and consent-based attacks before they lead to compromise\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7fdcac241f0e4a049166d7076858adeb",{"large":369},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":371,"component":372,"responsiveStyles":380},"builder-41c978b3669749cf947e622b4e79e4d7",{"name":373,"options":374,"isRSC":118},"TextImageBlockHorizontal",{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":377,"description":378,"reverse":41,"image":379},600,100,"\u003Cp>Detect phishing at the edge\u003C/p>","\u003Cp>Push uses industry-first telemetry to detect phishing based on behavior, not static indicators. Autonomous agents analyze how phishing pages behave and how users interact with them, uncovering fake logins, credential theft, and phishing kits the moment they load in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9df3d180c97b4e61af142af2ccd68721",{"large":381},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},"DM Sans, sans-serif","20px","0px",{"@type":106,"@version":107,"id":386,"component":387,"responsiveStyles":393},"builder-d2a7bc941feb43cdb898bc116b203cf9",{"name":373,"options":388,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":390,"description":391,"reverse":6,"image":392},120,"\u003Ch2>Go beyond blocklists and IOCs\u003C/h2>","\u003Cp>Push goes beyond URLs and easy-to-change indicators. It reads the full phishing playbook like script behavior, session hijacks, DOM changes, user inputs, then connects the dots in real time. This gives your team a complete picture of how the phishing attempt worked, not just an alert.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabfd58db169b433e96d3f1261797156e",{"large":394},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},"36px",{"@type":106,"@version":107,"layerName":373,"id":397,"component":398,"responsiveStyles":404},"builder-42c32198083f4880acb37c5cb76934da",{"name":373,"options":399,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":401,"description":402,"reverse":41,"image":403},140,"\u003Ch2>Enhance your phishing response\u003C/h2>","\u003Cp>When phishing enters your environment, speed matters. Push gives you instant access to the telemetry that counts like session data, user behavior, and page activity, so you can investigate fast, trigger in-browser prompts, or forward alerts to your SIEM or SOAR for response. All in real time, right from the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbb195aec46904056b85e8688629e558e",{"large":405},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},"47px",{"@type":106,"@version":107,"id":408,"component":409,"responsiveStyles":411},"builder-9a95b9cbc4854421a92ef7b90f6c7adb",{"name":354,"options":410,"isRSC":118},{"darkMode":6},{"large":412},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":414,"component":415,"responsiveStyles":419},"builder-0afa17a9f25c4661a90f314d5578aa18",{"name":416,"tag":416,"options":417,"isRSC":118},"LatestResources",{"sectionHeading":37,"customClass":418},"bg-black",{"large":420},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":422,"@type":106,"tagName":131,"properties":423,"responsiveStyles":424},"builder-pixel-21yj6h3p4wh",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":425},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":427},{"path":37,"query":428},{},{},1776275046831,1745499158657,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fff60c30a8442489c8ed7e0af9599d14f","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"lastPreviewUrl":436,"winningTest":118,"breakpoints":437,"kind":438,"hasLinks":6,"originalContentId":439,"hasAutosaves":6},"https://pushsecurity.com/uc/zero-day-phishing-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=387451215c314dd5bd654668cdc1a197&builder.overrides.387451215c314dd5bd654668cdc1a197=387451215c314dd5bd654668cdc1a197&builder.overrides.use-case-page:/uc/zero-day-phishing-protection=387451215c314dd5bd654668cdc1a197&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},"page","2daa5670b8504fc7ba4700633e8bd921","atvz4dp24b7",{"createdDate":442,"id":443,"name":444,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":445,"data":448,"variations":552,"lastUpdated":553,"firstPublished":554,"testRatio":33,"screenshot":555,"createdBy":34,"lastUpdatedBy":433,"folders":556,"meta":557,"rev":440},1756833377777,"54f8256648f54d439303734b1e69221b","Browser extension security",[446],{"@type":264,"property":265,"operator":266,"value":447},"/uc/browser-extension-security",{"seoDescription":449,"jsCode":37,"fontAwesomeIcon":450,"tsCode":37,"title":444,"seoTitle":444,"customFonts":451,"inputs":456,"blocks":457,"url":447,"state":549},"Shine a light on risky browser extensions.","faPuzzlePiece",[452],{"kind":273,"family":272,"version":274,"files":453,"category":295,"lastModified":275,"subsets":454,"variants":455,"menu":296},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"100italic":288,"italic":289,"regular":290,"900italic":286,"800italic":285,"700italic":287,"200italic":291,"300italic":293,"500italic":292,"600italic":294},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],[],[458,544],{"@type":106,"@version":107,"tagName":323,"id":459,"meta":460,"children":461},"builder-71d0648c1d2f4ede8d0d0b5b28b7b94c",{"previousId":324},[462,478,485,492,501,511,521,531,538],{"@type":106,"@version":107,"id":463,"meta":464,"component":465,"responsiveStyles":476},"builder-ff325b4b8fad4edea53f38865947e854",{"previousId":328},{"name":327,"options":466,"isRSC":118},{"title":444,"description":467,"points":468,"video":475},"\u003Cp>Browser extensions introduce new code, new permissions, and new potential for risk. Many include AI features, and most go completely unnoticed. Push gives you full visibility into every extension used across your workforce, across major browsers, so you can uncover shadow IT, assess risky permissions, and block unsafe tools before they lead to compromise.\u003C/p>",[469,471,473],{"item":470},"Discover every browser extension in use",{"item":472},"Spot risky or unsanctioned behavior",{"item":474},"Make informed decisions on extension policy","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc538aad95d7f403aa3c3551af72f67c0?alt=media&token=1411fa6d-2eac-4e6c-94bf-ea117da12d67&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",{"large":477},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":479,"meta":480,"component":481,"responsiveStyles":483},"builder-fb89d128c64e47cf9cbb11d90fc24523",{"previousId":344},{"name":346,"options":482,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":484},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":486,"meta":487,"component":488,"responsiveStyles":490},"builder-54388d35126c4d0096eeebaf8c4448cd",{"previousId":352},{"name":354,"options":489,"isRSC":118},{"darkMode":41},{"large":491},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":493,"component":494,"responsiveStyles":499},"builder-3c8fa6785dd6466abf52a2470d66d85a",{"name":359,"tag":359,"options":495,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":496,"description":497,"image":498,"reverse":6},"\u003Ch2>Take control of browser extensions\u003C/h2>","\u003Cp>Attackers are increasingly using malicious browser extensions to gain access to data processed and stored in the browser. And the problem is, most security teams have no visibility into what extensions are being used. Push changes that. With browser-native telemetry, the Push extension continuously inventories browser extensions across your environment, flags the risky ones, and gives you intelligence to act. \u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0a004f16a6874f4c8fdf14344acc9fec",{"large":500},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":502,"meta":503,"component":504,"responsiveStyles":509},"builder-93738f98109a4009affb349afd7bb182",{"previousId":371},{"name":373,"options":505,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":506,"description":507,"reverse":41,"image":508},"\u003Ch2>Discover every extension in use\u003C/h2>","\u003Cp>Push gives you structured, searchable data about every extension in your environment, so you’re not just seeing what’s there, but also understanding how it got there, what it can do, and who it affects. It’s the kind of granular insight that’s nearly impossible to get from traditional tools, and it lays the groundwork for better policy decisions and faster investigations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0e5727ca99474f14b1b7916bf6bbb782",{"large":510},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":512,"meta":513,"component":514,"responsiveStyles":519},"builder-83393acb12ee4fdd840839185b51edb4",{"previousId":386},{"name":373,"options":515,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":516,"description":517,"reverse":6,"image":518},"\u003Ch2>Spot risky or malicious extensions\u003C/h2>","\u003Cp>Push highlights extensions with dangerous permissions, broad access, or poor reputations. This includes AI extensions that request access far beyond what their stated purpose requires. You can quickly detect sideloaded, manually installed, or development-mode extensions that bypass normal controls. And because Push shows you who’s using them and where, you can respond precisely and effectively.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa104d58c8da34fbb8901f738fb21453b",{"large":520},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":522,"meta":523,"component":524,"responsiveStyles":529},"builder-da98e3de949646d89c53a0d1c2784664",{"previousId":397},{"name":373,"options":525,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":526,"description":527,"reverse":41,"image":528},"\u003Ch2>Accelerate security reviews\u003C/h2>","\u003Cp>Most teams have extension policies, they just don’t have the data to enforce them. Push reveals how each extension entered your environment, whether it was installed manually, sideloaded, or deployed in dev mode. You’ll see which users are running what, and where, so you can surface violations, investigate quickly, and respond with confidence.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F229f355be6f243b180f410d237a75bb3",{"large":530},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":532,"meta":533,"component":534,"responsiveStyles":536},"builder-1a689287d1a1418997d57db578a71105",{"previousId":408},{"name":354,"options":535,"isRSC":118},{"darkMode":6},{"large":537},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":539,"component":540,"responsiveStyles":542},"builder-feb4e75029f84c10b6498ef1f8f79128",{"name":416,"tag":416,"options":541,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":543},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":545,"@type":106,"tagName":131,"properties":546,"responsiveStyles":547},"builder-pixel-0edn39avfcei",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":548},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":550},{"path":37,"query":551},{},{},1776275365038,1757000441666,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8d496cf111644ee5afcc046b72d1ca5a",[],{"kind":438,"winningTest":118,"breakpoints":558,"lastPreviewUrl":559,"hasLinks":6,"originalContentId":259,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/browser-extension-security?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=54f8256648f54d439303734b1e69221b&builder.overrides.54f8256648f54d439303734b1e69221b=54f8256648f54d439303734b1e69221b&builder.overrides.use-case-page:/uc/browser-extension-security=54f8256648f54d439303734b1e69221b&builder.options.locale=Default",{"createdDate":561,"id":562,"name":563,"modelId":261,"published":13,"query":564,"data":567,"variations":670,"lastUpdated":671,"firstPublished":672,"testRatio":33,"screenshot":673,"createdBy":34,"lastUpdatedBy":674,"folders":675,"meta":676,"rev":440},1744923509705,"94bebb7bb99d48629ad157e80cf4d81d","Account takeover detection",[565],{"@type":264,"property":265,"operator":266,"value":566},"/uc/account-takeover-detection",{"title":563,"customFonts":568,"jsCode":37,"seoTitle":563,"seoDescription":573,"fontAwesomeIcon":574,"tsCode":37,"blocks":575,"url":566,"state":667},[569],{"kind":273,"category":295,"variants":570,"menu":296,"files":571,"family":272,"subsets":572,"version":274,"lastModified":275},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"800italic":285,"700italic":287,"italic":289,"900italic":286,"600italic":294,"200italic":291,"regular":290,"100italic":288},[298,299],"Stop ATO with stolen credential and compromised token detection.","faUserSecret",[576,662],{"@type":106,"@version":107,"tagName":323,"id":577,"meta":578,"children":579},"builder-e7913a774cae44c5a23d6081c5c30a52",{"previousId":324},[580,596,603,610,619,629,639,649,656],{"@type":106,"@version":107,"id":581,"meta":582,"component":583,"responsiveStyles":594},"builder-f1f1ab1601bc4c0f8c2a8aafd173675d",{"previousId":328},{"name":327,"options":584,"isRSC":118},{"title":563,"description":585,"points":586,"video":593},"\u003Cp>Attackers don’t need to phish, they just need a password that works. Push monitors for signs of credential-based attacks in real time, directly in the browser, catching account takeover attempts before the damage spreads. From ghost logins to credential stuffing, Push cuts off the paths attackers use to quietly slip in the back door.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[587,589,591],{"item":588},"Identify credential-based ATO as it unfolds",{"item":590},"Surface hijacked sessions and token misuse",{"item":592},"Strengthen authentication where your IdP can’t","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb4dd9db24bc9495b8a686b1b4d492016%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=b4dd9db24bc9495b8a686b1b4d492016&alt=media&optimized=true",{"large":595},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":597,"meta":598,"component":599,"responsiveStyles":601},"builder-0bc0d1c78ece4994993c3a6427a4d533",{"previousId":344},{"name":346,"options":600,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":602},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":604,"meta":605,"component":606,"responsiveStyles":608},"builder-e45de8f3768c4f16938dbf78e4e87524",{"previousId":352},{"name":354,"options":607,"isRSC":118},{"darkMode":41},{"large":609},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":611,"component":612,"responsiveStyles":617},"builder-c98e8bfd341146c1b67c02d5698ff093",{"name":359,"tag":359,"options":613,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":614,"description":615,"image":616,"reverse":6},"\u003Ch2>Assume less. See more.\u003C/h2>","\u003Cp>Most account takeovers don’t start with a breach, they start with a login. Whether it’s a reused password, a local account, or an outdated login flow, Push shows you how accounts are actually accessed day to day, not just how policies say they should be. That means no more blind spots around ghost logins, bypassed SSO, or stale access paths that quietly persist.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F18630ad2746d4eb7b7fcc0428b11a8f0",{"large":618},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":620,"meta":621,"component":622,"responsiveStyles":627},"builder-55c1fc38ddc04fd1a0d6a8e2fb819e00",{"previousId":371},{"name":373,"options":623,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":624,"description":625,"reverse":41,"image":626},"\u003Ch2>Catch stolen credential use in real time\u003C/h2>","\u003Cp>Push monitors login activity directly in the browser to detect signs of credential-based attacks like leaked password use or suspicious login flows. By analyzing attacker TTPs instead of relying on known indicators, Push spots credential stuffing and account takeover attempts the moment they begin, not after they’ve succeeded.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F52b0123cac2c4dfdb1dc0af6adf9d603",{"large":628},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":630,"meta":631,"component":632,"responsiveStyles":637},"builder-dfb31737b30948c6b95323655d571a50",{"previousId":386},{"name":373,"options":633,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":634,"description":635,"reverse":6,"image":636},"\u003Ch2>Detect session hijacks and stealth access\u003C/h2>","\u003Cp>Attackers don’t always need a login screen, they often sidestep it entirely using stolen session tokens. Push detects when valid sessions are reused in unexpected ways, identifying hijacked sessions and stealth access attempts that traditional tools miss. Because we monitor directly in the browser, you see what’s happening inside active sessions in real time.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F94a6859a99e04d309ffe5841f3dbdf5c",{"large":638},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":640,"meta":641,"component":642,"responsiveStyles":647},"builder-f7585b90eb974d03a7dc7eae5b58d227",{"previousId":397},{"name":373,"options":643,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":644,"description":645,"reverse":41,"image":646},"\u003Ch2>Harden accounts before they’re compromised\u003C/h2>","\u003Cp>Push goes beyond alerts. It identifies apps that still allow local logins, even when SSO is configured, so you can remove weak access paths. Push also flags users without MFA, reused work credentials, or weak passwords, and prompts users in-browser to fix risky behaviors before they’re exploited.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01c1b638f1b6497093a4f2b8ceddb5bb",{"large":648},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":650,"meta":651,"component":652,"responsiveStyles":654},"builder-ad81d1e3afec49a791214194eae09bdc",{"previousId":408},{"name":354,"options":653,"isRSC":118},{"darkMode":6},{"large":655},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":657,"component":658,"responsiveStyles":660},"builder-8dac1aa4b9d148628d92252bd8eff822",{"name":416,"tag":416,"options":659,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":661},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":663,"@type":106,"tagName":131,"properties":664,"responsiveStyles":665},"builder-pixel-s5u3wmvz7jq",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":666},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":668},{"path":37,"query":669},{},{},1770892814499,1745499162732,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F58b660fa94aa4b30b0faeb9b663ae41a","SfUPqW5tkibIPby49keNFMdHFTr1",[],{"lastPreviewUrl":677,"hasLinks":6,"originalContentId":259,"breakpoints":678,"winningTest":118,"kind":438,"hasAutosaves":41},"https://pushsecurity.com/uc/account-takeover-detection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.94bebb7bb99d48629ad157e80cf4d81d=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.use-case-page:/uc/account-takeover-detection=94bebb7bb99d48629ad157e80cf4d81d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":680,"id":681,"name":682,"modelId":261,"published":13,"query":683,"data":686,"variations":789,"lastUpdated":790,"firstPublished":791,"testRatio":33,"screenshot":792,"createdBy":34,"lastUpdatedBy":674,"folders":793,"meta":794,"rev":440},1745009370904,"23eb48fb56d3451cab77cb6ed140ee6d","Attack path hardening",[684],{"@type":264,"property":265,"operator":266,"value":685},"/uc/attack-path-hardening",{"tsCode":37,"seoDescription":687,"jsCode":37,"customFonts":688,"fontAwesomeIcon":693,"seoTitle":682,"title":682,"blocks":694,"url":685,"state":786},"Harden access paths with visibility,  detection, and guardrails.",[689],{"kind":273,"files":690,"version":274,"lastModified":275,"subsets":691,"menu":296,"category":295,"variants":692,"family":272},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"regular":290,"italic":289,"800italic":285,"500italic":292,"600italic":294,"200italic":291,"900italic":286,"700italic":287,"100italic":288,"300italic":293},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"faRadar",[695,781],{"@type":106,"@version":107,"tagName":323,"id":696,"meta":697,"children":698},"builder-1d8553eddcaa44d7bba9e2f4ca13af2a",{"previousId":577},[699,715,722,729,738,748,758,768,775],{"@type":106,"@version":107,"id":700,"meta":701,"component":702,"responsiveStyles":713},"builder-84fe3d7c85a743cf8cef649aa974f1ef",{"previousId":581},{"name":327,"options":703,"isRSC":118},{"title":682,"description":704,"points":705,"video":712},"\u003Cp>Push continuously monitors your environment for exposed login paths, weak credentials, and missing protections like MFA. It detects the gaps attackers exploit and helps you close them before they’re used.\u003C/p>",[706,708,710],{"item":707},"Find weak spots like reused passwords, local logins, and missing MFA",{"item":709},"Monitor how users actually log in across apps, flows, and tools",{"item":711},"Enforce secure access with in-browser guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdbdcf52892034f1bbddded77f753a343%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=dbdcf52892034f1bbddded77f753a343&alt=media&optimized=true",{"large":714},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":716,"meta":717,"component":718,"responsiveStyles":720},"builder-b3f66f5b08054cc78a06fecfc3ae2337",{"previousId":597},{"name":346,"options":719,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":721},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":723,"meta":724,"component":725,"responsiveStyles":727},"builder-4c73418b84be49ed85e6e13d2625c5a0",{"previousId":604},{"name":354,"options":726,"isRSC":118},{"darkMode":41},{"large":728},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":730,"component":731,"responsiveStyles":736},"builder-dec0246085e1485c803f7152b1922a81",{"name":359,"tag":359,"options":732,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":733,"description":734,"image":735,"reverse":6},"\u003Ch2>Find the gaps that lead to compromise\u003C/h2>","\u003Cp>Misconfigurations don’t show up in your config files, they show up in how users actually access apps. Push monitors real login behavior in the browser, surfacing risky patterns like local login access, duplicate accounts, or missing protections that leave doors wide open.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F309a59bba8d247a19476bb369397460e",{"large":737},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":739,"meta":740,"component":741,"responsiveStyles":746},"builder-ebf049a645604a249550996a88f8f3b6",{"previousId":620},{"name":373,"options":742,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":743,"description":744,"reverse":41,"image":745},"\u003Ch2>See real login behavior\u003C/h2>","\u003Cp>Push watches authentication flows as they happen, giving you a live view of how users log in, which methods they choose, and where protections like MFA are missing. Plus, uncover every app and account in use, even shadow IT you didn’t know existed, without relying on stale config files or IdP assumptions. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb51f6b0357cc451b87a7a5016d984e5e",{"large":747},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":749,"meta":750,"component":751,"responsiveStyles":756},"builder-431d175c59004669b0b2776b07d71737",{"previousId":630},{"name":373,"options":752,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":753,"description":754,"reverse":6,"image":755},"\u003Ch2>Find and fix posture drift\u003C/h2>","\u003Cp>Security posture isn’t static. Push continuously monitors for issues like missing MFA or legacy login methods. When something falls out of policy, you know immediately with custom notifications so you can act before it turns into risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F324e39127dfc41e592b1183dfb39892d",{"large":757},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":759,"meta":760,"component":761,"responsiveStyles":766},"builder-3dffdcbe0a484e2ca4c03f019b6d40ee",{"previousId":640},{"name":373,"options":762,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":763,"description":764,"reverse":41,"image":765},"\u003Ch2>Guide users with in-browser guardrails\u003C/h2>","\u003Cp>Push doesn’t just surface problems, it helps you fix them. When users sign in without MFA, reuse a password, or use insecure credentials, Push prompts them directly in the browser to secure their access. It’s faster, more effective, and actually gets results.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fee8b75d13e45488aba55434a8b49ebb0",{"large":767},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":769,"meta":770,"component":771,"responsiveStyles":773},"builder-976bc222cd7647ff905f1e01cfedc453",{"previousId":650},{"name":354,"options":772,"isRSC":118},{"darkMode":6},{"large":774},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":776,"component":777,"responsiveStyles":779},"builder-8c47ec2fd0f74382bb3e6c870555632c",{"name":416,"tag":416,"options":778,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":780},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":782,"@type":106,"tagName":131,"properties":783,"responsiveStyles":784},"builder-pixel-7akm7dayau8",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":785},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":787},{"path":37,"query":788},{},{},1770892844854,1745499166112,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6ca12bf728a045f1a31d40c0beb3bfe5",[],{"kind":438,"lastPreviewUrl":795,"breakpoints":796,"hasLinks":6,"originalContentId":562,"winningTest":118,"hasAutosaves":6},"https://pushsecurity.com/uc/attack-path-hardening?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.23eb48fb56d3451cab77cb6ed140ee6d=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.use-case-page:/uc/attack-path-hardening=23eb48fb56d3451cab77cb6ed140ee6d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":798,"id":799,"name":800,"modelId":261,"published":13,"query":801,"data":804,"variations":909,"lastUpdated":910,"firstPublished":911,"testRatio":33,"screenshot":912,"createdBy":34,"lastUpdatedBy":674,"folders":913,"meta":914,"rev":440},1761675020232,"ea4f309d2ffe46c5aa97ebf0fda4e2e3","ClickFix Protection",[802],{"@type":264,"property":265,"operator":266,"value":803},"/uc/clickfix-protection",{"seoDescription":805,"fontAwesomeIcon":806,"customFonts":807,"seoTitle":812,"jsCode":37,"tsCode":37,"title":812,"blocks":813,"url":803,"state":906},"Block attacks that trick users into running malicious code.","faLaptopCode",[808],{"files":809,"subsets":810,"menu":296,"version":274,"kind":273,"family":272,"lastModified":275,"variants":811,"category":295},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"200italic":291,"800italic":285,"700italic":287,"600italic":294,"100italic":288,"italic":289,"regular":290,"300italic":293,"500italic":292,"900italic":286},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"ClickFix protection",[814,901],{"@type":106,"@version":107,"tagName":323,"id":815,"meta":816,"children":817},"builder-d7eefdde0f2a4b2b9de3dcb2978fd6cb",{"previousId":696},[818,834,841,848,858,868,878,888,895],{"@type":106,"@version":107,"id":819,"meta":820,"component":821,"responsiveStyles":832},"builder-56e2c54bcce040a4af8b92ae03706c12",{"previousId":700},{"name":327,"options":822,"isRSC":118},{"title":812,"description":823,"points":824,"image":831},"\u003Cp>ClickFix attacks are one of the fastest-growing threats, tricking users into copying malicious code from a webpage and running it locally. This technique bypasses traditional EDR, email gateways, and network filters, leading directly to ransomware and data theft. Push stops this attack at the source, in the browser, by detecting and blocking the malicious behavior before the user can ever paste the code.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[825,827,829],{"item":826},"Detect ClickFix, FileFix, and fake CAPTCHA in the browser",{"item":828},"Block malicious copy-and-paste actions before code is executed",{"item":830},"See full telemetry into which users were targeted and what they saw","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b74af62889847ebb3927364485b0546",{"large":833},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":835,"meta":836,"component":837,"responsiveStyles":839},"builder-05f9614d4e3e4dc88b3ee8658f54e10e",{"previousId":716},{"name":346,"options":838,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":840},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":842,"meta":843,"component":844,"responsiveStyles":846},"builder-c4fb5179366243c1b6c32d368675cf47",{"previousId":723},{"name":354,"options":845,"isRSC":118},{"darkMode":41},{"large":847},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":849,"meta":850,"component":851,"responsiveStyles":856},"builder-261af50705fd445d8cca4a6ba20d5391",{"previousId":730},{"name":359,"tag":359,"options":852,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":853,"description":854,"reverse":6,"image":855},"\u003Ch2>Stop ClickFix-style attacks before they become a breach\u003C/h2>","\u003Cp>Traditional security tools are blind to malicious copy and paste attacks because the attack exploits a gap between the browser and the endpoint. EDR only sees the payload after it runs, and network tools see only part of the picture.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F98b2f7e08dec4eafaf8e24937605b8cf",{"large":857},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":859,"meta":860,"component":861,"responsiveStyles":866},"builder-7d21b8aab8064c40b1e5dd23c4749309",{"previousId":739},{"name":373,"options":862,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":863,"description":864,"reverse":41,"image":865},"\u003Ch2>Discover lures at the source\u003C/h2>","\u003Cp>Push inspects page behavior to identify ClickFix attacks as they happen. By inspecting the page, its structure, and how the user interacts with it, Push can detect and block these in-browser threats in real time. This deep, TTP-based inspection spots the trap even on novel pages that are built to bypass traditional web filters and blocklists.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F665bf47e01544c75bf9ddafd3917927b",{"large":867},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":869,"meta":870,"component":871,"responsiveStyles":876},"builder-fb91943adf6149259ed9e1e6566c9afe",{"previousId":749},{"name":373,"options":872,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":873,"description":874,"reverse":6,"image":875},"\u003Ch2>Block the malicious action\u003C/h2>","\u003Cp>When Push detects a malicious script, it intercepts the user's action and blocks the code from being copied to the clipboard. The user is protected, the attack is stopped, and no malicious code ever reaches the endpoint. Unlike broad DLP tools, this action is surgical, targeting only malicious behavior without disrupting normal work.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5ee68f81f1ac416685cbfe91298cf827",{"large":877},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":879,"meta":880,"component":881,"responsiveStyles":886},"builder-bfac95fada864e5a8259b955b5b5f98b",{"previousId":759},{"name":373,"options":882,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":883,"description":884,"reverse":41,"image":885},"\u003Ch2>Accelerate ClickFix investigations\u003C/h2>","\u003Cp>When an attack happens, knowing what the user saw or did is critical. Push provides rich browser session data for rapid investigation and containment. Security teams get detailed telemetry on which users were targeted, what lure they were served, and when the block occurred. This enables defenders to reconstruct what happened and respond quickly, even when other tools miss the activity entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6cdf2a8aeddc4e9a9023cbf974e40239",{"large":887},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":889,"meta":890,"component":891,"responsiveStyles":893},"builder-136892e831684a6987f87d3be67c33d1",{"previousId":769},{"name":354,"options":892,"isRSC":118},{"darkMode":6},{"large":894},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":896,"component":897,"responsiveStyles":899},"builder-dec26b739f2f42beb5a73cfc6c675b60",{"name":416,"tag":416,"options":898,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":900},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":902,"@type":106,"tagName":131,"properties":903,"responsiveStyles":904},"builder-pixel-zzjpxxgrc2l",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":905},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":907},{"path":37,"query":908},{},{},1770892881888,1761847585203,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F375467b8bef34ed1a8a1cc5b8b67d75f",[],{"lastPreviewUrl":915,"originalContentId":681,"winningTest":118,"hasLinks":6,"kind":438,"breakpoints":916,"hasAutosaves":6},"https://pushsecurity.com/uc/clickfix-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.ea4f309d2ffe46c5aa97ebf0fda4e2e3=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.use-case-page:/uc/clickfix-protection=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":918,"id":919,"name":920,"modelId":261,"published":13,"query":921,"data":924,"variations":1029,"lastUpdated":1030,"firstPublished":1031,"testRatio":33,"screenshot":1032,"createdBy":34,"lastUpdatedBy":674,"folders":1033,"meta":1034,"rev":440},1745009743870,"a9d5556e77f84a37b5bd52310a7110c1","Incident response",[922],{"@type":264,"property":265,"operator":266,"value":923},"/uc/incident-response",{"seoDescription":925,"customFonts":926,"title":920,"jsCode":37,"fontAwesomeIcon":931,"seoTitle":932,"tsCode":37,"blocks":933,"url":923,"state":1026},"Investigate and respond faster with unique browser telemetry.",[927],{"kind":273,"subsets":928,"menu":296,"variants":929,"category":295,"family":272,"version":274,"lastModified":275,"files":930},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"900italic":286,"600italic":294,"200italic":291,"300italic":293,"100italic":288,"700italic":287,"800italic":285,"regular":290,"italic":289,"500italic":292},"faSatelliteDish","Browser based incident response",[934,1021],{"@type":106,"@version":107,"tagName":323,"id":935,"meta":936,"children":937},"builder-653c4aed737b4def88dc4cd2d695660a",{"previousId":696},[938,955,962,969,978,988,998,1008,1015],{"@type":106,"@version":107,"id":939,"meta":940,"component":941,"responsiveStyles":953},"builder-18190bd36518467d9154d27d7e945b9b",{"previousId":700},{"name":327,"options":942,"isRSC":118},{"title":943,"description":944,"points":945,"video":952},"Browser-based incident response","\u003Cp>Push gives you real-time visibility into what actually happened during a breach, right in the browser where the attack played out. From credential theft to session hijacking, Push captures high-fidelity telemetry so you can investigate quickly, contain confidently, and shut it down before it spreads.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[946,948,950],{"item":947},"Reconstruct what happened with real browser session context",{"item":949},"Investigate faster with real-world session context",{"item":951},"Trigger response actions automatically through your SIEM or SOAR","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd00e39d3b6e346c296261d875cf55652%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=d00e39d3b6e346c296261d875cf55652&alt=media&optimized=true",{"large":954},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":956,"meta":957,"component":958,"responsiveStyles":960},"builder-8a0a8ea63f5d48dd8a6726f2d49cf0ca",{"previousId":716},{"name":346,"options":959,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":961},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":963,"meta":964,"component":965,"responsiveStyles":967},"builder-2df65c3f54334df2b26e7cb744886cdc",{"previousId":723},{"name":354,"options":966,"isRSC":118},{"darkMode":41},{"large":968},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":970,"component":971,"responsiveStyles":976},"builder-2c32c869efc2423ab69ef06b150e9f97",{"name":359,"tag":359,"options":972,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":973,"description":974,"image":975,"reverse":6},"\u003Ch2>See attacks unfold, not just their aftermath\u003C/h2>","\u003Cp>Attacks happen in the browser, not in logs. Push captures what traditional tools miss: what users clicked, what loaded, what was entered, and how attackers moved. That gives you real-world evidence, not just assumptions, when every second matters.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F36fc719bd1de4a38b916f4d25c81a26d",{"large":977},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":979,"meta":980,"component":981,"responsiveStyles":986},"builder-370e53c6016e432db01e9193a2ce90f6",{"previousId":739},{"name":373,"options":982,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":983,"description":984,"reverse":41,"image":985},"\u003Ch2>Investigate faster with high-fidelity data\u003C/h2>","\u003Cp>Reconstructing an incident shouldn’t feel like guesswork. Push records detailed telemetry from inside the browser: page loads, credential inputs, DOM changes, session activity, user behavior. It’s structured, exportable, and ready to plug into your investigation workflows, so you can move fast without digging through proxy logs or relying on user reports.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa6adda040e684e67a8d68a55c5ce5f6d",{"large":987},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":989,"meta":990,"component":991,"responsiveStyles":996},"builder-a7f3767a8d184bd08fb24520bf210e95",{"previousId":749},{"name":373,"options":992,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":993,"description":994,"reverse":6,"image":995},"\u003Ch2>Contain and respond in real time\u003C/h2>","\u003Cp>When something looks off, Push doesn’t just alert you, it gives you options. Guide users with in-browser prompts. Terminate sessions. Trigger SOAR workflows. Enrich SIEM alerts. Push gives you the context and control to stop spread before it starts.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb3dedeed5aba4847a2c2d22e10d0ec12",{"large":997},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":999,"meta":1000,"component":1001,"responsiveStyles":1006},"builder-b92036ee0ece4b32acdbdcc7c377366b",{"previousId":759},{"name":373,"options":1002,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1003,"description":1004,"reverse":41,"image":1005},"\u003Ch2>Prevent the next one\u003C/h2>","\u003Cp>Push helps you respond fast, but it also helps you fix what went wrong. It surfaces misconfigurations and risky behaviors that made the attack possible in the first place, then guides users in-browser to remediate. One tool. Full loop. No loose ends.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc1ecc2d5d3814b62b072fac01827ff96",{"large":1007},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1009,"meta":1010,"component":1011,"responsiveStyles":1013},"builder-5e8ae39655274de89da32ab573a2525a",{"previousId":769},{"name":354,"options":1012,"isRSC":118},{"darkMode":6},{"large":1014},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1016,"component":1017,"responsiveStyles":1019},"builder-dfd6850cfb4741d2b8a0c16c2780f00a",{"name":416,"tag":416,"options":1018,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1020},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1022,"@type":106,"tagName":131,"properties":1023,"responsiveStyles":1024},"builder-pixel-z197gdgcmu",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1025},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1027},{"path":37,"query":1028},{},{},1770892908052,1745427419274,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb07017bfd318431690a5bb35bda35b99",[],{"kind":438,"breakpoints":1035,"originalContentId":681,"winningTest":118,"lastPreviewUrl":1036,"hasLinks":6,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/incident-response?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.a9d5556e77f84a37b5bd52310a7110c1=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.use-case-page:/uc/incident-response=a9d5556e77f84a37b5bd52310a7110c1&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"createdDate":1038,"id":1039,"name":1040,"modelId":261,"published":13,"query":1041,"data":1044,"variations":1149,"lastUpdated":1150,"firstPublished":1151,"testRatio":33,"screenshot":1152,"createdBy":34,"lastUpdatedBy":674,"folders":1153,"meta":1154,"rev":440},1746122471259,"5f118e24433d46ceb79f5099987156d7","Shadow SaaS",[1042],{"@type":264,"property":265,"operator":266,"value":1043},"/uc/shadow-saas",{"seoTitle":1045,"seoDescription":1046,"customFonts":1047,"fontAwesomeIcon":1052,"title":1053,"jsCode":37,"tsCode":37,"blocks":1054,"url":1043,"state":1146},"Find and secure shadow SaaS","See and control shadow SaaS in the browser.",[1048],{"kind":273,"variants":1049,"files":1050,"family":272,"version":274,"subsets":1051,"lastModified":275,"category":295,"menu":296},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"regular":290,"900italic":286,"italic":289,"100italic":288,"200italic":291,"600italic":294,"700italic":287,"800italic":285},[298,299],"faShieldCheck","Secure shadow SaaS",[1055,1141],{"@type":106,"@version":107,"tagName":323,"id":1056,"meta":1057,"children":1058},"builder-04da805c4cd34652a2db452fcda52e1d",{"previousId":935},[1059,1075,1082,1089,1098,1108,1118,1128,1135],{"@type":106,"@version":107,"id":1060,"meta":1061,"component":1062,"responsiveStyles":1073},"builder-830d414faeaf41439142f9157e8288c8",{"previousId":939},{"name":327,"options":1063,"isRSC":118},{"title":1045,"description":1064,"points":1065,"video":1072},"\u003Cp>SaaS sprawl is one of today’s fastest-growing security blind spots because most tools monitor around the edges. Push sees it at the source, in the browser, revealing every app users access, flagging risky tools, and helping you shut down exposure before it leads to a breach. No guesswork. No nasty surprises. Just real-time visibility and control.\u003C/p>",[1066,1068,1070],{"item":1067},"Discover every SaaS app users access, managed or not",{"item":1069},"Spot accounts with weak security postures like missing MFA, unmanaged access, and no SSO",{"item":1071},"Control usage with in-browser prompts, blocks, and security guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e4eece318d04d6586e691d59d0741cf%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=3e4eece318d04d6586e691d59d0741cf&alt=media&optimized=true",{"large":1074},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1076,"meta":1077,"component":1078,"responsiveStyles":1080},"builder-cd7833f966cb4c7e8adf0d6c979414a6",{"previousId":956},{"name":346,"options":1079,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1081},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1083,"meta":1084,"component":1085,"responsiveStyles":1087},"builder-49d720b45430454e8b08c526f267c19f",{"previousId":963},{"name":354,"options":1086,"isRSC":118},{"darkMode":41},{"large":1088},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1090,"component":1091,"responsiveStyles":1096},"builder-3dde0bf6c8544e5e9ab41b18a9d68034",{"name":359,"tag":359,"options":1092,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1093,"description":1094,"image":1095,"reverse":6},"\u003Ch2>Use your browser to curb Saas Sprawl\u003C/h2>","\u003Cp>Shadow SaaS isn’t hiding in your network, it’s in your browser. From AI tools to unsanctioned file-sharing sites, security risks live in the apps your users sign into every day. Push maps your organization's true SaaS footprint in real time, exposing apps and accounts with unmanaged access, poor authentication, or no security oversight.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb6811a214c7949b6bbe0b9a3bca62efd",{"large":1097},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1099,"meta":1100,"component":1101,"responsiveStyles":1106},"builder-e2420451ccdc4f088d0a4904cff45935",{"previousId":979},{"name":373,"options":1102,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1103,"description":1104,"reverse":41,"image":1105},"\u003Ch2>Discover hidden SaaS usage\u003C/h2>","\u003Cp>Push captures live browser telemetry across every tab and session. Whether a user signs into a sanctioned app with a personal account or tries a new AI plugin, you’ll see it in real time, with no integrations or manual tagging.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe16e301f9af94665b95d98232a863d8a",{"large":1107},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1109,"meta":1110,"component":1111,"responsiveStyles":1116},"builder-b36de7fce7994beea9e58d94662e7166",{"previousId":989},{"name":373,"options":1112,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1113,"description":1114,"reverse":6,"image":1115},"\u003Ch2>Spot risky access and unsafe usage\u003C/h2>","\u003Cp>Discovery is just the beginning. Push flags apps with risky traits, no MFA, no SSO, known vulnerabilities, or broad access scopes. You’ll know which tools introduce real risk, and which users are exposed so you can act with precision.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6585f3c242da4d70ae3cb7d02f481bef",{"large":1117},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1119,"meta":1120,"component":1121,"responsiveStyles":1126},"builder-dc366b5134684fe7a508edf8913103ea",{"previousId":999},{"name":373,"options":1122,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1123,"description":1124,"reverse":41,"image":1125},"\u003Ch2>Close gaps before they grow\u003C/h2>","\u003Cp>Push turns insight into action. When risky SaaS use is detected, guide users to enable MFA, block high-risk apps, or apply in-browser guardrails automatically. All without deploying new infrastructure or managing dozens of integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe6d60b6d91414819bc6258a318f00557",{"large":1127},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1129,"meta":1130,"component":1131,"responsiveStyles":1133},"builder-8708f6f0d8da4b3f9e17bf16cda70219",{"previousId":1009},{"name":354,"options":1132,"isRSC":118},{"darkMode":6},{"large":1134},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1136,"component":1137,"responsiveStyles":1139},"builder-8ff4b38d60534cf28cb523ab0f754875",{"name":416,"tag":416,"options":1138,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1140},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1142,"@type":106,"tagName":131,"properties":1143,"responsiveStyles":1144},"builder-pixel-d1ul2kmxbed",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1145},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1147},{"path":37,"query":1148},{},{},1770892936802,1746714967208,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01bfb2304521412fbd2e1a1180904d40",[],{"originalContentId":919,"winningTest":118,"lastPreviewUrl":1155,"breakpoints":1156,"kind":438,"hasLinks":6,"hasAutosaves":6},"https://pushsecurity.com/uc/shadow-saas?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=5f118e24433d46ceb79f5099987156d7&builder.overrides.5f118e24433d46ceb79f5099987156d7=5f118e24433d46ceb79f5099987156d7&builder.overrides.use-case-page:/uc/shadow-saas=5f118e24433d46ceb79f5099987156d7&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":1158,"id":1159,"name":1160,"modelId":261,"published":13,"query":1161,"data":1164,"variations":1268,"lastUpdated":1269,"firstPublished":1270,"testRatio":33,"screenshot":1271,"createdBy":34,"lastUpdatedBy":674,"folders":1272,"meta":1273,"rev":440},1764707470172,"b62629ce2f3741158d961cd10fe74b31","Shadow AI",[1162],{"@type":264,"property":265,"operator":266,"value":1163},"/uc/shadow-ai",{"fontAwesomeIcon":1165,"seoTitle":1166,"jsCode":37,"customFonts":1167,"title":1172,"tsCode":37,"seoDescription":1173,"blocks":1174,"url":1163,"state":1265},"faBrainCircuit","Secure AI native and AI enhanced apps. ",[1168],{"variants":1169,"category":295,"files":1170,"subsets":1171,"family":272,"kind":273,"menu":296,"lastModified":275,"version":274},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"regular":290,"700italic":287,"200italic":291,"italic":289,"500italic":292,"600italic":294,"300italic":293,"100italic":288,"900italic":286},[298,299],"Secure shadow AI","See and control shadow AI apps in the browser.",[1175,1260],{"@type":106,"@version":107,"tagName":323,"id":1176,"meta":1177,"children":1178},"builder-a6e5717a2c914d5695058e4ee201a05d",{"previousId":1056},[1179,1195,1202,1209,1219,1228,1237,1247,1254],{"@type":106,"@version":107,"id":1180,"meta":1181,"component":1182,"responsiveStyles":1193},"builder-3e0ed678683f4a0eb7aa00253cf263b2",{"previousId":1060},{"name":327,"options":1183,"isRSC":118},{"title":1172,"description":1184,"points":1185,"image":1192},"\u003Cp>Your employees are adopting AI faster than you can track it. From native features in corporate apps to unapproved shadow tools, it’s all happening in the browser. Push detects every AI interaction in real time, letting you categorize apps and enforce acceptable use policies in the browser.\u003C/p>",[1186,1188,1190],{"item":1187},"Map every AI tool used across your workforce",{"item":1189},"Review and classify apps by sensitivity, purpose, and policy status",{"item":1191},"Enforce AI usage rules directly in the browser","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33cf153d920f4e389f3650253577cff7",{"large":1194},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1196,"meta":1197,"component":1198,"responsiveStyles":1200},"builder-76968f8471d14893b8189d75b08fb426",{"previousId":1076},{"name":346,"options":1199,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1201},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1203,"meta":1204,"component":1205,"responsiveStyles":1207},"builder-b55b9d4bc5a649d8839ce7f6c2043d95",{"previousId":1083},{"name":354,"options":1206,"isRSC":118},{"darkMode":41},{"large":1208},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1210,"meta":1211,"component":1212,"responsiveStyles":1217},"builder-c3f38ef4d75d4989a29b5903175ed8a1",{"previousId":1090},{"name":359,"tag":359,"options":1213,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1214,"description":1215,"image":1216,"reverse":6},"\u003Ch2>Use your browser to govern AI \u003C/h2>","\u003Cp>The AI footprint inside your company is bigger than you think. From text generators to meeting assistants and design copilots, employees test, adopt, and connect new tools constantly. Push shows you those tools and which users are accessing them, without relying on network scans or API integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F30b43bda6f1644c19478fb1efa20050c",{"large":1218},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1220,"meta":1221,"component":1222,"responsiveStyles":1226},"builder-90ee9cb9afc44e7f885523715bf51a53",{"previousId":1099},{"name":373,"options":1223,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1224,"description":1225,"reverse":41,"image":1115},"\u003Ch2>Discover every AI tool users touch\u003C/h2>","\u003Cp>Push captures live telemetry from the browser, identifying every AI-native and AI-enhanced application users access. You’ll know which corporate identities are connected, how data flows, and what new AI apps appear across your environment. \u003C/p>",{"large":1227},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1229,"meta":1230,"component":1231,"responsiveStyles":1235},"builder-9e44539fa53c4d8e87406036c921fc46",{"previousId":1109},{"name":373,"options":1232,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1233,"description":1234,"reverse":6,"image":1125},"\u003Ch2>Classify and manage AI risk\u003C/h2>","\u003Cp>For apps you choose to allow, Push lets you apply custom in-browser banners. You can bulk-select categories of AI tools and require users to read and acknowledge your acceptable use policy before they proceed. This creates an auditable trail and moves policy from an easy to forget document to an active, in-workflow control.\u003C/p>",{"large":1236},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1238,"meta":1239,"component":1240,"responsiveStyles":1245},"builder-44c1a891926f4bdeaaa37e90721fe6ac",{"previousId":1119},{"name":373,"options":1241,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1242,"description":1243,"reverse":41,"image":1244},"\u003Ch2>Enforce your AI policy in the browser\u003C/h2>","\u003Cp>When an AI tool is deemed non-compliant or too risky, Push blocks it at the source. The block happens directly in the browser, preventing the user from accessing the site or submitting data. This gives you an immediate, powerful lever to stop data exfiltration and enforce a hard line on unacceptable risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa359ac1805af4e15a8a7f84632b9bb55",{"large":1246},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1248,"meta":1249,"component":1250,"responsiveStyles":1252},"builder-dcc906f9cbe54dc68b3c672668e7a38f",{"previousId":1129},{"name":354,"options":1251,"isRSC":118},{"darkMode":6},{"large":1253},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1255,"component":1256,"responsiveStyles":1258},"builder-d2d64780c31b4349bc75805b23a07e38",{"name":416,"tag":416,"options":1257,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1259},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1261,"@type":106,"tagName":131,"properties":1262,"responsiveStyles":1263},"builder-pixel-wxx9tk70r9p",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1264},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1266},{"path":37,"query":1267},{},{},1770892957225,1764950077593,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe558b8b069884037a8e6904f7ecc029c",[],{"winningTest":118,"breakpoints":1274,"originalContentId":1039,"kind":438,"lastPreviewUrl":1275,"hasLinks":6,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/shadow-ai?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=b62629ce2f3741158d961cd10fe74b31&builder.overrides.b62629ce2f3741158d961cd10fe74b31=b62629ce2f3741158d961cd10fe74b31&builder.overrides.use-case-page:/uc/shadow-ai=b62629ce2f3741158d961cd10fe74b31&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"_path":1277,"_dir":1278,"_draft":6,"_partial":6,"_locale":37,"sys":1279,"ogImage":118,"summary":1282,"title":1300,"subtitle":118,"metaTitle":1301,"synopsis":1302,"hashTags":118,"publishedDate":1303,"slug":1304,"tagsCollection":1305,"relatedBlogPostsCollection":1315,"authorsCollection":2456,"content":2460,"_id":3292,"_type":3293,"_source":3294,"_file":3295,"_stem":3296,"_extension":3293},"/blog/cyber-essentials-april-2026-update","blog",{"id":1280,"publishedAt":1281},"40T71ukTt8FYSIuFJCYM8H","2026-02-13T09:59:51.444Z",{"json":1283},{"data":1284,"content":1285,"nodeType":1299},{},[1286],{"data":1287,"content":1288,"nodeType":1298},{},[1289,1294],{"data":1290,"marks":1291,"value":1292,"nodeType":1293},{},[],"Big changes are being made to the Cyber Essentials scheme in 2026 that will significantly change how companies are required to validate compliance. Here’s what you need to know about the changes ","text",{"data":1295,"marks":1296,"value":1297,"nodeType":1293},{},[],"and how Push Security can help you deal with them. ","paragraph","document","Cyber Essentials April 2026 update: Mandatory MFA on ALL cloud services (and how Push can help)","Cyber Essentials 2026: Mandatory MFA on ALL cloud services","Big changes are being made to the Cyber Essentials scheme in 2026 that will change how companies must validate compliance. Here’s what you need to know. ","2026-02-12T00:00:00.000Z","cyber-essentials-april-2026-update",{"items":1306},[1307,1311],{"sys":1308,"name":1310},{"id":1309},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"sys":1312,"name":1314},{"id":1313},"3pjES4THCIfSAwhGdNwBcy","Identity security",{"items":1316},[1317,1933],{"__typename":1318,"sys":1319,"content":1321,"title":1913,"synopsis":1914,"hashTags":118,"publishedDate":1915,"slug":1916,"tagsCollection":1917,"authorsCollection":1925},"BlogPosts",{"id":1320},"7pU8f4ojNr8rttiSNS2qSU",{"json":1322},{"data":1323,"content":1324,"nodeType":1299},{},[1325,1347,1354,1361,1432,1478,1487,1494,1498,1508,1515,1563,1584,1591,1594,1602,1609,1642,1649,1657,1660,1668,1677,1684,1691,1699,1706,1713,1721,1728,1748,1754,1757,1765,1772,1792,1799,1806,1809,1817,1824,1831,1838,1845,1851,1854,1862,1869,1902,1907],{"data":1326,"content":1327,"nodeType":1298},{},[1328,1332,1343],{"data":1329,"marks":1330,"value":1331,"nodeType":1293},{},[],"The ",{"data":1333,"content":1335,"nodeType":1342},{"uri":1334},"https://therecord.media/auto-insurance-companies-fined-ny-state-pre-fill-data-breaches",[1336],{"data":1337,"marks":1338,"value":1341,"nodeType":1293},{},[1339],{"type":1340},"underline","latest regulatory enforcement","hyperlink",{"data":1344,"marks":1345,"value":1346,"nodeType":1293},{},[]," from NYDFS resulted in a total of $14.2m in fines across 8 insurance providers following data breaches that exposed the private information of more than 825,000 people, due to vulnerabilities affecting both its consumer-facing and internal quoting tools. ",{"data":1348,"content":1349,"nodeType":1298},{},[1350],{"data":1351,"marks":1352,"value":1353,"nodeType":1293},{},[],"Several of the companies did not have multi-factor authentication in place for insurance agents who used the private version of the tool. ",{"data":1355,"content":1356,"nodeType":1298},{},[1357],{"data":1358,"marks":1359,"value":1360,"nodeType":1293},{},[],"This isn’t the first time that NYDFS has issued fines for missing MFA. NYDFS fined:",{"data":1362,"content":1363,"nodeType":1431},{},[1364,1387,1409],{"data":1365,"content":1366,"nodeType":1386},{},[1367],{"data":1368,"content":1369,"nodeType":1298},{},[1370,1373,1382],{"data":1371,"marks":1372,"value":37,"nodeType":1293},{},[],{"data":1374,"content":1376,"nodeType":1342},{"uri":1375},"https://therecord.media/new-york-fines-auto-insurers-11-million-leaked-data",[1377],{"data":1378,"marks":1379,"value":1381,"nodeType":1293},{},[1380],{"type":1340},"Travelers Insurance",{"data":1383,"marks":1384,"value":1385,"nodeType":1293},{},[]," $1.55m for failing to enforce MFA on its system used by insurance agents.","list-item",{"data":1388,"content":1389,"nodeType":1386},{},[1390],{"data":1391,"content":1392,"nodeType":1298},{},[1393,1396,1405],{"data":1394,"marks":1395,"value":37,"nodeType":1293},{},[],{"data":1397,"content":1399,"nodeType":1342},{"uri":1398},"https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202104141",[1400],{"data":1401,"marks":1402,"value":1404,"nodeType":1293},{},[1403],{"type":1340},"National Securities Corporation",{"data":1406,"marks":1407,"value":1408,"nodeType":1293},{},[]," $3m for failing to implement MFA.",{"data":1410,"content":1411,"nodeType":1386},{},[1412],{"data":1413,"content":1414,"nodeType":1298},{},[1415,1418,1427],{"data":1416,"marks":1417,"value":37,"nodeType":1293},{},[],{"data":1419,"content":1421,"nodeType":1342},{"uri":1420},"https://www.dfs.ny.gov/system/files/documents/2023/05/ea20230524_co_onemain.pdf",[1422],{"data":1423,"marks":1424,"value":1426,"nodeType":1293},{},[1425],{"type":1340},"OneMain Financial",{"data":1428,"marks":1429,"value":1430,"nodeType":1293},{},[]," $4.2m for working with third-party service providers that did not enforce MFA.","unordered-list",{"data":1433,"content":1434,"nodeType":1298},{},[1435,1439,1448,1452,1461,1465,1474],{"data":1436,"marks":1437,"value":1438,"nodeType":1293},{},[],"NYDFS is not alone in issuing enforcements for missing MFA. Fines levied under ",{"data":1440,"content":1442,"nodeType":1342},{"uri":1441},"https://compliancy-group.com/childrens-hospital-colorado-fined-by-ocr/",[1443],{"data":1444,"marks":1445,"value":1447,"nodeType":1293},{},[1446],{"type":1340},"HIPAA",{"data":1449,"marks":1450,"value":1451,"nodeType":1293},{},[]," and ",{"data":1453,"content":1455,"nodeType":1342},{"uri":1454},"https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/03/software-provider-fined-3m-following-2022-ransomware-attack/",[1456],{"data":1457,"marks":1458,"value":1460,"nodeType":1293},{},[1459],{"type":1340},"GDPR",{"data":1462,"marks":1463,"value":1464,"nodeType":1293},{},[]," have also penalised MFA gaps. There are also recent examples of ",{"data":1466,"content":1468,"nodeType":1342},{"uri":1467},"https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713",[1469],{"data":1470,"marks":1471,"value":1473,"nodeType":1293},{},[1472],{"type":1340},"insurance claim denial",{"data":1475,"marks":1476,"value":1477,"nodeType":1293},{},[]," due to the lack of MFA. ",{"data":1479,"content":1485,"nodeType":1486},{"target":1480},{"sys":1481},{"id":1482,"type":1483,"linkType":1484},"29fhgKLvjD3OJfJF1ZgC5g","Link","Entry",[],"embedded-entry-block",{"data":1488,"content":1489,"nodeType":1298},{},[1490],{"data":1491,"marks":1492,"value":1493,"nodeType":1293},{},[],"This serves as the backdrop for upcoming changes to NYCRR Part 500 that will further tighten the requirements around MFA and asset inventory procedures. ",{"data":1495,"content":1496,"nodeType":1497},{},[],"hr",{"data":1499,"content":1500,"nodeType":1507},{},[1501],{"data":1502,"marks":1503,"value":1506,"nodeType":1293},{},[1504],{"type":1505},"bold","How NYCRR Part 500 is getting stricter on MFA","heading-1",{"data":1509,"content":1510,"nodeType":1298},{},[1511],{"data":1512,"marks":1513,"value":1514,"nodeType":1293},{},[],"As demonstrated by the enforcements relating to MFA gaps, NYCRR Part 500 is already quite strict on its MFA requirements. Section 500.12 mandates MFA for:",{"data":1516,"content":1517,"nodeType":1431},{},[1518,1533,1548],{"data":1519,"content":1520,"nodeType":1386},{},[1521],{"data":1522,"content":1523,"nodeType":1298},{},[1524,1529],{"data":1525,"marks":1526,"value":1528,"nodeType":1293},{},[1527],{"type":1505},"Remote access to internal systems:",{"data":1530,"marks":1531,"value":1532,"nodeType":1293},{},[]," Any user connecting from outside the organization’s network (e.g. over the internet or other external networks) must authenticate with MFA.",{"data":1534,"content":1535,"nodeType":1386},{},[1536],{"data":1537,"content":1538,"nodeType":1298},{},[1539,1544],{"data":1540,"marks":1541,"value":1543,"nodeType":1293},{},[1542],{"type":1505},"Remote access to third-party or cloud applications holding non-public information: ",{"data":1545,"marks":1546,"value":1547,"nodeType":1293},{},[],"Covered entities must also use MFA for access to external applications (such as cloud services) that contain non-public Information. NYDFS explicitly considers platforms like Office 365, Google Workspace, Salesforce, AWS/Azure cloud resources, fintech or AI platforms, and any other third-party service provider systems that handle the company’s data as part of a firm’s “internal network”.",{"data":1549,"content":1550,"nodeType":1386},{},[1551],{"data":1552,"content":1553,"nodeType":1298},{},[1554,1559],{"data":1555,"marks":1556,"value":1558,"nodeType":1293},{},[1557],{"type":1505},"Privileged accounts: ",{"data":1560,"marks":1561,"value":1562,"nodeType":1293},{},[],"MFA is required for all privileged accounts (administrative or elevated privilege accounts) to prevent unauthorized use. ",{"data":1564,"content":1565,"nodeType":1298},{},[1566,1570,1575,1579],{"data":1567,"marks":1568,"value":1569,"nodeType":1293},{},[],"The changes coming into place on November 1st broaden the scope of MFA to ",{"data":1571,"marks":1572,"value":1574,"nodeType":1293},{},[1573],{"type":1505},"all access",{"data":1576,"marks":1577,"value":1578,"nodeType":1293},{},[],": covered entities must require multi-factor authentication for any individual accessing any of the entity’s information systems, regardless of user type, location, or the sensitivity of the system. In other words, ",{"data":1580,"marks":1581,"value":1583,"nodeType":1293},{},[1582],{"type":1505},"MFA is no longer limited to remote logins or systems containing non-public information – it now applies enterprise-wide, even for internal or on-premises access and for systems that may not hold sensitive data.",{"data":1585,"content":1586,"nodeType":1298},{},[1587],{"data":1588,"marks":1589,"value":1590,"nodeType":1293},{},[],"The newly introduced requirement for a maintained and periodically reviewed asset inventory of all information systems also directly impacts the scope of MFA enforcement. NYDFS has consistently included outsourced, third-party, and cloud applications services used by an organization within its scope.",{"data":1592,"content":1593,"nodeType":1497},{},[],{"data":1595,"content":1596,"nodeType":1507},{},[1597],{"data":1598,"marks":1599,"value":1601,"nodeType":1293},{},[1600],{"type":1505},"What this means for compliance",{"data":1603,"content":1604,"nodeType":1298},{},[1605],{"data":1606,"marks":1607,"value":1608,"nodeType":1293},{},[],"To be able to maintain compliance with NYCRR Part 500, organizations must:",{"data":1610,"content":1611,"nodeType":1431},{},[1612,1622,1632],{"data":1613,"content":1614,"nodeType":1386},{},[1615],{"data":1616,"content":1617,"nodeType":1298},{},[1618],{"data":1619,"marks":1620,"value":1621,"nodeType":1293},{},[],"Inventory all apps and services that are accessed over the internet.",{"data":1623,"content":1624,"nodeType":1386},{},[1625],{"data":1626,"content":1627,"nodeType":1298},{},[1628],{"data":1629,"marks":1630,"value":1631,"nodeType":1293},{},[],"Achieve MFA compliance across all apps. ",{"data":1633,"content":1634,"nodeType":1386},{},[1635],{"data":1636,"content":1637,"nodeType":1298},{},[1638],{"data":1639,"marks":1640,"value":1641,"nodeType":1293},{},[],"Regularly demonstrate an up-to-date app inventory and MFA coverage. ",{"data":1643,"content":1644,"nodeType":1298},{},[1645],{"data":1646,"marks":1647,"value":1648,"nodeType":1293},{},[],"If this cannot be achieved or a breach occurs that demonstrates inadequate visibility or coverage, precedent indicates that regulatory enforcement will follow. ",{"data":1650,"content":1651,"nodeType":1298},{},[1652],{"data":1653,"marks":1654,"value":1656,"nodeType":1293},{},[1655],{"type":1505},"Unfortunately, this is easier said than done for most organizations. ",{"data":1658,"content":1659,"nodeType":1497},{},[],{"data":1661,"content":1662,"nodeType":1507},{},[1663],{"data":1664,"marks":1665,"value":1667,"nodeType":1293},{},[1666],{"type":1505},"Why is this a problem?",{"data":1669,"content":1670,"nodeType":1676},{},[1671],{"data":1672,"marks":1673,"value":1675,"nodeType":1293},{},[1674],{"type":1505},"App sprawl and shadow SaaS","heading-2",{"data":1678,"content":1679,"nodeType":1298},{},[1680],{"data":1681,"marks":1682,"value":1683,"nodeType":1293},{},[],"Most organizations now use hundreds of SaaS applications, which translates into thousands of sprawling user identities, login methods, and ways to access company systems and data. True MFA coverage expands beyond your centrally managed, SSO-connected apps or your primary enterprise login to any and every app used by your employees for work.",{"data":1685,"content":1686,"nodeType":1298},{},[1687],{"data":1688,"marks":1689,"value":1690,"nodeType":1293},{},[],"But with many apps not directly managed by IT or properly onboarded, it’s all too common for shadow apps to sit outside the scope of typical audits — but inside the reach of attackers.",{"data":1692,"content":1693,"nodeType":1676},{},[1694],{"data":1695,"marks":1696,"value":1698,"nodeType":1293},{},[1697],{"type":1505},"Configuration challenges",{"data":1700,"content":1701,"nodeType":1298},{},[1702],{"data":1703,"marks":1704,"value":1705,"nodeType":1293},{},[],"Even when apps are known about, each app is built differently. Design choices can have a big impact on how authentication and account management is handled. This leads to situations where, for example, apps allow simultaneous login methods, don’t provide admin-level controls to enforce MFA, or allow account config changes on behalf of users in your app tenant.",{"data":1707,"content":1708,"nodeType":1298},{},[1709],{"data":1710,"marks":1711,"value":1712,"nodeType":1293},{},[],"This isn’t just an app sprawl problem either — even when it comes to core environments the complexities of configuration can lead to coverage gaps. Anyone that’s had to manage group policy in Microsoft, for example, can attest to how convoluted and error-prone this is. ",{"data":1714,"content":1715,"nodeType":1676},{},[1716],{"data":1717,"marks":1718,"value":1720,"nodeType":1293},{},[1719],{"type":1505},"Ghost logins",{"data":1722,"content":1723,"nodeType":1298},{},[1724],{"data":1725,"marks":1726,"value":1727,"nodeType":1293},{},[],"When an app is first used, particularly if self-adopted, a username and password is typically created. Even when an SSO login is created, it’s usually added on top of password authentication instead of replacing it. And unless specifically disabled or removed, these password-based login methods can continue to be used. ",{"data":1729,"content":1730,"nodeType":1298},{},[1731,1735,1744],{"data":1732,"marks":1733,"value":1734,"nodeType":1293},{},[],"Because most organizations rely on configuring MFA at their IdP login, local logins without MFA can go unnoticed. These “ghost logins” can lead to unexpected MFA gaps that leave accounts exposed. According to Push data, ",{"data":1736,"content":1738,"nodeType":1342},{"uri":1737},"https://pushsecurity.com/blog/how-many-vulnerable-identities-do-you-have/",[1739],{"data":1740,"marks":1741,"value":1743,"nodeType":1293},{},[1742],{"type":1340},"2 in 5 accounts are missing MFA",{"data":1745,"marks":1746,"value":1747,"nodeType":1293},{},[],", and many also have a password vulnerability (such as appearing in a password breach or compromised credential feed) that means they’re sitting ducks for an attacker, waiting to be exploited.",{"data":1749,"content":1753,"nodeType":1486},{"target":1750},{"sys":1751},{"id":1752,"type":1483,"linkType":1484},"3ZLHFb7DD3Q3f8oH5f3l9X",[],{"data":1755,"content":1756,"nodeType":1497},{},[],{"data":1758,"content":1759,"nodeType":1507},{},[1760],{"data":1761,"marks":1762,"value":1764,"nodeType":1293},{},[1763],{"type":1505},"The future of compliance",{"data":1766,"content":1767,"nodeType":1298},{},[1768],{"data":1769,"marks":1770,"value":1771,"nodeType":1293},{},[],"NYDFS is leading the way in terms of its stance on MFA and understanding of the modern, decentralized, SaaS-centric IT landscape. But they’re not alone, and other regulators will follow suit as breaches continue to dominate the headlines. ",{"data":1773,"content":1774,"nodeType":1298},{},[1775,1779,1788],{"data":1776,"marks":1777,"value":1778,"nodeType":1293},{},[],"It can take a while for a major breach to translate into regulatory enforcement. ",{"data":1780,"content":1782,"nodeType":1342},{"uri":1781},"https://pushsecurity.com/blog/snowflake-retro/",[1783],{"data":1784,"marks":1785,"value":1787,"nodeType":1293},{},[1786],{"type":1340},"2024’s Snowflake breaches",{"data":1789,"marks":1790,"value":1791,"nodeType":1293},{},[]," are a great example of this. Attackers exploited widespread MFA gaps to log into customer Snowflake tenants and steal hundreds of millions of customer records. This was made worse by the fact that the credentials used to access these accounts were found in infostealer credential dumps dating back to 2020 — just sitting around waiting for attackers to exploit them. ",{"data":1793,"content":1794,"nodeType":1298},{},[1795],{"data":1796,"marks":1797,"value":1798,"nodeType":1293},{},[],"In the wake of Snowflake, multiple regulatory bodies have yet to make a judgement. The Spanish data protection authority (AEPD), the U.S. FCC, FTC, and various state data protection authorities all have investigations ongoing, with class action lawsuits also taking place against many of the impacted businesses. ",{"data":1800,"content":1801,"nodeType":1298},{},[1802],{"data":1803,"marks":1804,"value":1805,"nodeType":1293},{},[],"As we’ve seen with NYDFS’s post-breach enforcement, even if you think you’ve complied by rolling out MFA at the application level, but still have vulnerable accounts, you will be penalised in the event of a breach. This is why a policy or control based view of MFA compliance is no longer sufficient — you need to be able to audit and validate MFA configuration at the account level.",{"data":1807,"content":1808,"nodeType":1497},{},[],{"data":1810,"content":1811,"nodeType":1507},{},[1812],{"data":1813,"marks":1814,"value":1816,"nodeType":1293},{},[1815],{"type":1505},"How Push Security can help",{"data":1818,"content":1819,"nodeType":1298},{},[1820],{"data":1821,"marks":1822,"value":1823,"nodeType":1293},{},[],"Push Security’s browser-based security platform observes logins directly in employee browsers, building a comprehensive picture of user identities and login methods across every app.",{"data":1825,"content":1826,"nodeType":1298},{},[1827],{"data":1828,"marks":1829,"value":1830,"nodeType":1293},{},[],"Push shows you every app your employees are using (even the unmanaged ones you don’t know about), providing detailed information about how users are logging in, and where vulnerabilities exist. This includes accounts missing MFA, where users are logging in with a username and password over SSO, and where a user’s password has appeared in a compromised credential feed. You can also use Push to deliver in-browser guidance to users to prompt them to remediate insecure logins.",{"data":1832,"content":1833,"nodeType":1298},{},[1834],{"data":1835,"marks":1836,"value":1837,"nodeType":1293},{},[],"With Push, you can build a full picture of your app estate and MFA posture down to the individual account level, with real-time, continuous monitoring of identities to catch and course-correct any drift that could be exploited by attackers — helping you to achieve and maintain compliance with regulations like NYCRR Part 500.",{"data":1839,"content":1840,"nodeType":1298},{},[1841],{"data":1842,"marks":1843,"value":1844,"nodeType":1293},{},[],"Check out the video below for more information.",{"data":1846,"content":1850,"nodeType":1486},{"target":1847},{"sys":1848},{"id":1849,"type":1483,"linkType":1484},"1axELRNRyXglrf81FEkDhb",[],{"data":1852,"content":1853,"nodeType":1497},{},[],{"data":1855,"content":1856,"nodeType":1507},{},[1857],{"data":1858,"marks":1859,"value":1861,"nodeType":1293},{},[1860],{"type":1505},"Learn more",{"data":1863,"content":1864,"nodeType":1298},{},[1865],{"data":1866,"marks":1867,"value":1868,"nodeType":1293},{},[],"This isn’t all we do: Push’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, malicious OAuth grants, ClickFix, and session hijacking. You don’t need to wait until it all goes wrong — you can also use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your identity attack surface.",{"data":1870,"content":1871,"nodeType":1298},{},[1872,1876,1885,1889,1898],{"data":1873,"marks":1874,"value":1875,"nodeType":1293},{},[],"To learn more about Push, ",{"data":1877,"content":1879,"nodeType":1342},{"uri":1878},"https://pushsecurity.com/resources/product-brochure",[1880],{"data":1881,"marks":1882,"value":1884,"nodeType":1293},{},[1883],{"type":1340},"check out our latest product overview",{"data":1886,"marks":1887,"value":1888,"nodeType":1293},{},[]," or ",{"data":1890,"content":1892,"nodeType":1342},{"uri":1891},"https://pushsecurity.com/demo",[1893],{"data":1894,"marks":1895,"value":1897,"nodeType":1293},{},[1896],{"type":1340},"book some time with one of our team for a live demo",{"data":1899,"marks":1900,"value":1901,"nodeType":1293},{},[],".",{"data":1903,"content":1906,"nodeType":1486},{"target":1904},{"sys":1905},{"id":1482,"type":1483,"linkType":1484},[],{"data":1908,"content":1909,"nodeType":1298},{},[1910],{"data":1911,"marks":1912,"value":37,"nodeType":1293},{},[],"What the expansion of NYCRR Part 500 means for MFA regulation and compliance","NYCRR Part 500 is tightening its MFA and asset management requirements. Here's what the changes means for compliance. ","2025-10-31T00:00:00.000Z","what-the-expansion-of-nydfs-nycrr-part-500-means-for-mfa-compliance",{"items":1918},[1919,1921],{"sys":1920,"name":1310},{"id":1309},{"sys":1922,"name":1924},{"id":1923},"6A5RXS31ZQx3PwryGb1IMy","Browser-based attacks",{"items":1926},[1927],{"fullName":1928,"firstName":1929,"jobTitle":1930,"profilePicture":1931},"Mark Orlando","Mark","Field CTO",{"url":1932},"https://images.ctfassets.net/y1cdw1ablpvd/592PMwIQQFaa24k5SKBEKF/a33090d0ad95d1e3081f5d16a46ba826/image__68_.png",{"__typename":1318,"sys":1934,"content":1936,"title":2438,"synopsis":2439,"hashTags":118,"publishedDate":2440,"slug":2441,"tagsCollection":2442,"authorsCollection":2448},{"id":1935},"3YXrPQptEX3P0Hrd550its",{"json":1937},{"nodeType":1299,"data":1938,"content":1939},{},[1940,1947,1966,1973,1976,1984,1991,1998,2122,2129,2135,2138,2146,2153,2160,2167,2174,2182,2189,2196,2199,2207,2214,2221,2228,2234,2241,2269,2280,2286,2289,2297,2305,2312,2345,2350,2356,2362,2365,2373,2380,2399,2405,2412],{"nodeType":1298,"data":1941,"content":1942},{},[1943],{"nodeType":1293,"value":1944,"marks":1945,"data":1946},"Many security leaders would confidently say they have MFA deployed everywhere. But that confidence often disappears when a breach investigation begins. The reality? MFA coverage is far from complete.",[],{},{"nodeType":1298,"data":1948,"content":1949},{},[1950,1954,1962],{"nodeType":1293,"value":1951,"marks":1952,"data":1953},"MFA is inconsistently enforced across the modern identity surface. Logins without MFA frequently slip through the cracks, exposing critical access points to business systems and data. And attackers know it — as they demonstrated best in ",[],{},{"nodeType":1342,"data":1955,"content":1956},{"uri":1781},[1957],{"nodeType":1293,"value":1958,"marks":1959,"data":1961},"2024's infamous Snowflake breaches",[1960],{"type":1340},{},{"nodeType":1293,"value":1963,"marks":1964,"data":1965},". ",[],{},{"nodeType":1298,"data":1967,"content":1968},{},[1969],{"nodeType":1293,"value":1970,"marks":1971,"data":1972},"Regulators and insurers are catching on, too. Where MFA was once considered best practice, it’s now an expectation; implied in some frameworks, explicitly required in others, and enforced more aggressively than ever before. Whether you’re trying to meet PCI DSS, HIPAA, or GDPR requirements, the question is no longer if you have MFA, it’s where and how it’s enforced — and can you prove it?",[],{},{"nodeType":1497,"data":1974,"content":1975},{},[],{"nodeType":1507,"data":1977,"content":1978},{},[1979],{"nodeType":1293,"value":1980,"marks":1981,"data":1983},"Framework-by-framework breakdown: what they really say about MFA",[1982],{"type":1505},{},{"nodeType":1298,"data":1985,"content":1986},{},[1987],{"nodeType":1293,"value":1988,"marks":1989,"data":1990},"MFA isn’t just a checkbox. It’s a regulatory expectation. While some frameworks spell that out clearly, others imply it in broader language. Either way, the enforcement trend is undeniable: organizations are being held accountable if MFA is missing.",[],{},{"nodeType":1298,"data":1992,"content":1993},{},[1994],{"nodeType":1293,"value":1995,"marks":1996,"data":1997},"Here’s how key frameworks treat MFA today:",[],{},{"nodeType":1431,"data":1999,"content":2000},{},[2001,2011,2033,2055,2102,2112],{"nodeType":1386,"data":2002,"content":2003},{},[2004],{"nodeType":1298,"data":2005,"content":2006},{},[2007],{"nodeType":1293,"value":2008,"marks":2009,"data":2010},"PCI DSS v4.0 requires mandatory MFA for all non-console administrative access and remote access to cardholder environments.",[],{},{"nodeType":1386,"data":2012,"content":2013},{},[2014],{"nodeType":1298,"data":2015,"content":2016},{},[2017,2021,2029],{"nodeType":1293,"value":2018,"marks":2019,"data":2020},"HIPAA doesn’t use the term “MFA” directly, but under the Security Rule, it mandates “reasonable and appropriate safeguards,” and the absence of MFA has led to audit findings and penalties — e.g. a US children’s hospital received a ",[],{},{"nodeType":1342,"data":2022,"content":2023},{"uri":1441},[2024],{"nodeType":1293,"value":2025,"marks":2026,"data":2028},"$500,000",[2027],{"type":1340},{},{"nodeType":1293,"value":2030,"marks":2031,"data":2032}," HIPAA fine for insufficient MFA.",[],{},{"nodeType":1386,"data":2034,"content":2035},{},[2036],{"nodeType":1298,"data":2037,"content":2038},{},[2039,2043,2051],{"nodeType":1293,"value":2040,"marks":2041,"data":2042},"GDPR similarly focuses on “appropriate technical measures.” In 2023, the UK’s ICO fined a UK software company ",[],{},{"nodeType":1342,"data":2044,"content":2045},{"uri":1454},[2046],{"nodeType":1293,"value":2047,"marks":2048,"data":2050},"£3.07 million",[2049],{"type":1340},{},{"nodeType":1293,"value":2052,"marks":2053,"data":2054}," for a breach involving missing MFA, setting a clear precedent.",[],{},{"nodeType":1386,"data":2056,"content":2057},{},[2058],{"nodeType":1298,"data":2059,"content":2060},{},[2061,2065,2073,2077,2085,2089,2098],{"nodeType":1293,"value":2062,"marks":2063,"data":2064},"NYDFS 500 is clear: MFA is required for all user access to covered systems, not just privileged accounts. MFA gaps resulted in a ",[],{},{"nodeType":1342,"data":2066,"content":2067},{"uri":1398},[2068],{"nodeType":1293,"value":2069,"marks":2070,"data":2072},"$3 million settlement",[2071],{"type":1340},{},{"nodeType":1293,"value":2074,"marks":2075,"data":2076}," against a financial services company, a ",[],{},{"nodeType":1342,"data":2078,"content":2079},{"uri":1420},[2080],{"nodeType":1293,"value":2081,"marks":2082,"data":2084},"$4.2 million",[2083],{"type":1340},{},{"nodeType":1293,"value":2086,"marks":2087,"data":2088}," dollar fine against a personal loan provider, and a ",[],{},{"nodeType":1342,"data":2090,"content":2092},{"uri":2091},"https://www.dfs.ny.gov/reports_and_publications/press_releases/pr20241125",[2093],{"nodeType":1293,"value":2094,"marks":2095,"data":2097},"$1.55 million",[2096],{"type":1340},{},{"nodeType":1293,"value":2099,"marks":2100,"data":2101}," fine against an auto insurer.",[],{},{"nodeType":1386,"data":2103,"content":2104},{},[2105],{"nodeType":1298,"data":2106,"content":2107},{},[2108],{"nodeType":1293,"value":2109,"marks":2110,"data":2111},"NIST SP 800-63-3 and CISA’s EO 14028 elevate the standard further, calling for phishing-resistant MFA for federal systems and contractors.",[],{},{"nodeType":1386,"data":2113,"content":2114},{},[2115],{"nodeType":1298,"data":2116,"content":2117},{},[2118],{"nodeType":1293,"value":2119,"marks":2120,"data":2121},"Frameworks and standards like ISO/IEC 27001, CIS Controls v8, and SOC 2 increasingly expect MFA coverage to be demonstrated during audits and certification processes.",[],{},{"nodeType":1298,"data":2123,"content":2124},{},[2125],{"nodeType":1293,"value":2126,"marks":2127,"data":2128},"These frameworks vary in tone and scope, but the message is consistent across the board. MFA must be enforced, not just in theory.",[],{},{"nodeType":1486,"data":2130,"content":2134},{"target":2131},{"sys":2132},{"id":2133,"type":1483,"linkType":1484},"7dOxw1w8Ut5WDBDOki20We",[],{"nodeType":1497,"data":2136,"content":2137},{},[],{"nodeType":1507,"data":2139,"content":2140},{},[2141],{"nodeType":1293,"value":2142,"marks":2143,"data":2145},"Insurers are scrutinising MFA gaps too",[2144],{"type":1505},{},{"nodeType":1298,"data":2147,"content":2148},{},[2149],{"nodeType":1293,"value":2150,"marks":2151,"data":2152},"It’s not just regulators getting stricter. Insurers are building in MFA as a minimum condition of insurance coverage. ",[],{},{"nodeType":1298,"data":2154,"content":2155},{},[2156],{"nodeType":1293,"value":2157,"marks":2158,"data":2159},"Organizations are incentivized to have MFA. Roughly 20-25% of cyber insurance premiums are dictated by the security controls in place: MFA, EDR, regular patching, etc. ",[],{},{"nodeType":1298,"data":2161,"content":2162},{},[2163],{"nodeType":1293,"value":2164,"marks":2165,"data":2166},"After a breach, insurers bring in incident response teams to analyze what happened. Their job is to determine how the attacker got in and whether the controls you claimed to have were actually in place. If the entry point had no effective MFA and your policy attested that it did, the insurer may treat that as misrepresentation.",[],{},{"nodeType":1298,"data":2168,"content":2169},{},[2170],{"nodeType":1293,"value":2171,"marks":2172,"data":2173},"If your self-attested MFA coverage doesn’t hold up under investigation, your provider may not be required to pay, and you’re left footing the bill for IR, recovery, legal fees, and business disruption.",[],{},{"nodeType":1676,"data":2175,"content":2176},{},[2177],{"nodeType":1293,"value":2178,"marks":2179,"data":2181},"Case study: City of Hamilton, Ontario",[2180],{"type":1505},{},{"nodeType":1298,"data":2183,"content":2184},{},[2185],{"nodeType":1293,"value":2186,"marks":2187,"data":2188},"The Canadian city of Hamilton, Ontario fell victim to a ransomware attack in February 2024. Attackers disabled nearly 80% of the city’s network and demanded a ransom of roughly $18.5 million in exchange for a decryption tool to unscramble the data.",[],{},{"nodeType":1298,"data":2190,"content":2191},{},[2192],{"nodeType":1293,"value":2193,"marks":2194,"data":2195},"They attempted to claim $5 million under their cyber insurance policy. After more than a year of dispute, the claim was denied because of MFA gaps — a condition of the coverage. Taxpayers were left to foot the $18.3 million bill, including cleanup, rebuild, and one-time consultancy fees.",[],{},{"nodeType":1497,"data":2197,"content":2198},{},[],{"nodeType":1507,"data":2200,"content":2201},{},[2202],{"nodeType":1293,"value":2203,"marks":2204,"data":2206},"The future of compliance will be driven by cyber attacks",[2205],{"type":1505},{},{"nodeType":1298,"data":2208,"content":2209},{},[2210],{"nodeType":1293,"value":2211,"marks":2212,"data":2213},"The direction of travel is consistent: frameworks are getting stricter, auditors are getting more technical, and enforcement is starting to hit data processors as well as controllers. ",[],{},{"nodeType":1298,"data":2215,"content":2216},{},[2217],{"nodeType":1293,"value":2218,"marks":2219,"data":2220},"But there’s more to it than that. In-the-wild breaches are exposing just how much business IT has evolved — and where security controls haven’t kept up. ",[],{},{"nodeType":1298,"data":2222,"content":2223},{},[2224],{"nodeType":1293,"value":2225,"marks":2226,"data":2227},"With the SaaS-ification of enterprise IT, core business systems aren’t locally deployed and centrally managed in the way they used to be. Instead, they’re logged into over the internet, via a web browser.",[],{},{"nodeType":1486,"data":2229,"content":2233},{"target":2230},{"sys":2231},{"id":2232,"type":1483,"linkType":1484},"4h4hUYAghbZavOwjRTnBe2",[],{"nodeType":1298,"data":2235,"content":2236},{},[2237],{"nodeType":1293,"value":2238,"marks":2239,"data":2240},"So it’s not surprising that modern attackers are now targeting these apps directly. The most logical way to do this is by targeting users of those apps via identities — the vehicle by which apps are accessed and used. ",[],{},{"nodeType":1298,"data":2242,"content":2243},{},[2244,2248,2256,2260,2265],{"nodeType":1293,"value":2245,"marks":2246,"data":2247},"Sitting outside the typical security control boundary, it’s no surprise that this has become the soft underbelly in the crosshairs of attackers. Organizations are dealing with a vast and vulnerable attack surface consisting of ",[],{},{"nodeType":1342,"data":2249,"content":2250},{"uri":1737},[2251],{"nodeType":1293,"value":2252,"marks":2253,"data":2255},"hundreds of applications, with thousands of accounts",[2254],{"type":1340},{},{"nodeType":1293,"value":2257,"marks":2258,"data":2259}," spread across the app estate. ",[],{},{"nodeType":1293,"value":2261,"marks":2262,"data":2264},"2 in 5 of these accounts are missing MFA",[2263],{"type":1505},{},{"nodeType":1293,"value":2266,"marks":2267,"data":2268},", and many also have a password vulnerability (such as appearing in a password breach or compromised credential feed) that means they’re sitting ducks for an attacker, waiting to be exploited. ",[],{},{"nodeType":2270,"data":2271,"content":2272},"blockquote",{},[2273],{"nodeType":1298,"data":2274,"content":2275},{},[2276],{"nodeType":1293,"value":2277,"marks":2278,"data":2279},"Due to SaaS blind-spots, 2 in 5 accounts are missing MFA. ",[],{},{"nodeType":1486,"data":2281,"content":2285},{"target":2282},{"sys":2283},{"id":2284,"type":1483,"linkType":1484},"3WFzina1t5j6bDlTlGQA0l",[],{"nodeType":1497,"data":2287,"content":2288},{},[],{"nodeType":1507,"data":2290,"content":2291},{},[2292],{"nodeType":1293,"value":2293,"marks":2294,"data":2296},"What security teams can do about it",[2295],{"type":1505},{},{"nodeType":1676,"data":2298,"content":2299},{},[2300],{"nodeType":1293,"value":2301,"marks":2302,"data":2304},"Achieve complete MFA visibility and remediate gaps with Push Security",[2303],{"type":1505},{},{"nodeType":1298,"data":2306,"content":2307},{},[2308],{"nodeType":1293,"value":2309,"marks":2310,"data":2311},"You can’t enforce identity policy if you can’t see where it breaks. Push gives you live, browser-based insight into how users actually authenticate – what apps they access, how they log in, and where protections like MFA fall short. Because Push runs natively in the browser, you get full coverage and built-in guardrails, without relying on app integrations, enabling you to:",[],{},{"nodeType":1431,"data":2313,"content":2314},{},[2315,2325,2335],{"nodeType":1386,"data":2316,"content":2317},{},[2318],{"nodeType":1298,"data":2319,"content":2320},{},[2321],{"nodeType":1293,"value":2322,"marks":2323,"data":2324},"Understand how identities are really used across apps",[],{},{"nodeType":1386,"data":2326,"content":2327},{},[2328],{"nodeType":1298,"data":2329,"content":2330},{},[2331],{"nodeType":1293,"value":2332,"marks":2333,"data":2334},"Catch misconfigurations, missing MFA, and accounts using vulnerable passwords",[],{},{"nodeType":1386,"data":2336,"content":2337},{},[2338],{"nodeType":1298,"data":2339,"content":2340},{},[2341],{"nodeType":1293,"value":2342,"marks":2343,"data":2344},"Guide users to fix issues before they become incidents",[],{},{"nodeType":1486,"data":2346,"content":2349},{"target":2347},{"sys":2348},{"id":1849,"type":1483,"linkType":1484},[],{"nodeType":1298,"data":2351,"content":2352},{},[2353],{"nodeType":1293,"value":37,"marks":2354,"data":2355},[],{},{"nodeType":1486,"data":2357,"content":2361},{"target":2358},{"sys":2359},{"id":2360,"type":1483,"linkType":1484},"2mpx0GOwIviUAdvLGitxua",[],{"nodeType":1497,"data":2363,"content":2364},{},[],{"nodeType":1676,"data":2366,"content":2367},{},[2368],{"nodeType":1293,"value":2369,"marks":2370,"data":2372},"Prepare your organization for the new world of browser-based attacks",[2371],{"type":1505},{},{"nodeType":1298,"data":2374,"content":2375},{},[2376],{"nodeType":1293,"value":2377,"marks":2378,"data":2379},"As attacks continue to evolve, we can expect regulators, insurers, and policy-makers to follow. ",[],{},{"nodeType":1298,"data":2381,"content":2382},{},[2383,2386,2395],{"nodeType":1293,"value":37,"marks":2384,"data":2385},[],{},{"nodeType":1342,"data":2387,"content":2389},{"uri":2388},"https://pushsecurity.com/blog/6-browser-based-attacks-every-security-team-should-be-prepared-for/",[2390],{"nodeType":1293,"value":2391,"marks":2392,"data":2394},"Attacks that target users in their web browsers have seen an unprecedented rise in recent years",[2393],{"type":1340},{},{"nodeType":1293,"value":2396,"marks":2397,"data":2398},", exploiting the biggest security blind-spot in the enterprise security stack. ",[],{},{"nodeType":1486,"data":2400,"content":2404},{"target":2401},{"sys":2402},{"id":2403,"type":1483,"linkType":1484},"4ogNqZdObSIJXavHP44lom",[],{"nodeType":1298,"data":2406,"content":2407},{},[2408],{"nodeType":1293,"value":2409,"marks":2410,"data":2411},"Push Security’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, risky OAuth integrations, and more to harden your identity attack surface.",[],{},{"nodeType":1298,"data":2413,"content":2414},{},[2415,2418,2425,2428,2435],{"nodeType":1293,"value":1875,"marks":2416,"data":2417},[],{},{"nodeType":1342,"data":2419,"content":2420},{"uri":1878},[2421],{"nodeType":1293,"value":1884,"marks":2422,"data":2424},[2423],{"type":1340},{},{"nodeType":1293,"value":1888,"marks":2426,"data":2427},[],{},{"nodeType":1342,"data":2429,"content":2430},{"uri":1891},[2431],{"nodeType":1293,"value":1897,"marks":2432,"data":2434},[2433],{"type":1340},{},{"nodeType":1293,"value":1901,"marks":2436,"data":2437},[],{},"How cyber breaches are driving tighter MFA requirements and enforcement","MFA regulators, insurers, and policy-makers are getting tighter on their MFA requirements, fuelled by public cyber breaches. ","2025-09-19T00:00:00.000Z","how-cyber-breaches-are-driving-tighter-mfa-requirements-and-enforcement",{"items":2443},[2444,2446],{"sys":2445,"name":1924},{"id":1923},{"sys":2447,"name":1314},{"id":1313},{"items":2449},[2450],{"fullName":2451,"firstName":2452,"jobTitle":2453,"profilePicture":2454},"Dan Green","Dan","Threat Research",{"url":2455},"https://images.ctfassets.net/y1cdw1ablpvd/7jik1VhFgA3kgzXBXTm2Vw/fcd8c171da644903d0827eafcfbcaad0/Dan_Headshot_2025.png",{"items":2457},[2458],{"fullName":2451,"firstName":2452,"jobTitle":2453,"profilePicture":2459},{"url":2455},{"json":2461,"links":3143},{"nodeType":1299,"data":2462,"content":2463},{},[2464,2472,2505,2511,2517,2524,2604,2611,2614,2622,2629,2636,2643,2649,2656,2659,2667,2674,2682,2689,2695,2714,2735,2743,2749,2788,2794,2802,2809,2832,2838,2844,2850,2853,2861,2868,2874,2881,2889,2896,2903,2951,2957,2964,2967,2975,2982,3045,3048,3056,3076,3083,3090,3132,3137],{"nodeType":1507,"data":2465,"content":2466},{},[2467],{"nodeType":1293,"value":2468,"marks":2469,"data":2471},"Key changes for 2026 — and what they mean in practice",[2470],{"type":1505},{},{"nodeType":1298,"data":2473,"content":2474},{},[2475,2479,2488,2492,2501],{"nodeType":1293,"value":2476,"marks":2477,"data":2478},"Backed by the UK’s National Cyber Security Centre (NCSC), Cyber Essentials is a minimum requirement for operating in the UK and working with UK businesses. NCSC and IASME have issued an ",[],{},{"nodeType":1342,"data":2480,"content":2482},{"uri":2481},"https://www.ncsc.gov.uk/files/cyber-essentials-requirements-for-it-infrastructure-v3-3.pdf",[2483],{"nodeType":1293,"value":2484,"marks":2485,"data":2487},"updated requirements document",[2486],{"type":1340},{},{"nodeType":1293,"value":2489,"marks":2490,"data":2491}," as well as ",[],{},{"nodeType":1342,"data":2493,"content":2495},{"uri":2494},"https://iasme.co.uk/articles/upcoming-changes-to-the-cyber-essentials-scheme-april-2026-update/",[2496],{"nodeType":1293,"value":2497,"marks":2498,"data":2500},"guidance on the changes",[2499],{"type":1340},{},{"nodeType":1293,"value":2502,"marks":2503,"data":2504}," planned to go-live in April 2026. The key changes relate to the definition of cloud services and the expectations around MFA enforcement, which will significantly expand the breadth of cloud and SaaS services in scope, as well as how compliance is measured.",[],{},{"nodeType":1486,"data":2506,"content":2510},{"target":2507},{"sys":2508},{"id":2509,"type":1483,"linkType":1484},"49tk5y1sUXUQzDBhY7I8YM",[],{"nodeType":1486,"data":2512,"content":2516},{"target":2513},{"sys":2514},{"id":2515,"type":1483,"linkType":1484},"5kGX19qPB7NQnojHXShBsW",[],{"nodeType":1298,"data":2518,"content":2519},{},[2520],{"nodeType":1293,"value":2521,"marks":2522,"data":2523},"This means that:",[],{},{"nodeType":1431,"data":2525,"content":2526},{},[2527,2537,2565,2575,2594],{"nodeType":1386,"data":2528,"content":2529},{},[2530],{"nodeType":1298,"data":2531,"content":2532},{},[2533],{"nodeType":1293,"value":2534,"marks":2535,"data":2536},"Any service accessed via a business email or account is considered in-scope. It doesn’t matter whether this is a “free” tier account on a SaaS service or a fully managed enterprise cloud platform. ",[],{},{"nodeType":1386,"data":2538,"content":2539},{},[2540],{"nodeType":1298,"data":2541,"content":2542},{},[2543,2547,2552,2556,2561],{"nodeType":1293,"value":2544,"marks":2545,"data":2546},"If a service offers MFA, it ",[],{},{"nodeType":1293,"value":2548,"marks":2549,"data":2551},"must",[2550],{"type":1505},{},{"nodeType":1293,"value":2553,"marks":2554,"data":2555}," be enabled for ",[],{},{"nodeType":1293,"value":2557,"marks":2558,"data":2560},"all users",[2559],{"type":1505},{},{"nodeType":1293,"value":2562,"marks":2563,"data":2564},". (Apps that don’t offer MFA are incredibly rare).",[],{},{"nodeType":1386,"data":2566,"content":2567},{},[2568],{"nodeType":1298,"data":2569,"content":2570},{},[2571],{"nodeType":1293,"value":2572,"marks":2573,"data":2574},"If a service offers MFA only as a \"paid add-on\" or part of a higher subscription tier (e.g., \"Enterprise\" vs. \"Basic\"), you are now required to pay for and enable it. ",[],{},{"nodeType":1386,"data":2576,"content":2577},{},[2578],{"nodeType":1298,"data":2579,"content":2580},{},[2581,2585,2590],{"nodeType":1293,"value":2582,"marks":2583,"data":2584},"If the service doesn't have native MFA but allows you to sign in via a provider that ",[],{},{"nodeType":1293,"value":2586,"marks":2587,"data":2589},"does",[2588],{"type":312},{},{"nodeType":1293,"value":2591,"marks":2592,"data":2593}," (like \"Sign in with Microsoft\" or Google), you must use only that method.",[],{},{"nodeType":1386,"data":2595,"content":2596},{},[2597],{"nodeType":1298,"data":2598,"content":2599},{},[2600],{"nodeType":1293,"value":2601,"marks":2602,"data":2603},"This means that if \"shadow\" apps and accounts are identified — e.g. they find that your team is using a SaaS tool that doesn't have MFA, and it wasn't listed in your submission — you will be non-compliant.",[],{},{"nodeType":1298,"data":2605,"content":2606},{},[2607],{"nodeType":1293,"value":2608,"marks":2609,"data":2610},"This has significant ramifications for the attestation process that requires comprehensive visibility of every app, login method, and MFA factor. ",[],{},{"nodeType":1497,"data":2612,"content":2613},{},[],{"nodeType":1507,"data":2615,"content":2616},{},[2617],{"nodeType":1293,"value":2618,"marks":2619,"data":2621},"Don’t worry, Push Security has the solution",[2620],{"type":1505},{},{"nodeType":1298,"data":2623,"content":2624},{},[2625],{"nodeType":1293,"value":2626,"marks":2627,"data":2628},"Push provides you with visibility of every single cloud app your employees access and how they’re authenticating to them, giving you the controls needed to automatically enforce MFA and strong, unique passwords on all your corporate accounts. ",[],{},{"nodeType":1298,"data":2630,"content":2631},{},[2632],{"nodeType":1293,"value":2633,"marks":2634,"data":2635},"Push is able to do this by deploying into your employees’ existing browser, from where it observes the actual login process in real-time. This allows Push to capture 100% of cloud app usage, including free-tier apps and those accessed via personal email addresses or local credentials, which centralized SSO logs would miss.",[],{},{"nodeType":1298,"data":2637,"content":2638},{},[2639],{"nodeType":1293,"value":2640,"marks":2641,"data":2642},"Here’s a short interactive demo that shows you how Push helps you to prepare for Cyber Essentials by capturing all your cloud services and making sure MFA is enabled on all your user accounts.",[],{},{"nodeType":1486,"data":2644,"content":2648},{"target":2645},{"sys":2646},{"id":2647,"type":1483,"linkType":1484},"2P0DtMURb1EvQJ4e8Ze4IC",[],{"nodeType":1298,"data":2650,"content":2651},{},[2652],{"nodeType":1293,"value":2653,"marks":2654,"data":2655},"This isn’t all Push does — we also detect and stop browser-native attacks like zero-day phishing, AitM toolkits, ClickFix attacks and account takeover — but more on that later. ",[],{},{"nodeType":1497,"data":2657,"content":2658},{},[],{"nodeType":1507,"data":2660,"content":2661},{},[2662],{"nodeType":1293,"value":2663,"marks":2664,"data":2666},"But all our apps are managed and accessed via SSO…",[2665],{"type":1505},{},{"nodeType":1298,"data":2668,"content":2669},{},[2670],{"nodeType":1293,"value":2671,"marks":2672,"data":2673},"Most organisations work on the assumption that their employees are using SSO to access the suite of business apps they use on a daily basis. Apps go through an onboarding process where they are configured to use the preferred SSO method (e.g. SAML, OIDC) from the preferred identity provider (Okta, Microsoft, Google, etc.). By enforcing secure login requirements on how employees login to their IdP account, you essentially secure the downstream logins to all of the business apps in use. ",[],{},{"nodeType":1298,"data":2675,"content":2676},{},[2677],{"nodeType":1293,"value":2678,"marks":2679,"data":2681},"The reality is quite different. ",[2680],{"type":1505},{},{"nodeType":1298,"data":2683,"content":2684},{},[2685],{"nodeType":1293,"value":2686,"marks":2687,"data":2688},"Apps are routinely self-adopted by users. Most enterprises are using hundreds of apps across their workforce, for a variety of business purposes. ",[],{},{"nodeType":1486,"data":2690,"content":2694},{"target":2691},{"sys":2692},{"id":2693,"type":1483,"linkType":1484},"6TjtfVoZ2vsWv6iD9IRL2r",[],{"nodeType":1298,"data":2696,"content":2697},{},[2698,2702,2710],{"nodeType":1293,"value":2699,"marks":2700,"data":2701},"Apps typically allow multiple, simultaneous login methods to exist. Many apps don’t allow you to restrict this even with admin-level controls (or needing to pay extra for the privilege). A huge number of apps don't even allow you to configure SAML SSO ",[],{},{"nodeType":1342,"data":2703,"content":2705},{"uri":2704},"https://sso.tax/",[2706],{"nodeType":1293,"value":2707,"marks":2708,"data":2709},"without paying extra for the privilege",[],{},{"nodeType":1293,"value":2711,"marks":2712,"data":2713}," (if they offer it at all).",[],{},{"nodeType":1298,"data":2715,"content":2716},{},[2717,2721,2726,2730],{"nodeType":1293,"value":2718,"marks":2719,"data":2720},"This means you can have a local password active at the same time as a secure SSO login option — we call these ",[],{},{"nodeType":1293,"value":2722,"marks":2723,"data":2725},"ghost logins",[2724],{"type":1505},{},{"nodeType":1293,"value":2727,"marks":2728,"data":2729},". The worst part is that you can have an SSO login protected by MFA, at the same time as a local password without. This is one of the key reasons why we see that",[],{},{"nodeType":1293,"value":2731,"marks":2732,"data":2734}," 2 in 5 accounts are missing MFA. ",[2733],{"type":1505},{},{"nodeType":1298,"data":2736,"content":2737},{},[2738],{"nodeType":1293,"value":2739,"marks":2740,"data":2742},"Under the new regulations, this would be an automatic fail if discovered. ",[2741],{"type":1505},{},{"nodeType":1486,"data":2744,"content":2748},{"target":2745},{"sys":2746},{"id":2747,"type":1483,"linkType":1484},"4QnFioDFWpwzMR3XxC6GyX",[],{"nodeType":1298,"data":2750,"content":2751},{},[2752,2756,2762,2766,2771,2775,2784],{"nodeType":1293,"value":2753,"marks":2754,"data":2755},"Even more complexity comes in ",[],{},{"nodeType":1293,"value":2757,"marks":2758,"data":2761},"how",[2759,2760],{"type":312},{"type":1505},{},{"nodeType":1293,"value":2763,"marks":2764,"data":2765}," MFA can be enforced. ",[],{},{"nodeType":1293,"value":2767,"marks":2768,"data":2770},"Some SaaS services only allow MFA to be self-adopted",[2769],{"type":1505},{},{"nodeType":1293,"value":2772,"marks":2773,"data":2774}," rather than centrally enforced by admin controls. This can often be linked to the product tier, with a higher level subscription required for tenant-level security features. Similarly, some apps do not provide admin-level visibility of MFA configuration for individual accounts. ",[],{},{"nodeType":1342,"data":2776,"content":2778},{"uri":2777},"https://pushsecurity.com/blog/minimum-viable-identity-security/",[2779],{"nodeType":1293,"value":2780,"marks":2781,"data":2783},"How each vendor chooses to set up their app is very inconsistent.",[2782],{"type":1340},{},{"nodeType":1293,"value":2785,"marks":2786,"data":2787}," ",[],{},{"nodeType":1486,"data":2789,"content":2793},{"target":2790},{"sys":2791},{"id":2792,"type":1483,"linkType":1484},"3Dw7AHvU9oYZDBfcZBNEEO",[],{"nodeType":1676,"data":2795,"content":2796},{},[2797],{"nodeType":1293,"value":2798,"marks":2799,"data":2801},"The ripple effect",[2800],{"type":1505},{},{"nodeType":1298,"data":2803,"content":2804},{},[2805],{"nodeType":1293,"value":2806,"marks":2807,"data":2808},"The nature of the changes to the scope means that areas you were previously comfortable attesting to become way more complex. ",[],{},{"nodeType":1431,"data":2810,"content":2811},{},[2812,2822],{"nodeType":1386,"data":2813,"content":2814},{},[2815],{"nodeType":1298,"data":2816,"content":2817},{},[2818],{"nodeType":1293,"value":2819,"marks":2820,"data":2821},"You have to enforce password policies and account lifecycle management on a long tail of SaaS, not just previously identified “core” apps. ",[],{},{"nodeType":1386,"data":2823,"content":2824},{},[2825],{"nodeType":1298,"data":2826,"content":2827},{},[2828],{"nodeType":1293,"value":2829,"marks":2830,"data":2831},"This applies to external contractors too.",[],{},{"nodeType":1486,"data":2833,"content":2837},{"target":2834},{"sys":2835},{"id":2836,"type":1483,"linkType":1484},"6qdjxv3WOfQKPomoZWKuyA",[],{"nodeType":1486,"data":2839,"content":2843},{"target":2840},{"sys":2841},{"id":2842,"type":1483,"linkType":1484},"2aTPDpdbAgO6skBV4RQfqK",[],{"nodeType":1486,"data":2845,"content":2849},{"target":2846},{"sys":2847},{"id":2848,"type":1483,"linkType":1484},"Zfg0cIez6MOHTvnEpeNa3",[],{"nodeType":1497,"data":2851,"content":2852},{},[],{"nodeType":1507,"data":2854,"content":2855},{},[2856],{"nodeType":1293,"value":2857,"marks":2858,"data":2860},"Will your assumptions stand up to scrutiny? ",[2859],{"type":1505},{},{"nodeType":1298,"data":2862,"content":2863},{},[2864],{"nodeType":1293,"value":2865,"marks":2866,"data":2867},"Previously, the approach to an audit would have been to show that the IdP dashboard is configured to require mandatory MFA, and all business apps are accessed securely via the IdP interface.  ",[],{},{"nodeType":1486,"data":2869,"content":2873},{"target":2870},{"sys":2871},{"id":2872,"type":1483,"linkType":1484},"3eLWMRE98VZqlAb9g4AKIa",[],{"nodeType":1298,"data":2875,"content":2876},{},[2877],{"nodeType":1293,"value":2878,"marks":2879,"data":2880},"But this only shows part of the picture. Cyber Essentials auditors typically interview employees and ask them to demonstrate logging into a variety of apps to show the MFA status and overall login process (e.g. are they using a password manager, do passwords meet the requirements, etc.). If the auditor discovers an app you were unaware of, that is accessed without using MFA, you’ve failed. ",[],{},{"nodeType":1676,"data":2882,"content":2883},{},[2884],{"nodeType":1293,"value":2885,"marks":2886,"data":2888},"This isn’t just a compliance concern — it’s a real security threat",[2887],{"type":1505},{},{"nodeType":1298,"data":2890,"content":2891},{},[2892],{"nodeType":1293,"value":2893,"marks":2894,"data":2895},"The reason that compliance is being forced to evolve is that this kind of security gap is being routinely exploited by attackers in the wild. Compromised credentials are available online in their billions, and that’s all an attacker needs to log into an account without MFA. ",[],{},{"nodeType":1298,"data":2897,"content":2898},{},[2899],{"nodeType":1293,"value":2900,"marks":2901,"data":2902},"The recent criminal campaigns against Snowflake and Jira customers demonstrate this risk. ",[],{},{"nodeType":1431,"data":2904,"content":2905},{},[2906,2928],{"nodeType":1386,"data":2907,"content":2908},{},[2909],{"nodeType":1298,"data":2910,"content":2911},{},[2912,2916,2924],{"nodeType":1293,"value":2913,"marks":2914,"data":2915},"The 2024 ",[],{},{"nodeType":1342,"data":2917,"content":2918},{"uri":1781},[2919],{"nodeType":1293,"value":2920,"marks":2921,"data":2923},"Snowflake",[2922],{"type":1340},{},{"nodeType":1293,"value":2925,"marks":2926,"data":2927}," breaches resulted in billions of records being stolen from 165+ Snowflake tenants. Attackers simply logged into accounts without MFA at scale — >80% of the credentials had been leaked online as early as 2020. ",[],{},{"nodeType":1386,"data":2929,"content":2930},{},[2931],{"nodeType":1298,"data":2932,"content":2933},{},[2934,2938,2947],{"nodeType":1293,"value":2935,"marks":2936,"data":2937},"Criminals went on a ",[],{},{"nodeType":1342,"data":2939,"content":2941},{"uri":2940},"https://pushsecurity.com/blog/why-attackers-are-targeting-jira-with-stolen-credentials/",[2942],{"nodeType":1293,"value":2943,"marks":2944,"data":2946},"Jira",[2945],{"type":1340},{},{"nodeType":1293,"value":2948,"marks":2949,"data":2950}," hacking spree, compromising 10 organizations publicly — including Jaguar Land Rover. The same attackers were then involved in the Scattered Lapsus$ Hunters ransomware operation that went down as the most economically consequential cyber breach to affect a G7 economy. ",[],{},{"nodeType":1486,"data":2952,"content":2956},{"target":2953},{"sys":2954},{"id":2955,"type":1483,"linkType":1484},"7baNZATRrb7yrLqsJxQo83",[],{"nodeType":1298,"data":2958,"content":2959},{},[2960],{"nodeType":1293,"value":2961,"marks":2962,"data":2963},"The reality is that this has been happening for years. Regulation is always slow to catch up. It’s important that organizations understand why these changes are being made — to tackle the threat. ",[],{},{"nodeType":1497,"data":2965,"content":2966},{},[],{"nodeType":1507,"data":2968,"content":2969},{},[2970],{"nodeType":1293,"value":2971,"marks":2972,"data":2974},"Achieving compliance (and more importantly, security) with Push",[2973],{"type":1505},{},{"nodeType":1298,"data":2976,"content":2977},{},[2978],{"nodeType":1293,"value":2979,"marks":2980,"data":2981},"Here’s how you can use Push to comply with Cyber Essentials v3.3 onwards, as well as safeguard your business and users from threats.",[],{},{"nodeType":1431,"data":2983,"content":2984},{},[2985,3000,3015,3030],{"nodeType":1386,"data":2986,"content":2987},{},[2988],{"nodeType":1298,"data":2989,"content":2990},{},[2991,2996],{"nodeType":1293,"value":2992,"marks":2993,"data":2995},"Discover apps and get them behind SSO: ",[2994],{"type":1505},{},{"nodeType":1293,"value":2997,"marks":2998,"data":2999},"Push captures every login from the browser, regardless of whether it’s federated or shadow. It builds a full map of your organization’s true identity footprint, including all accounts, apps, authentication methods, and SSO gaps. This allows you to spot apps that have been self adopted and take action. ",[],{},{"nodeType":1386,"data":3001,"content":3002},{},[3003],{"nodeType":1298,"data":3004,"content":3005},{},[3006,3011],{"nodeType":1293,"value":3007,"marks":3008,"data":3010},"Review MFA status and enforce MFA: ",[3009],{"type":1505},{},{"nodeType":1293,"value":3012,"marks":3013,"data":3014},"You can see the MFA status of every app, both at the IdP and local app level, as well as the type of MFA method used to assess security strength. This allows you to find and eliminate “ghost logins” not protected by MFA — by configuring MFA at the app level, or removing the local credential. You can also prompt employees to register an MFA method in real time as they access an app in their browser.",[],{},{"nodeType":1386,"data":3016,"content":3017},{},[3018],{"nodeType":1298,"data":3019,"content":3020},{},[3021,3026],{"nodeType":1293,"value":3022,"marks":3023,"data":3025},"Find and fix weak, breached, and reused passwords: ",[3024],{"type":1505},{},{"nodeType":1293,"value":3027,"marks":3028,"data":3029},"Push check the posture of all your employee passwords. The browser agent accomplishes this by creating a salted hash of a user’s observed password and then taking the first 8 characters of that hash to store locally in the browser, checking it against a list of 10,000 common basewords and common permutations); flagging if it is reused across accounts (i.e. not unique) and has appeared in a data breach or compromised credential feed.",[],{},{"nodeType":1386,"data":3031,"content":3032},{},[3033],{"nodeType":1298,"data":3034,"content":3035},{},[3036,3041],{"nodeType":1293,"value":3037,"marks":3038,"data":3040},"Easily deploy to contractors and third-parties: ",[3039],{"type":1505},{},{"nodeType":1293,"value":3042,"marks":3043,"data":3044},"Push’s lightweight extension is easy to deploy to any machine, including those you don’t directly manage. Deploying Push into a dedicated contractor browser profile means you can track third-party logins to your apps exactly like you would an internal employee. ",[],{},{"nodeType":1497,"data":3046,"content":3047},{},[],{"nodeType":1507,"data":3049,"content":3050},{},[3051],{"nodeType":1293,"value":3052,"marks":3053,"data":3055},"Final thoughts",[3054],{"type":1505},{},{"nodeType":1298,"data":3057,"content":3058},{},[3059,3063,3072],{"nodeType":1293,"value":3060,"marks":3061,"data":3062},"Cyber Essentials has taken a meaningful step toward addressing the real threat organizations face in the form of compromised credentials and MFA gaps, but they’re not alone. When missing MFA has led to a cyber breach, it has been met with both ",[],{},{"nodeType":1342,"data":3064,"content":3066},{"uri":3065},"https://pushsecurity.com/resources/mfa-regulation-compliance",[3067],{"nodeType":1293,"value":3068,"marks":3069,"data":3071},"regulatory fines and insurance non-payment",[3070],{"type":1340},{},{"nodeType":1293,"value":3073,"marks":3074,"data":3075},", with NYDFS in particular leading the charge. ",[],{},{"nodeType":1298,"data":3077,"content":3078},{},[3079],{"nodeType":1293,"value":3080,"marks":3081,"data":3082},"But this isn’t the only threat organizations face. Modern, browser-native attacks are dominating the breach headlines, with attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, ConsentFix, and session hijacking. ",[],{},{"nodeType":1298,"data":3084,"content":3085},{},[3086],{"nodeType":1293,"value":3087,"marks":3088,"data":3089},"Push tackles all of these attacks using behavioral threat detection controls, powered by deep browser telemetry, to provide broad detection and blocking capabilities against attacks happening in the browser. This means analyzing the end-to-end process of a webpage loading/running in the browser, and how the user interacts with the page, to spot universal indicators of bad activity. ",[],{},{"nodeType":1298,"data":3091,"content":3092},{},[3093,3097,3105,3109,3118,3122,3129],{"nodeType":1293,"value":3094,"marks":3095,"data":3096},"Want to learn more about Push and how we can help? ",[],{},{"nodeType":1342,"data":3098,"content":3099},{"uri":1878},[3100],{"nodeType":1293,"value":3101,"marks":3102,"data":3104},"Check out our latest product overview",[3103],{"type":1340},{},{"nodeType":1293,"value":3106,"marks":3107,"data":3108},", ",[],{},{"nodeType":1342,"data":3110,"content":3112},{"uri":3111},"https://pushsecurity.com/product-demo/",[3113],{"nodeType":1293,"value":3114,"marks":3115,"data":3117},"visit our demo library",[3116],{"type":1340},{},{"nodeType":1293,"value":3119,"marks":3120,"data":3121},", or ",[],{},{"nodeType":1342,"data":3123,"content":3124},{"uri":1891},[3125],{"nodeType":1293,"value":1897,"marks":3126,"data":3128},[3127],{"type":1340},{},{"nodeType":1293,"value":1901,"marks":3130,"data":3131},[],{},{"nodeType":1486,"data":3133,"content":3136},{"target":3134},{"sys":3135},{"id":2360,"type":1483,"linkType":1484},[],{"nodeType":1298,"data":3138,"content":3139},{},[3140],{"nodeType":1293,"value":37,"marks":3141,"data":3142},[],{},{"entries":3144},{"hyperlink":3145,"inline":3146,"block":3147},[],[],[3148,3156,3163,3169,3176,3182,3235,3241,3247,3254,3260,3286],{"sys":3149,"__typename":3150,"title":3151,"caption":3151,"layoutMode":118,"file":3152},{"id":2509},"Image","Update to the definition of cloud services (NCSC): i.e. any service that is accessed with a business email or account.",{"url":3153,"width":3154,"height":3155},"https://images.ctfassets.net/y1cdw1ablpvd/fIVcKhF4DdxwjGFPBv8AP/744683ac8a97c90483b98cf2289c8c8a/image8_1.png",1193,247,{"sys":3157,"__typename":3150,"title":3158,"caption":3158,"layoutMode":118,"file":3159},{"id":2515},"Changes to the marking criteria (IASME): i.e. MFA is expected to be enforced for logins to every cloud service.",{"url":3160,"width":3161,"height":3162},"https://images.ctfassets.net/y1cdw1ablpvd/1Kn7L6pvmeNtC5SLOL92Af/4311c559323df3613d7ed2038bf6a50a/image1_6.png",1504,816,{"sys":3164,"__typename":3165,"title":3166,"arcadeDemoUrl":3167,"playText":3168},{"id":2647},"ArcadeDemo","Solving Shadow SaaS & MFA Gaps","https://demo.arcade.software/P3zLqR7AyL98bziCV7b4?embed","1 mins",{"sys":3170,"__typename":3150,"title":3171,"caption":3171,"layoutMode":118,"file":3172},{"id":2693},"There are 100s of apps in use across an enterprise, resulting in 1000s of accounts (we see an average of 15x accounts per employee).",{"url":3173,"width":3174,"height":3175},"https://images.ctfassets.net/y1cdw1ablpvd/7Bsch6QgVymNTG3rAhlDP3/2288395e281255e6826314ed84618a27/image2_3.png",1999,1274,{"sys":3177,"__typename":3150,"title":3178,"caption":3178,"layoutMode":118,"file":3179},{"id":2747},"Ghost logins enable attackers to bypass secure authentication methods. ",{"url":3180,"width":3174,"height":3181},"https://images.ctfassets.net/y1cdw1ablpvd/2disLRprEmiYXBc5B9ekJl/8ce8faba41e94b95672a8275e173e4bf/image6_1.png",1139,{"sys":3183,"__typename":3184,"content":3185,"name":3234,"title":118},{"id":2792},"InsightTextBlockComponent",{"json":3186},{"nodeType":1299,"data":3187,"content":3188},{},[3189],{"nodeType":1298,"data":3190,"content":3191},{},[3192,3196,3201,3205,3210,3214,3219,3223,3230],{"nodeType":1293,"value":3193,"marks":3194,"data":3195},"Combining the ",[],{},{"nodeType":1293,"value":3197,"marks":3198,"data":3200},"lack of SSO support",[3199],{"type":1505},{},{"nodeType":1293,"value":3202,"marks":3203,"data":3204}," with the ",[],{},{"nodeType":1293,"value":3206,"marks":3207,"data":3209},"ease of self adoption",[3208],{"type":1505},{},{"nodeType":1293,"value":3211,"marks":3212,"data":3213}," and issue of ",[],{},{"nodeType":1293,"value":3215,"marks":3216,"data":3218},"concurrent login methods",[3217],{"type":1505},{},{"nodeType":1293,"value":3220,"marks":3221,"data":3222},", we're in a world where passwords aren't going anywhere fast. And if you think your employees are using only one password at best (to log into their enterprise SSO) ",[],{},{"nodeType":1342,"data":3224,"content":3225},{"uri":1737},[3226],{"nodeType":1293,"value":3227,"marks":3228,"data":3229},"you're in for a big surprise",[],{},{"nodeType":1293,"value":3231,"marks":3232,"data":3233},". ",[],{},"Cyber Essentials Insight Box 3",{"sys":3236,"__typename":3150,"title":3237,"caption":3237,"layoutMode":118,"file":3238},{"id":2836},"Account management requirements.",{"url":3239,"width":3174,"height":3240},"https://images.ctfassets.net/y1cdw1ablpvd/50nkfseFjz2aJQlZLoNCpO/fd883edf749f715ac7d0b52774873f36/image5_5.png",1156,{"sys":3242,"__typename":3150,"title":3243,"caption":3243,"layoutMode":118,"file":3244},{"id":2842},"Password policy requirements.",{"url":3245,"width":3174,"height":3246},"https://images.ctfassets.net/y1cdw1ablpvd/fwBDarwTnB8YJ7VQrFQqa/8b9a6a22f9ac62ff4b4716b155403a3d/image3_8.png",951,{"sys":3248,"__typename":3150,"title":3249,"caption":3249,"layoutMode":118,"file":3250},{"id":2848},"Third-party requirements.",{"url":3251,"width":3252,"height":3253},"https://images.ctfassets.net/y1cdw1ablpvd/6ulZcdHXvmr15qEeNdFaol/de23532bbb2502a7084dbdbdd9e61e7d/image7_3.png",1234,552,{"sys":3255,"__typename":3150,"title":3256,"caption":3256,"layoutMode":118,"file":3257},{"id":2872},"Microsoft Entra and Okta SSO dashboard examples.",{"url":3258,"width":3174,"height":3259},"https://images.ctfassets.net/y1cdw1ablpvd/3KhjNWelYkdooqHcZsJwgX/51ada3120e9ed0188ef195fbb2819870/image4.png",680,{"sys":3261,"__typename":3184,"content":3262,"name":3285,"title":118},{"id":2955},{"json":3263},{"nodeType":1299,"data":3264,"content":3265},{},[3266],{"nodeType":1298,"data":3267,"content":3268},{},[3269,3273,3282],{"nodeType":1293,"value":3270,"marks":3271,"data":3272},"You can read more about these Scattered Lapsus$ Hunters attacks and the bigger picture ",[],{},{"nodeType":1342,"data":3274,"content":3276},{"uri":3275},"https://pushsecurity.com/blog/scattered-lapsus-hunters/",[3277],{"nodeType":1293,"value":3278,"marks":3279,"data":3281},"here",[3280],{"type":1340},{},{"nodeType":1293,"value":1901,"marks":3283,"data":3284},[],{},"Cyber Essentials Insight Box 2",{"sys":3287,"__typename":3288,"type":3289,"ctaText":3290,"buttonLabel":87,"buttonColour":3291,"buttonUrl":3065},{"id":2360},"CtaWidget","Custom","Get our whitepaper to learn how attackers are exploiting MFA gaps and what security teams can do about it","sunny orange","content:blog:cyber-essentials-april-2026-update.json","json","content","blog/cyber-essentials-april-2026-update.json","blog/cyber-essentials-april-2026-update",1776359981773]