[{"data":1,"prerenderedAt":2785},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":95,"navbar-about-highlight":155,"navbar-resource-highlight":211,"use-case-page":256,"blog/embrace-saas-to-move-faster-than-your-competitors":1276},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8,59,76],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":14,"data":15,"variations":50,"lastUpdated":51,"firstPublished":52,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":54,"meta":55,"rev":58},1742213002749,"efff2a27faf4408e9f908eba4b5542fe","inductive-automation","1c6207a5f24948ab82d4a0b17f251193","published",[],{"testimonial":16,"description":43,"type":19,"link":44,"title":47,"testimonialLink":48,"image":49},{"@type":17,"id":18,"model":19,"value":20},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79","testimonial",{"query":21,"folders":22,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":26,"variations":30,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":35,"rev":42},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":27,"jobTitle":28,"quote":24,"image":29},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,1,"ST0tXQM8slWpFrmioqKHmENB2qe2",{"kind":36,"lastPreviewUrl":37,"breakpoints":38,"hasAutosaves":41},"data","",{"small":39,"medium":40},640,768,true,"3v32gocrrqz","Join the industry's top security minds as they break down the browser attack landscape.",{"url":45,"text":46},"https://pushsecurity.com/webinar/state-of-browser-security","Save Your Spot","State of Browser Attacks Series","/customer-stories/inductive-automation","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe94fca10aa7b46ac8052b7ea22de54cd",{},1776257019270,1742221533648,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2",[],{"breakpoints":56,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},320,"motto9r9yg",{"createdDate":60,"id":61,"name":62,"modelId":12,"published":13,"query":63,"data":64,"variations":69,"lastUpdated":70,"firstPublished":71,"testRatio":33,"createdBy":53,"lastUpdatedBy":72,"folders":73,"meta":74,"rev":58},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner",[],{"type":65,"url":66,"text":67,"link":68},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,"jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":36,"lastPreviewUrl":37,"breakpoints":75,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},{"createdDate":77,"id":78,"name":79,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":80,"data":81,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":92,"meta":93,"rev":58},1742208469288,"6763051b201f44a0838c6400c580ca67","Resource highlight",[],{"image":82,"type":83,"description":84,"link":85,"title":88},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9","resource","Learn about the latest techniques being used in the wild.",{"url":86,"text":87},"/resources/browser-attacks-report","Download now","Report: 2026 Browser Attack Techniques",{},1776255866789,1742208570400,[],{"kind":36,"lastPreviewUrl":37,"breakpoints":94,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},{"createdDate":96,"id":97,"name":98,"modelId":99,"published":13,"query":100,"data":101,"variations":145,"lastUpdated":146,"firstPublished":147,"testRatio":33,"createdBy":34,"lastUpdatedBy":148,"folders":149,"meta":150,"rev":154},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":102,"text":103,"url":37,"blocks":104,"state":141},"ewrererw","testrfesssssssssss",[105,129],{"@type":106,"@version":107,"id":108,"component":109,"responsiveStyles":119},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":110,"tag":110,"options":111,"isRSC":118},"TopBannerContent",{"text":112,"ctaText":46,"url":45,"mainText":113,"cta":116},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks",{"content":114,"fontSize":115},"\u003Cp>New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks\u003C/p>","text-base",{"content":117,"fontSize":115,"url":45},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">Save Your Spot\u003C/strong>\u003C/p>\n",null,{"large":120},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"marginTop":126,"marginBottom":126,"fontSize":127,"fontWeight":128},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":130,"@type":106,"tagName":131,"properties":132,"responsiveStyles":136},"builder-pixel-08zrjigffq5t","img",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":137},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},"block","hidden","none",{"deviceSize":142,"location":143},"large",{"path":37,"query":144},{},{},1775137295127,1774968080803,"ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"breakpoints":151,"hasLinks":6,"kind":152,"lastPreviewUrl":153,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","2lvuonnywj",[156,180],{"createdDate":157,"id":158,"name":159,"modelId":160,"published":13,"stageModifiedSincePublish":6,"query":161,"data":162,"variations":173,"lastUpdated":174,"firstPublished":175,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":176,"meta":177,"rev":179},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":163,"type":19,"testimonialLink":48,"testimonial":164},{},{"@type":17,"id":18,"model":19,"value":165},{"query":166,"folders":167,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":168,"variations":169,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":170,"rev":172},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":171,"hasAutosaves":41},{"small":39,"medium":40},"7t755zfvte3",{},1776247404986,1776247404973,[],{"breakpoints":178,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"4moh0qpywtr",{"createdDate":181,"id":182,"name":88,"modelId":160,"published":13,"meta":183,"stageModifiedSincePublish":6,"query":185,"data":186,"variations":207,"lastUpdated":208,"firstPublished":209,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":210,"rev":179},1776255761419,"05a9322735fc427db12e2740e4302300",{"breakpoints":184,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":187,"link":206,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":189},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":190,"folders":191,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":194,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":203,"rev":205},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":36,"lastPreviewUrl":37,"breakpoints":204,"hasAutosaves":41},{"small":39,"medium":40},"6s8ic0w0ao6",{"text":87,"url":86},{},1776255810913,1776255810900,[],[212,235],{"createdDate":213,"id":214,"name":88,"modelId":215,"published":13,"meta":216,"stageModifiedSincePublish":6,"query":218,"data":219,"variations":230,"lastUpdated":231,"firstPublished":232,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":233,"rev":234},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":217,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":220,"link":229,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":221},{"query":222,"folders":223,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":224,"variations":225,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":226,"rev":228},[],[],{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":227,"hasAutosaves":41},{"small":39,"medium":40},"r77qqueuo3j",{"text":87,"url":86},{},1776256937553,1776256937540,[],"q0jkez80wkg",{"createdDate":236,"id":237,"name":11,"modelId":215,"published":13,"stageModifiedSincePublish":6,"query":238,"data":239,"variations":250,"lastUpdated":251,"firstPublished":252,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":253,"meta":254,"rev":234},1776256949234,"ce043785b71b4ece98eac811ecf4ba10",[],{"link":240,"type":19,"testimonial":241,"testimonialLink":48},{},{"@type":17,"id":18,"model":19,"value":242},{"query":243,"folders":244,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":245,"variations":246,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":247,"rev":249},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":248,"hasAutosaves":41},{"small":39,"medium":40},"mnaneamy308",{},1776256974140,1776256974130,[],{"breakpoints":255,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[257,441,560,679,797,917,1037,1157],{"createdDate":258,"id":259,"name":260,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":262,"data":268,"variations":429,"lastUpdated":430,"firstPublished":431,"testRatio":33,"screenshot":432,"createdBy":34,"lastUpdatedBy":433,"folders":434,"meta":435,"rev":440},1744829487099,"387451215c314dd5bd654668cdc1a197","Zero-day phishing","cca4143377554c5a9163cc203a8ed2ba",[263],{"@type":264,"property":265,"operator":266,"value":267},"@builder.io/core:Query","urlPath","is","/uc/zero-day-phishing-protection",{"inputs":269,"customFonts":270,"seoTitle":318,"title":318,"tsCode":37,"seoDescription":319,"fontAwesomeIcon":320,"jsCode":37,"blocks":321,"url":267,"state":426},[],[271],{"family":272,"kind":273,"version":274,"lastModified":275,"files":276,"category":295,"menu":296,"subsets":297,"variants":300},"DM Sans","webfonts#webfont","v14","2023-07-13",{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"900italic":286,"700italic":287,"100italic":288,"italic":289,"regular":290,"200italic":291,"500italic":292,"300italic":293,"600italic":294},"https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAop1hTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwA_JxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAkJxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAfJthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwARZthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAC5thTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8gCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9uCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDG3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-7DW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat_XDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9XCm3zRmYJpso5.ttf","sans-serif","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRT23z.ttf",[298,299],"latin","latin-ext",[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"100","200","300","regular","500","600","800","900","100italic","200italic","300italic","italic","500italic","600italic","700italic","800italic","900italic","Zero-day phishing protection","Detect phishing TTPs directly in the browser and stop credential theft.","faFishingRod",[322,421],{"@type":106,"@version":107,"tagName":323,"id":324,"children":325},"div","builder-76c6b8d1499346c7bc1fd56ae4e93638",[326,343,351,358,370,385,396,407,413],{"@type":106,"@version":107,"layerName":327,"id":328,"component":329,"responsiveStyles":340},"UseCaseHero","builder-5228fe062bef4a40a91e43f1112832fa",{"name":327,"options":330,"isRSC":118},{"title":318,"description":331,"points":332,"video":339},"\u003Cp>Push detects phishing as it happens. Autonomous agents hunt for new phishing techniques, identify kit signatures, and deploy detections within minutes of a new attack being analyzed. From cloned login pages to AiTM credential harvesting, Push sees what traditional filters miss and stops threats before they escalate.\u003C/p>",[333,335,337],{"item":334},"Detect phishing that bypasses traditional filters, including AiTM, SSO password theft, and fake login pages",{"item":336},"Stop never-before-seen attacks with AI-native behavioral and on-page analysis inside the browser",{"item":338},"Investigate faster with unified browser, user, and page context","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F40433ceeb4f94b43a82e039a0f4fd411%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=40433ceeb4f94b43a82e039a0f4fd411&alt=media&optimized=true",{"large":341},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},"transparent",{"@type":106,"@version":107,"id":344,"component":345,"responsiveStyles":348},"builder-96634044407e491299e291ed64669e39",{"name":346,"options":347,"isRSC":118},"TrustedBy",{"AllPartners":41,"backgroundTransparent":6},{"large":349},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},"#000",{"@type":106,"@version":107,"id":352,"component":353,"responsiveStyles":356},"builder-2c3768f930534557bb8978e32b6a6a0f",{"name":354,"options":355,"isRSC":118},"Diagonal",{"darkMode":41},{"large":357},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":360,"component":361,"responsiveStyles":368},"TextImageBlockVertical","builder-7c3c1c2840424db2ad2ccbfaf382dd64",{"name":359,"tag":359,"options":362,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":365,"description":366,"animatedTitle":37,"image":367,"reverse":6,"descriptionPaddingHorizontal":118},1200,800,"\u003Ch2>Why stop at the inbox?\u003C/h2>","\u003Cp>Phishing attacks have evolved. Whether attackers lure users with QR codes, instant messages, or OAuth consent screens, the outcome is the same: it plays out in the browser. Push gives you real-time detection for in-browser threats, stopping phishing and consent-based attacks before they lead to compromise\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7fdcac241f0e4a049166d7076858adeb",{"large":369},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":371,"component":372,"responsiveStyles":380},"builder-41c978b3669749cf947e622b4e79e4d7",{"name":373,"options":374,"isRSC":118},"TextImageBlockHorizontal",{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":377,"description":378,"reverse":41,"image":379},600,100,"\u003Cp>Detect phishing at the edge\u003C/p>","\u003Cp>Push uses industry-first telemetry to detect phishing based on behavior, not static indicators. Autonomous agents analyze how phishing pages behave and how users interact with them, uncovering fake logins, credential theft, and phishing kits the moment they load in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9df3d180c97b4e61af142af2ccd68721",{"large":381},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},"DM Sans, sans-serif","20px","0px",{"@type":106,"@version":107,"id":386,"component":387,"responsiveStyles":393},"builder-d2a7bc941feb43cdb898bc116b203cf9",{"name":373,"options":388,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":390,"description":391,"reverse":6,"image":392},120,"\u003Ch2>Go beyond blocklists and IOCs\u003C/h2>","\u003Cp>Push goes beyond URLs and easy-to-change indicators. It reads the full phishing playbook like script behavior, session hijacks, DOM changes, user inputs, then connects the dots in real time. This gives your team a complete picture of how the phishing attempt worked, not just an alert.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabfd58db169b433e96d3f1261797156e",{"large":394},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},"36px",{"@type":106,"@version":107,"layerName":373,"id":397,"component":398,"responsiveStyles":404},"builder-42c32198083f4880acb37c5cb76934da",{"name":373,"options":399,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":401,"description":402,"reverse":41,"image":403},140,"\u003Ch2>Enhance your phishing response\u003C/h2>","\u003Cp>When phishing enters your environment, speed matters. Push gives you instant access to the telemetry that counts like session data, user behavior, and page activity, so you can investigate fast, trigger in-browser prompts, or forward alerts to your SIEM or SOAR for response. All in real time, right from the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbb195aec46904056b85e8688629e558e",{"large":405},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},"47px",{"@type":106,"@version":107,"id":408,"component":409,"responsiveStyles":411},"builder-9a95b9cbc4854421a92ef7b90f6c7adb",{"name":354,"options":410,"isRSC":118},{"darkMode":6},{"large":412},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":414,"component":415,"responsiveStyles":419},"builder-0afa17a9f25c4661a90f314d5578aa18",{"name":416,"tag":416,"options":417,"isRSC":118},"LatestResources",{"sectionHeading":37,"customClass":418},"bg-black",{"large":420},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":422,"@type":106,"tagName":131,"properties":423,"responsiveStyles":424},"builder-pixel-21yj6h3p4wh",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":425},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":427},{"path":37,"query":428},{},{},1776275046831,1745499158657,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fff60c30a8442489c8ed7e0af9599d14f","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"lastPreviewUrl":436,"winningTest":118,"breakpoints":437,"kind":438,"hasLinks":6,"originalContentId":439,"hasAutosaves":6},"https://pushsecurity.com/uc/zero-day-phishing-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=387451215c314dd5bd654668cdc1a197&builder.overrides.387451215c314dd5bd654668cdc1a197=387451215c314dd5bd654668cdc1a197&builder.overrides.use-case-page:/uc/zero-day-phishing-protection=387451215c314dd5bd654668cdc1a197&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},"page","2daa5670b8504fc7ba4700633e8bd921","atvz4dp24b7",{"createdDate":442,"id":443,"name":444,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":445,"data":448,"variations":552,"lastUpdated":553,"firstPublished":554,"testRatio":33,"screenshot":555,"createdBy":34,"lastUpdatedBy":433,"folders":556,"meta":557,"rev":440},1756833377777,"54f8256648f54d439303734b1e69221b","Browser extension security",[446],{"@type":264,"property":265,"operator":266,"value":447},"/uc/browser-extension-security",{"seoDescription":449,"jsCode":37,"fontAwesomeIcon":450,"tsCode":37,"title":444,"seoTitle":444,"customFonts":451,"inputs":456,"blocks":457,"url":447,"state":549},"Shine a light on risky browser extensions.","faPuzzlePiece",[452],{"kind":273,"family":272,"version":274,"files":453,"category":295,"lastModified":275,"subsets":454,"variants":455,"menu":296},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"100italic":288,"italic":289,"regular":290,"900italic":286,"800italic":285,"700italic":287,"200italic":291,"300italic":293,"500italic":292,"600italic":294},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],[],[458,544],{"@type":106,"@version":107,"tagName":323,"id":459,"meta":460,"children":461},"builder-71d0648c1d2f4ede8d0d0b5b28b7b94c",{"previousId":324},[462,478,485,492,501,511,521,531,538],{"@type":106,"@version":107,"id":463,"meta":464,"component":465,"responsiveStyles":476},"builder-ff325b4b8fad4edea53f38865947e854",{"previousId":328},{"name":327,"options":466,"isRSC":118},{"title":444,"description":467,"points":468,"video":475},"\u003Cp>Browser extensions introduce new code, new permissions, and new potential for risk. Many include AI features, and most go completely unnoticed. Push gives you full visibility into every extension used across your workforce, across major browsers, so you can uncover shadow IT, assess risky permissions, and block unsafe tools before they lead to compromise.\u003C/p>",[469,471,473],{"item":470},"Discover every browser extension in use",{"item":472},"Spot risky or unsanctioned behavior",{"item":474},"Make informed decisions on extension policy","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc538aad95d7f403aa3c3551af72f67c0?alt=media&token=1411fa6d-2eac-4e6c-94bf-ea117da12d67&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",{"large":477},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":479,"meta":480,"component":481,"responsiveStyles":483},"builder-fb89d128c64e47cf9cbb11d90fc24523",{"previousId":344},{"name":346,"options":482,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":484},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":486,"meta":487,"component":488,"responsiveStyles":490},"builder-54388d35126c4d0096eeebaf8c4448cd",{"previousId":352},{"name":354,"options":489,"isRSC":118},{"darkMode":41},{"large":491},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":493,"component":494,"responsiveStyles":499},"builder-3c8fa6785dd6466abf52a2470d66d85a",{"name":359,"tag":359,"options":495,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":496,"description":497,"image":498,"reverse":6},"\u003Ch2>Take control of browser extensions\u003C/h2>","\u003Cp>Attackers are increasingly using malicious browser extensions to gain access to data processed and stored in the browser. And the problem is, most security teams have no visibility into what extensions are being used. Push changes that. With browser-native telemetry, the Push extension continuously inventories browser extensions across your environment, flags the risky ones, and gives you intelligence to act. \u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0a004f16a6874f4c8fdf14344acc9fec",{"large":500},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":502,"meta":503,"component":504,"responsiveStyles":509},"builder-93738f98109a4009affb349afd7bb182",{"previousId":371},{"name":373,"options":505,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":506,"description":507,"reverse":41,"image":508},"\u003Ch2>Discover every extension in use\u003C/h2>","\u003Cp>Push gives you structured, searchable data about every extension in your environment, so you’re not just seeing what’s there, but also understanding how it got there, what it can do, and who it affects. It’s the kind of granular insight that’s nearly impossible to get from traditional tools, and it lays the groundwork for better policy decisions and faster investigations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0e5727ca99474f14b1b7916bf6bbb782",{"large":510},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":512,"meta":513,"component":514,"responsiveStyles":519},"builder-83393acb12ee4fdd840839185b51edb4",{"previousId":386},{"name":373,"options":515,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":516,"description":517,"reverse":6,"image":518},"\u003Ch2>Spot risky or malicious extensions\u003C/h2>","\u003Cp>Push highlights extensions with dangerous permissions, broad access, or poor reputations. This includes AI extensions that request access far beyond what their stated purpose requires. You can quickly detect sideloaded, manually installed, or development-mode extensions that bypass normal controls. And because Push shows you who’s using them and where, you can respond precisely and effectively.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa104d58c8da34fbb8901f738fb21453b",{"large":520},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":522,"meta":523,"component":524,"responsiveStyles":529},"builder-da98e3de949646d89c53a0d1c2784664",{"previousId":397},{"name":373,"options":525,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":526,"description":527,"reverse":41,"image":528},"\u003Ch2>Accelerate security reviews\u003C/h2>","\u003Cp>Most teams have extension policies, they just don’t have the data to enforce them. Push reveals how each extension entered your environment, whether it was installed manually, sideloaded, or deployed in dev mode. You’ll see which users are running what, and where, so you can surface violations, investigate quickly, and respond with confidence.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F229f355be6f243b180f410d237a75bb3",{"large":530},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":532,"meta":533,"component":534,"responsiveStyles":536},"builder-1a689287d1a1418997d57db578a71105",{"previousId":408},{"name":354,"options":535,"isRSC":118},{"darkMode":6},{"large":537},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":539,"component":540,"responsiveStyles":542},"builder-feb4e75029f84c10b6498ef1f8f79128",{"name":416,"tag":416,"options":541,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":543},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":545,"@type":106,"tagName":131,"properties":546,"responsiveStyles":547},"builder-pixel-0edn39avfcei",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":548},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":550},{"path":37,"query":551},{},{},1776275365038,1757000441666,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8d496cf111644ee5afcc046b72d1ca5a",[],{"kind":438,"winningTest":118,"breakpoints":558,"lastPreviewUrl":559,"hasLinks":6,"originalContentId":259,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/browser-extension-security?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=54f8256648f54d439303734b1e69221b&builder.overrides.54f8256648f54d439303734b1e69221b=54f8256648f54d439303734b1e69221b&builder.overrides.use-case-page:/uc/browser-extension-security=54f8256648f54d439303734b1e69221b&builder.options.locale=Default",{"createdDate":561,"id":562,"name":563,"modelId":261,"published":13,"query":564,"data":567,"variations":670,"lastUpdated":671,"firstPublished":672,"testRatio":33,"screenshot":673,"createdBy":34,"lastUpdatedBy":674,"folders":675,"meta":676,"rev":440},1744923509705,"94bebb7bb99d48629ad157e80cf4d81d","Account takeover detection",[565],{"@type":264,"property":265,"operator":266,"value":566},"/uc/account-takeover-detection",{"title":563,"customFonts":568,"jsCode":37,"seoTitle":563,"seoDescription":573,"fontAwesomeIcon":574,"tsCode":37,"blocks":575,"url":566,"state":667},[569],{"kind":273,"category":295,"variants":570,"menu":296,"files":571,"family":272,"subsets":572,"version":274,"lastModified":275},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"800italic":285,"700italic":287,"italic":289,"900italic":286,"600italic":294,"200italic":291,"regular":290,"100italic":288},[298,299],"Stop ATO with stolen credential and compromised token detection.","faUserSecret",[576,662],{"@type":106,"@version":107,"tagName":323,"id":577,"meta":578,"children":579},"builder-e7913a774cae44c5a23d6081c5c30a52",{"previousId":324},[580,596,603,610,619,629,639,649,656],{"@type":106,"@version":107,"id":581,"meta":582,"component":583,"responsiveStyles":594},"builder-f1f1ab1601bc4c0f8c2a8aafd173675d",{"previousId":328},{"name":327,"options":584,"isRSC":118},{"title":563,"description":585,"points":586,"video":593},"\u003Cp>Attackers don’t need to phish, they just need a password that works. Push monitors for signs of credential-based attacks in real time, directly in the browser, catching account takeover attempts before the damage spreads. From ghost logins to credential stuffing, Push cuts off the paths attackers use to quietly slip in the back door.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[587,589,591],{"item":588},"Identify credential-based ATO as it unfolds",{"item":590},"Surface hijacked sessions and token misuse",{"item":592},"Strengthen authentication where your IdP can’t","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb4dd9db24bc9495b8a686b1b4d492016%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=b4dd9db24bc9495b8a686b1b4d492016&alt=media&optimized=true",{"large":595},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":597,"meta":598,"component":599,"responsiveStyles":601},"builder-0bc0d1c78ece4994993c3a6427a4d533",{"previousId":344},{"name":346,"options":600,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":602},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":604,"meta":605,"component":606,"responsiveStyles":608},"builder-e45de8f3768c4f16938dbf78e4e87524",{"previousId":352},{"name":354,"options":607,"isRSC":118},{"darkMode":41},{"large":609},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":611,"component":612,"responsiveStyles":617},"builder-c98e8bfd341146c1b67c02d5698ff093",{"name":359,"tag":359,"options":613,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":614,"description":615,"image":616,"reverse":6},"\u003Ch2>Assume less. See more.\u003C/h2>","\u003Cp>Most account takeovers don’t start with a breach, they start with a login. Whether it’s a reused password, a local account, or an outdated login flow, Push shows you how accounts are actually accessed day to day, not just how policies say they should be. That means no more blind spots around ghost logins, bypassed SSO, or stale access paths that quietly persist.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F18630ad2746d4eb7b7fcc0428b11a8f0",{"large":618},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":620,"meta":621,"component":622,"responsiveStyles":627},"builder-55c1fc38ddc04fd1a0d6a8e2fb819e00",{"previousId":371},{"name":373,"options":623,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":624,"description":625,"reverse":41,"image":626},"\u003Ch2>Catch stolen credential use in real time\u003C/h2>","\u003Cp>Push monitors login activity directly in the browser to detect signs of credential-based attacks like leaked password use or suspicious login flows. By analyzing attacker TTPs instead of relying on known indicators, Push spots credential stuffing and account takeover attempts the moment they begin, not after they’ve succeeded.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F52b0123cac2c4dfdb1dc0af6adf9d603",{"large":628},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":630,"meta":631,"component":632,"responsiveStyles":637},"builder-dfb31737b30948c6b95323655d571a50",{"previousId":386},{"name":373,"options":633,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":634,"description":635,"reverse":6,"image":636},"\u003Ch2>Detect session hijacks and stealth access\u003C/h2>","\u003Cp>Attackers don’t always need a login screen, they often sidestep it entirely using stolen session tokens. Push detects when valid sessions are reused in unexpected ways, identifying hijacked sessions and stealth access attempts that traditional tools miss. Because we monitor directly in the browser, you see what’s happening inside active sessions in real time.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F94a6859a99e04d309ffe5841f3dbdf5c",{"large":638},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":640,"meta":641,"component":642,"responsiveStyles":647},"builder-f7585b90eb974d03a7dc7eae5b58d227",{"previousId":397},{"name":373,"options":643,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":644,"description":645,"reverse":41,"image":646},"\u003Ch2>Harden accounts before they’re compromised\u003C/h2>","\u003Cp>Push goes beyond alerts. It identifies apps that still allow local logins, even when SSO is configured, so you can remove weak access paths. Push also flags users without MFA, reused work credentials, or weak passwords, and prompts users in-browser to fix risky behaviors before they’re exploited.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01c1b638f1b6497093a4f2b8ceddb5bb",{"large":648},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":650,"meta":651,"component":652,"responsiveStyles":654},"builder-ad81d1e3afec49a791214194eae09bdc",{"previousId":408},{"name":354,"options":653,"isRSC":118},{"darkMode":6},{"large":655},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":657,"component":658,"responsiveStyles":660},"builder-8dac1aa4b9d148628d92252bd8eff822",{"name":416,"tag":416,"options":659,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":661},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":663,"@type":106,"tagName":131,"properties":664,"responsiveStyles":665},"builder-pixel-s5u3wmvz7jq",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":666},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":668},{"path":37,"query":669},{},{},1770892814499,1745499162732,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F58b660fa94aa4b30b0faeb9b663ae41a","SfUPqW5tkibIPby49keNFMdHFTr1",[],{"lastPreviewUrl":677,"hasLinks":6,"originalContentId":259,"breakpoints":678,"winningTest":118,"kind":438,"hasAutosaves":41},"https://pushsecurity.com/uc/account-takeover-detection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.94bebb7bb99d48629ad157e80cf4d81d=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.use-case-page:/uc/account-takeover-detection=94bebb7bb99d48629ad157e80cf4d81d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":680,"id":681,"name":682,"modelId":261,"published":13,"query":683,"data":686,"variations":789,"lastUpdated":790,"firstPublished":791,"testRatio":33,"screenshot":792,"createdBy":34,"lastUpdatedBy":674,"folders":793,"meta":794,"rev":440},1745009370904,"23eb48fb56d3451cab77cb6ed140ee6d","Attack path hardening",[684],{"@type":264,"property":265,"operator":266,"value":685},"/uc/attack-path-hardening",{"tsCode":37,"seoDescription":687,"jsCode":37,"customFonts":688,"fontAwesomeIcon":693,"seoTitle":682,"title":682,"blocks":694,"url":685,"state":786},"Harden access paths with visibility,  detection, and guardrails.",[689],{"kind":273,"files":690,"version":274,"lastModified":275,"subsets":691,"menu":296,"category":295,"variants":692,"family":272},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"regular":290,"italic":289,"800italic":285,"500italic":292,"600italic":294,"200italic":291,"900italic":286,"700italic":287,"100italic":288,"300italic":293},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"faRadar",[695,781],{"@type":106,"@version":107,"tagName":323,"id":696,"meta":697,"children":698},"builder-1d8553eddcaa44d7bba9e2f4ca13af2a",{"previousId":577},[699,715,722,729,738,748,758,768,775],{"@type":106,"@version":107,"id":700,"meta":701,"component":702,"responsiveStyles":713},"builder-84fe3d7c85a743cf8cef649aa974f1ef",{"previousId":581},{"name":327,"options":703,"isRSC":118},{"title":682,"description":704,"points":705,"video":712},"\u003Cp>Push continuously monitors your environment for exposed login paths, weak credentials, and missing protections like MFA. It detects the gaps attackers exploit and helps you close them before they’re used.\u003C/p>",[706,708,710],{"item":707},"Find weak spots like reused passwords, local logins, and missing MFA",{"item":709},"Monitor how users actually log in across apps, flows, and tools",{"item":711},"Enforce secure access with in-browser guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdbdcf52892034f1bbddded77f753a343%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=dbdcf52892034f1bbddded77f753a343&alt=media&optimized=true",{"large":714},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":716,"meta":717,"component":718,"responsiveStyles":720},"builder-b3f66f5b08054cc78a06fecfc3ae2337",{"previousId":597},{"name":346,"options":719,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":721},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":723,"meta":724,"component":725,"responsiveStyles":727},"builder-4c73418b84be49ed85e6e13d2625c5a0",{"previousId":604},{"name":354,"options":726,"isRSC":118},{"darkMode":41},{"large":728},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":730,"component":731,"responsiveStyles":736},"builder-dec0246085e1485c803f7152b1922a81",{"name":359,"tag":359,"options":732,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":733,"description":734,"image":735,"reverse":6},"\u003Ch2>Find the gaps that lead to compromise\u003C/h2>","\u003Cp>Misconfigurations don’t show up in your config files, they show up in how users actually access apps. Push monitors real login behavior in the browser, surfacing risky patterns like local login access, duplicate accounts, or missing protections that leave doors wide open.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F309a59bba8d247a19476bb369397460e",{"large":737},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":739,"meta":740,"component":741,"responsiveStyles":746},"builder-ebf049a645604a249550996a88f8f3b6",{"previousId":620},{"name":373,"options":742,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":743,"description":744,"reverse":41,"image":745},"\u003Ch2>See real login behavior\u003C/h2>","\u003Cp>Push watches authentication flows as they happen, giving you a live view of how users log in, which methods they choose, and where protections like MFA are missing. Plus, uncover every app and account in use, even shadow IT you didn’t know existed, without relying on stale config files or IdP assumptions. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb51f6b0357cc451b87a7a5016d984e5e",{"large":747},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":749,"meta":750,"component":751,"responsiveStyles":756},"builder-431d175c59004669b0b2776b07d71737",{"previousId":630},{"name":373,"options":752,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":753,"description":754,"reverse":6,"image":755},"\u003Ch2>Find and fix posture drift\u003C/h2>","\u003Cp>Security posture isn’t static. Push continuously monitors for issues like missing MFA or legacy login methods. When something falls out of policy, you know immediately with custom notifications so you can act before it turns into risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F324e39127dfc41e592b1183dfb39892d",{"large":757},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":759,"meta":760,"component":761,"responsiveStyles":766},"builder-3dffdcbe0a484e2ca4c03f019b6d40ee",{"previousId":640},{"name":373,"options":762,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":763,"description":764,"reverse":41,"image":765},"\u003Ch2>Guide users with in-browser guardrails\u003C/h2>","\u003Cp>Push doesn’t just surface problems, it helps you fix them. When users sign in without MFA, reuse a password, or use insecure credentials, Push prompts them directly in the browser to secure their access. It’s faster, more effective, and actually gets results.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fee8b75d13e45488aba55434a8b49ebb0",{"large":767},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":769,"meta":770,"component":771,"responsiveStyles":773},"builder-976bc222cd7647ff905f1e01cfedc453",{"previousId":650},{"name":354,"options":772,"isRSC":118},{"darkMode":6},{"large":774},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":776,"component":777,"responsiveStyles":779},"builder-8c47ec2fd0f74382bb3e6c870555632c",{"name":416,"tag":416,"options":778,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":780},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":782,"@type":106,"tagName":131,"properties":783,"responsiveStyles":784},"builder-pixel-7akm7dayau8",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":785},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":787},{"path":37,"query":788},{},{},1770892844854,1745499166112,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6ca12bf728a045f1a31d40c0beb3bfe5",[],{"kind":438,"lastPreviewUrl":795,"breakpoints":796,"hasLinks":6,"originalContentId":562,"winningTest":118,"hasAutosaves":6},"https://pushsecurity.com/uc/attack-path-hardening?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.23eb48fb56d3451cab77cb6ed140ee6d=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.use-case-page:/uc/attack-path-hardening=23eb48fb56d3451cab77cb6ed140ee6d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":798,"id":799,"name":800,"modelId":261,"published":13,"query":801,"data":804,"variations":909,"lastUpdated":910,"firstPublished":911,"testRatio":33,"screenshot":912,"createdBy":34,"lastUpdatedBy":674,"folders":913,"meta":914,"rev":440},1761675020232,"ea4f309d2ffe46c5aa97ebf0fda4e2e3","ClickFix Protection",[802],{"@type":264,"property":265,"operator":266,"value":803},"/uc/clickfix-protection",{"seoDescription":805,"fontAwesomeIcon":806,"customFonts":807,"seoTitle":812,"jsCode":37,"tsCode":37,"title":812,"blocks":813,"url":803,"state":906},"Block attacks that trick users into running malicious code.","faLaptopCode",[808],{"files":809,"subsets":810,"menu":296,"version":274,"kind":273,"family":272,"lastModified":275,"variants":811,"category":295},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"200italic":291,"800italic":285,"700italic":287,"600italic":294,"100italic":288,"italic":289,"regular":290,"300italic":293,"500italic":292,"900italic":286},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"ClickFix protection",[814,901],{"@type":106,"@version":107,"tagName":323,"id":815,"meta":816,"children":817},"builder-d7eefdde0f2a4b2b9de3dcb2978fd6cb",{"previousId":696},[818,834,841,848,858,868,878,888,895],{"@type":106,"@version":107,"id":819,"meta":820,"component":821,"responsiveStyles":832},"builder-56e2c54bcce040a4af8b92ae03706c12",{"previousId":700},{"name":327,"options":822,"isRSC":118},{"title":812,"description":823,"points":824,"image":831},"\u003Cp>ClickFix attacks are one of the fastest-growing threats, tricking users into copying malicious code from a webpage and running it locally. This technique bypasses traditional EDR, email gateways, and network filters, leading directly to ransomware and data theft. Push stops this attack at the source, in the browser, by detecting and blocking the malicious behavior before the user can ever paste the code.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[825,827,829],{"item":826},"Detect ClickFix, FileFix, and fake CAPTCHA in the browser",{"item":828},"Block malicious copy-and-paste actions before code is executed",{"item":830},"See full telemetry into which users were targeted and what they saw","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b74af62889847ebb3927364485b0546",{"large":833},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":835,"meta":836,"component":837,"responsiveStyles":839},"builder-05f9614d4e3e4dc88b3ee8658f54e10e",{"previousId":716},{"name":346,"options":838,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":840},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":842,"meta":843,"component":844,"responsiveStyles":846},"builder-c4fb5179366243c1b6c32d368675cf47",{"previousId":723},{"name":354,"options":845,"isRSC":118},{"darkMode":41},{"large":847},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":849,"meta":850,"component":851,"responsiveStyles":856},"builder-261af50705fd445d8cca4a6ba20d5391",{"previousId":730},{"name":359,"tag":359,"options":852,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":853,"description":854,"reverse":6,"image":855},"\u003Ch2>Stop ClickFix-style attacks before they become a breach\u003C/h2>","\u003Cp>Traditional security tools are blind to malicious copy and paste attacks because the attack exploits a gap between the browser and the endpoint. EDR only sees the payload after it runs, and network tools see only part of the picture.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F98b2f7e08dec4eafaf8e24937605b8cf",{"large":857},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":859,"meta":860,"component":861,"responsiveStyles":866},"builder-7d21b8aab8064c40b1e5dd23c4749309",{"previousId":739},{"name":373,"options":862,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":863,"description":864,"reverse":41,"image":865},"\u003Ch2>Discover lures at the source\u003C/h2>","\u003Cp>Push inspects page behavior to identify ClickFix attacks as they happen. By inspecting the page, its structure, and how the user interacts with it, Push can detect and block these in-browser threats in real time. This deep, TTP-based inspection spots the trap even on novel pages that are built to bypass traditional web filters and blocklists.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F665bf47e01544c75bf9ddafd3917927b",{"large":867},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":869,"meta":870,"component":871,"responsiveStyles":876},"builder-fb91943adf6149259ed9e1e6566c9afe",{"previousId":749},{"name":373,"options":872,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":873,"description":874,"reverse":6,"image":875},"\u003Ch2>Block the malicious action\u003C/h2>","\u003Cp>When Push detects a malicious script, it intercepts the user's action and blocks the code from being copied to the clipboard. The user is protected, the attack is stopped, and no malicious code ever reaches the endpoint. Unlike broad DLP tools, this action is surgical, targeting only malicious behavior without disrupting normal work.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5ee68f81f1ac416685cbfe91298cf827",{"large":877},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":879,"meta":880,"component":881,"responsiveStyles":886},"builder-bfac95fada864e5a8259b955b5b5f98b",{"previousId":759},{"name":373,"options":882,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":883,"description":884,"reverse":41,"image":885},"\u003Ch2>Accelerate ClickFix investigations\u003C/h2>","\u003Cp>When an attack happens, knowing what the user saw or did is critical. Push provides rich browser session data for rapid investigation and containment. Security teams get detailed telemetry on which users were targeted, what lure they were served, and when the block occurred. This enables defenders to reconstruct what happened and respond quickly, even when other tools miss the activity entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6cdf2a8aeddc4e9a9023cbf974e40239",{"large":887},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":889,"meta":890,"component":891,"responsiveStyles":893},"builder-136892e831684a6987f87d3be67c33d1",{"previousId":769},{"name":354,"options":892,"isRSC":118},{"darkMode":6},{"large":894},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":896,"component":897,"responsiveStyles":899},"builder-dec26b739f2f42beb5a73cfc6c675b60",{"name":416,"tag":416,"options":898,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":900},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":902,"@type":106,"tagName":131,"properties":903,"responsiveStyles":904},"builder-pixel-zzjpxxgrc2l",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":905},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":907},{"path":37,"query":908},{},{},1770892881888,1761847585203,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F375467b8bef34ed1a8a1cc5b8b67d75f",[],{"lastPreviewUrl":915,"originalContentId":681,"winningTest":118,"hasLinks":6,"kind":438,"breakpoints":916,"hasAutosaves":6},"https://pushsecurity.com/uc/clickfix-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.ea4f309d2ffe46c5aa97ebf0fda4e2e3=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.use-case-page:/uc/clickfix-protection=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":918,"id":919,"name":920,"modelId":261,"published":13,"query":921,"data":924,"variations":1029,"lastUpdated":1030,"firstPublished":1031,"testRatio":33,"screenshot":1032,"createdBy":34,"lastUpdatedBy":674,"folders":1033,"meta":1034,"rev":440},1745009743870,"a9d5556e77f84a37b5bd52310a7110c1","Incident response",[922],{"@type":264,"property":265,"operator":266,"value":923},"/uc/incident-response",{"seoDescription":925,"customFonts":926,"title":920,"jsCode":37,"fontAwesomeIcon":931,"seoTitle":932,"tsCode":37,"blocks":933,"url":923,"state":1026},"Investigate and respond faster with unique browser telemetry.",[927],{"kind":273,"subsets":928,"menu":296,"variants":929,"category":295,"family":272,"version":274,"lastModified":275,"files":930},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"900italic":286,"600italic":294,"200italic":291,"300italic":293,"100italic":288,"700italic":287,"800italic":285,"regular":290,"italic":289,"500italic":292},"faSatelliteDish","Browser based incident response",[934,1021],{"@type":106,"@version":107,"tagName":323,"id":935,"meta":936,"children":937},"builder-653c4aed737b4def88dc4cd2d695660a",{"previousId":696},[938,955,962,969,978,988,998,1008,1015],{"@type":106,"@version":107,"id":939,"meta":940,"component":941,"responsiveStyles":953},"builder-18190bd36518467d9154d27d7e945b9b",{"previousId":700},{"name":327,"options":942,"isRSC":118},{"title":943,"description":944,"points":945,"video":952},"Browser-based incident response","\u003Cp>Push gives you real-time visibility into what actually happened during a breach, right in the browser where the attack played out. From credential theft to session hijacking, Push captures high-fidelity telemetry so you can investigate quickly, contain confidently, and shut it down before it spreads.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[946,948,950],{"item":947},"Reconstruct what happened with real browser session context",{"item":949},"Investigate faster with real-world session context",{"item":951},"Trigger response actions automatically through your SIEM or SOAR","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd00e39d3b6e346c296261d875cf55652%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=d00e39d3b6e346c296261d875cf55652&alt=media&optimized=true",{"large":954},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":956,"meta":957,"component":958,"responsiveStyles":960},"builder-8a0a8ea63f5d48dd8a6726f2d49cf0ca",{"previousId":716},{"name":346,"options":959,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":961},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":963,"meta":964,"component":965,"responsiveStyles":967},"builder-2df65c3f54334df2b26e7cb744886cdc",{"previousId":723},{"name":354,"options":966,"isRSC":118},{"darkMode":41},{"large":968},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":970,"component":971,"responsiveStyles":976},"builder-2c32c869efc2423ab69ef06b150e9f97",{"name":359,"tag":359,"options":972,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":973,"description":974,"image":975,"reverse":6},"\u003Ch2>See attacks unfold, not just their aftermath\u003C/h2>","\u003Cp>Attacks happen in the browser, not in logs. Push captures what traditional tools miss: what users clicked, what loaded, what was entered, and how attackers moved. That gives you real-world evidence, not just assumptions, when every second matters.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F36fc719bd1de4a38b916f4d25c81a26d",{"large":977},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":979,"meta":980,"component":981,"responsiveStyles":986},"builder-370e53c6016e432db01e9193a2ce90f6",{"previousId":739},{"name":373,"options":982,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":983,"description":984,"reverse":41,"image":985},"\u003Ch2>Investigate faster with high-fidelity data\u003C/h2>","\u003Cp>Reconstructing an incident shouldn’t feel like guesswork. Push records detailed telemetry from inside the browser: page loads, credential inputs, DOM changes, session activity, user behavior. It’s structured, exportable, and ready to plug into your investigation workflows, so you can move fast without digging through proxy logs or relying on user reports.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa6adda040e684e67a8d68a55c5ce5f6d",{"large":987},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":989,"meta":990,"component":991,"responsiveStyles":996},"builder-a7f3767a8d184bd08fb24520bf210e95",{"previousId":749},{"name":373,"options":992,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":993,"description":994,"reverse":6,"image":995},"\u003Ch2>Contain and respond in real time\u003C/h2>","\u003Cp>When something looks off, Push doesn’t just alert you, it gives you options. Guide users with in-browser prompts. Terminate sessions. Trigger SOAR workflows. Enrich SIEM alerts. Push gives you the context and control to stop spread before it starts.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb3dedeed5aba4847a2c2d22e10d0ec12",{"large":997},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":999,"meta":1000,"component":1001,"responsiveStyles":1006},"builder-b92036ee0ece4b32acdbdcc7c377366b",{"previousId":759},{"name":373,"options":1002,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1003,"description":1004,"reverse":41,"image":1005},"\u003Ch2>Prevent the next one\u003C/h2>","\u003Cp>Push helps you respond fast, but it also helps you fix what went wrong. It surfaces misconfigurations and risky behaviors that made the attack possible in the first place, then guides users in-browser to remediate. One tool. Full loop. No loose ends.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc1ecc2d5d3814b62b072fac01827ff96",{"large":1007},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1009,"meta":1010,"component":1011,"responsiveStyles":1013},"builder-5e8ae39655274de89da32ab573a2525a",{"previousId":769},{"name":354,"options":1012,"isRSC":118},{"darkMode":6},{"large":1014},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1016,"component":1017,"responsiveStyles":1019},"builder-dfd6850cfb4741d2b8a0c16c2780f00a",{"name":416,"tag":416,"options":1018,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1020},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1022,"@type":106,"tagName":131,"properties":1023,"responsiveStyles":1024},"builder-pixel-z197gdgcmu",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1025},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1027},{"path":37,"query":1028},{},{},1770892908052,1745427419274,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb07017bfd318431690a5bb35bda35b99",[],{"kind":438,"breakpoints":1035,"originalContentId":681,"winningTest":118,"lastPreviewUrl":1036,"hasLinks":6,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/incident-response?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.a9d5556e77f84a37b5bd52310a7110c1=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.use-case-page:/uc/incident-response=a9d5556e77f84a37b5bd52310a7110c1&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"createdDate":1038,"id":1039,"name":1040,"modelId":261,"published":13,"query":1041,"data":1044,"variations":1149,"lastUpdated":1150,"firstPublished":1151,"testRatio":33,"screenshot":1152,"createdBy":34,"lastUpdatedBy":674,"folders":1153,"meta":1154,"rev":440},1746122471259,"5f118e24433d46ceb79f5099987156d7","Shadow SaaS",[1042],{"@type":264,"property":265,"operator":266,"value":1043},"/uc/shadow-saas",{"seoTitle":1045,"seoDescription":1046,"customFonts":1047,"fontAwesomeIcon":1052,"title":1053,"jsCode":37,"tsCode":37,"blocks":1054,"url":1043,"state":1146},"Find and secure shadow SaaS","See and control shadow SaaS in the browser.",[1048],{"kind":273,"variants":1049,"files":1050,"family":272,"version":274,"subsets":1051,"lastModified":275,"category":295,"menu":296},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"regular":290,"900italic":286,"italic":289,"100italic":288,"200italic":291,"600italic":294,"700italic":287,"800italic":285},[298,299],"faShieldCheck","Secure shadow SaaS",[1055,1141],{"@type":106,"@version":107,"tagName":323,"id":1056,"meta":1057,"children":1058},"builder-04da805c4cd34652a2db452fcda52e1d",{"previousId":935},[1059,1075,1082,1089,1098,1108,1118,1128,1135],{"@type":106,"@version":107,"id":1060,"meta":1061,"component":1062,"responsiveStyles":1073},"builder-830d414faeaf41439142f9157e8288c8",{"previousId":939},{"name":327,"options":1063,"isRSC":118},{"title":1045,"description":1064,"points":1065,"video":1072},"\u003Cp>SaaS sprawl is one of today’s fastest-growing security blind spots because most tools monitor around the edges. Push sees it at the source, in the browser, revealing every app users access, flagging risky tools, and helping you shut down exposure before it leads to a breach. No guesswork. No nasty surprises. Just real-time visibility and control.\u003C/p>",[1066,1068,1070],{"item":1067},"Discover every SaaS app users access, managed or not",{"item":1069},"Spot accounts with weak security postures like missing MFA, unmanaged access, and no SSO",{"item":1071},"Control usage with in-browser prompts, blocks, and security guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e4eece318d04d6586e691d59d0741cf%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=3e4eece318d04d6586e691d59d0741cf&alt=media&optimized=true",{"large":1074},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1076,"meta":1077,"component":1078,"responsiveStyles":1080},"builder-cd7833f966cb4c7e8adf0d6c979414a6",{"previousId":956},{"name":346,"options":1079,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1081},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1083,"meta":1084,"component":1085,"responsiveStyles":1087},"builder-49d720b45430454e8b08c526f267c19f",{"previousId":963},{"name":354,"options":1086,"isRSC":118},{"darkMode":41},{"large":1088},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1090,"component":1091,"responsiveStyles":1096},"builder-3dde0bf6c8544e5e9ab41b18a9d68034",{"name":359,"tag":359,"options":1092,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1093,"description":1094,"image":1095,"reverse":6},"\u003Ch2>Use your browser to curb Saas Sprawl\u003C/h2>","\u003Cp>Shadow SaaS isn’t hiding in your network, it’s in your browser. From AI tools to unsanctioned file-sharing sites, security risks live in the apps your users sign into every day. Push maps your organization's true SaaS footprint in real time, exposing apps and accounts with unmanaged access, poor authentication, or no security oversight.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb6811a214c7949b6bbe0b9a3bca62efd",{"large":1097},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1099,"meta":1100,"component":1101,"responsiveStyles":1106},"builder-e2420451ccdc4f088d0a4904cff45935",{"previousId":979},{"name":373,"options":1102,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1103,"description":1104,"reverse":41,"image":1105},"\u003Ch2>Discover hidden SaaS usage\u003C/h2>","\u003Cp>Push captures live browser telemetry across every tab and session. Whether a user signs into a sanctioned app with a personal account or tries a new AI plugin, you’ll see it in real time, with no integrations or manual tagging.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe16e301f9af94665b95d98232a863d8a",{"large":1107},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1109,"meta":1110,"component":1111,"responsiveStyles":1116},"builder-b36de7fce7994beea9e58d94662e7166",{"previousId":989},{"name":373,"options":1112,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1113,"description":1114,"reverse":6,"image":1115},"\u003Ch2>Spot risky access and unsafe usage\u003C/h2>","\u003Cp>Discovery is just the beginning. Push flags apps with risky traits, no MFA, no SSO, known vulnerabilities, or broad access scopes. You’ll know which tools introduce real risk, and which users are exposed so you can act with precision.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6585f3c242da4d70ae3cb7d02f481bef",{"large":1117},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1119,"meta":1120,"component":1121,"responsiveStyles":1126},"builder-dc366b5134684fe7a508edf8913103ea",{"previousId":999},{"name":373,"options":1122,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1123,"description":1124,"reverse":41,"image":1125},"\u003Ch2>Close gaps before they grow\u003C/h2>","\u003Cp>Push turns insight into action. When risky SaaS use is detected, guide users to enable MFA, block high-risk apps, or apply in-browser guardrails automatically. All without deploying new infrastructure or managing dozens of integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe6d60b6d91414819bc6258a318f00557",{"large":1127},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1129,"meta":1130,"component":1131,"responsiveStyles":1133},"builder-8708f6f0d8da4b3f9e17bf16cda70219",{"previousId":1009},{"name":354,"options":1132,"isRSC":118},{"darkMode":6},{"large":1134},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1136,"component":1137,"responsiveStyles":1139},"builder-8ff4b38d60534cf28cb523ab0f754875",{"name":416,"tag":416,"options":1138,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1140},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1142,"@type":106,"tagName":131,"properties":1143,"responsiveStyles":1144},"builder-pixel-d1ul2kmxbed",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1145},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1147},{"path":37,"query":1148},{},{},1770892936802,1746714967208,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01bfb2304521412fbd2e1a1180904d40",[],{"originalContentId":919,"winningTest":118,"lastPreviewUrl":1155,"breakpoints":1156,"kind":438,"hasLinks":6,"hasAutosaves":6},"https://pushsecurity.com/uc/shadow-saas?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=5f118e24433d46ceb79f5099987156d7&builder.overrides.5f118e24433d46ceb79f5099987156d7=5f118e24433d46ceb79f5099987156d7&builder.overrides.use-case-page:/uc/shadow-saas=5f118e24433d46ceb79f5099987156d7&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":1158,"id":1159,"name":1160,"modelId":261,"published":13,"query":1161,"data":1164,"variations":1268,"lastUpdated":1269,"firstPublished":1270,"testRatio":33,"screenshot":1271,"createdBy":34,"lastUpdatedBy":674,"folders":1272,"meta":1273,"rev":440},1764707470172,"b62629ce2f3741158d961cd10fe74b31","Shadow AI",[1162],{"@type":264,"property":265,"operator":266,"value":1163},"/uc/shadow-ai",{"fontAwesomeIcon":1165,"seoTitle":1166,"jsCode":37,"customFonts":1167,"title":1172,"tsCode":37,"seoDescription":1173,"blocks":1174,"url":1163,"state":1265},"faBrainCircuit","Secure AI native and AI enhanced apps. ",[1168],{"variants":1169,"category":295,"files":1170,"subsets":1171,"family":272,"kind":273,"menu":296,"lastModified":275,"version":274},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"regular":290,"700italic":287,"200italic":291,"italic":289,"500italic":292,"600italic":294,"300italic":293,"100italic":288,"900italic":286},[298,299],"Secure shadow AI","See and control shadow AI apps in the browser.",[1175,1260],{"@type":106,"@version":107,"tagName":323,"id":1176,"meta":1177,"children":1178},"builder-a6e5717a2c914d5695058e4ee201a05d",{"previousId":1056},[1179,1195,1202,1209,1219,1228,1237,1247,1254],{"@type":106,"@version":107,"id":1180,"meta":1181,"component":1182,"responsiveStyles":1193},"builder-3e0ed678683f4a0eb7aa00253cf263b2",{"previousId":1060},{"name":327,"options":1183,"isRSC":118},{"title":1172,"description":1184,"points":1185,"image":1192},"\u003Cp>Your employees are adopting AI faster than you can track it. From native features in corporate apps to unapproved shadow tools, it’s all happening in the browser. Push detects every AI interaction in real time, letting you categorize apps and enforce acceptable use policies in the browser.\u003C/p>",[1186,1188,1190],{"item":1187},"Map every AI tool used across your workforce",{"item":1189},"Review and classify apps by sensitivity, purpose, and policy status",{"item":1191},"Enforce AI usage rules directly in the browser","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33cf153d920f4e389f3650253577cff7",{"large":1194},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1196,"meta":1197,"component":1198,"responsiveStyles":1200},"builder-76968f8471d14893b8189d75b08fb426",{"previousId":1076},{"name":346,"options":1199,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1201},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1203,"meta":1204,"component":1205,"responsiveStyles":1207},"builder-b55b9d4bc5a649d8839ce7f6c2043d95",{"previousId":1083},{"name":354,"options":1206,"isRSC":118},{"darkMode":41},{"large":1208},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1210,"meta":1211,"component":1212,"responsiveStyles":1217},"builder-c3f38ef4d75d4989a29b5903175ed8a1",{"previousId":1090},{"name":359,"tag":359,"options":1213,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1214,"description":1215,"image":1216,"reverse":6},"\u003Ch2>Use your browser to govern AI \u003C/h2>","\u003Cp>The AI footprint inside your company is bigger than you think. From text generators to meeting assistants and design copilots, employees test, adopt, and connect new tools constantly. Push shows you those tools and which users are accessing them, without relying on network scans or API integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F30b43bda6f1644c19478fb1efa20050c",{"large":1218},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1220,"meta":1221,"component":1222,"responsiveStyles":1226},"builder-90ee9cb9afc44e7f885523715bf51a53",{"previousId":1099},{"name":373,"options":1223,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1224,"description":1225,"reverse":41,"image":1115},"\u003Ch2>Discover every AI tool users touch\u003C/h2>","\u003Cp>Push captures live telemetry from the browser, identifying every AI-native and AI-enhanced application users access. You’ll know which corporate identities are connected, how data flows, and what new AI apps appear across your environment. \u003C/p>",{"large":1227},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1229,"meta":1230,"component":1231,"responsiveStyles":1235},"builder-9e44539fa53c4d8e87406036c921fc46",{"previousId":1109},{"name":373,"options":1232,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1233,"description":1234,"reverse":6,"image":1125},"\u003Ch2>Classify and manage AI risk\u003C/h2>","\u003Cp>For apps you choose to allow, Push lets you apply custom in-browser banners. You can bulk-select categories of AI tools and require users to read and acknowledge your acceptable use policy before they proceed. This creates an auditable trail and moves policy from an easy to forget document to an active, in-workflow control.\u003C/p>",{"large":1236},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1238,"meta":1239,"component":1240,"responsiveStyles":1245},"builder-44c1a891926f4bdeaaa37e90721fe6ac",{"previousId":1119},{"name":373,"options":1241,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1242,"description":1243,"reverse":41,"image":1244},"\u003Ch2>Enforce your AI policy in the browser\u003C/h2>","\u003Cp>When an AI tool is deemed non-compliant or too risky, Push blocks it at the source. The block happens directly in the browser, preventing the user from accessing the site or submitting data. This gives you an immediate, powerful lever to stop data exfiltration and enforce a hard line on unacceptable risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa359ac1805af4e15a8a7f84632b9bb55",{"large":1246},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1248,"meta":1249,"component":1250,"responsiveStyles":1252},"builder-dcc906f9cbe54dc68b3c672668e7a38f",{"previousId":1129},{"name":354,"options":1251,"isRSC":118},{"darkMode":6},{"large":1253},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1255,"component":1256,"responsiveStyles":1258},"builder-d2d64780c31b4349bc75805b23a07e38",{"name":416,"tag":416,"options":1257,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1259},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1261,"@type":106,"tagName":131,"properties":1262,"responsiveStyles":1263},"builder-pixel-wxx9tk70r9p",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1264},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1266},{"path":37,"query":1267},{},{},1770892957225,1764950077593,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe558b8b069884037a8e6904f7ecc029c",[],{"winningTest":118,"breakpoints":1274,"originalContentId":1039,"kind":438,"lastPreviewUrl":1275,"hasLinks":6,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/shadow-ai?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=b62629ce2f3741158d961cd10fe74b31&builder.overrides.b62629ce2f3741158d961cd10fe74b31=b62629ce2f3741158d961cd10fe74b31&builder.overrides.use-case-page:/uc/shadow-ai=b62629ce2f3741158d961cd10fe74b31&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"_path":1277,"_dir":1278,"_draft":6,"_partial":6,"_locale":37,"sys":1279,"ogImage":118,"summary":1282,"title":1296,"subtitle":118,"metaTitle":1297,"synopsis":1298,"hashTags":118,"publishedDate":1299,"slug":1300,"content":1301,"tagsCollection":2072,"relatedBlogPostsCollection":2082,"authorsCollection":2772,"_id":2780,"_type":2781,"_source":2782,"_file":2783,"_stem":2784,"_extension":2781},"/blog/embrace-saas-to-move-faster-than-your-competitors","blog",{"id":1280,"publishedAt":1281},"6tC3Xqkq7kdTMOvqLMEafp","2025-04-28T18:09:28.631Z",{"json":1283},{"data":1284,"content":1285,"nodeType":1295},{},[1286],{"data":1287,"content":1288,"nodeType":1294},{},[1289],{"data":1290,"marks":1291,"value":1292,"nodeType":1293},{},[],"One of the questions we hear all the time is, “Can’t I just block my employees from using SaaS that my team hasn’t already vetted and approved?” And the answer is “Yes, you can. You can certainly block the apps we find your employees using, but the real question is ‘Should you?’”","text","paragraph","document","Embrace SaaS to move faster than your competitors","Move faster than competitors by embracing SaaS","Look at enabling SaaS from a broader understanding of the business and not just the impact to security","2023-04-21T00:00:00.000Z","embrace-saas-to-move-faster-than-your-competitors",{"json":1302,"links":2067},{"nodeType":1295,"data":1303,"content":1304},{},[1305,1312,1319,1327,1334,1355,1362,1408,1415,1423,1468,1488,1495,1502,1509,1529,1549,1556,1591,1598,1618,1625,1632,1664,1684,1691,1698,1705,1712,1719,1726,1733,1740,1747,1754,1761,1768,1775,1791,1798,1869,1876,1883,1912,1928,1935,1942,1949,1982,2002,2009,2016,2023,2030,2049],{"nodeType":1294,"data":1306,"content":1307},{},[1308],{"nodeType":1293,"value":1309,"marks":1310,"data":1311},"Our goal at Push is simple - to reduce the risk of using SaaS apps at work. Doing this well means building controls that are easy to use, easy to understand - and ultimately effective. Not just effective against the hand-wavy concept of “SaaS attacks” but specific techniques –the most common techniques that are likely to cause real damage.",[],{},{"nodeType":1294,"data":1313,"content":1314},{},[1315],{"nodeType":1293,"value":1316,"marks":1317,"data":1318},"To talk about this, we need to have a shared understanding of what these techniques are. To get that conversation going we’ve pulled together all the techniques we're aware of, and our research team has even added a bunch of new ones.",[],{},{"nodeType":1320,"data":1321,"content":1322},"heading-1",{},[1323],{"nodeType":1293,"value":1324,"marks":1325,"data":1326},"The SaaS attack matrix",[],{},{"nodeType":1294,"data":1328,"content":1329},{},[1330],{"nodeType":1293,"value":1331,"marks":1332,"data":1333},"We’ve taken inspiration from the MITRE ATT&CK framework (certainly intended as the sincerest form of flattery), but wanted to make a conscious break away from the endpoint-focused ATT&CK techniques and instead focus on techniques that are SaaS-specific. In fact, these techniques don’t touch endpoints (so they bypass EDR) or customer networks (so  they bypass network detection) - so we’re calling them networkless attacks.",[],{},{"nodeType":1294,"data":1335,"content":1336},{},[1337,1341,1352],{"nodeType":1293,"value":1338,"marks":1339,"data":1340},"You can find more detailed descriptions of these techniques (and hopefully PR’s for some we missed) on ",[],{},{"nodeType":1342,"data":1343,"content":1345},"hyperlink",{"uri":1344},"https://github.com/pushsecurity/saas-attacks",[1346],{"nodeType":1293,"value":1347,"marks":1348,"data":1351},"GitHub",[1349],{"type":1350},"underline",{},{"nodeType":1293,"value":37,"marks":1353,"data":1354},[],{},{"nodeType":1294,"data":1356,"content":1357},{},[1358],{"nodeType":1293,"value":1359,"marks":1360,"data":1361},"Since we’re not targeting endpoints, let’s talk about the new targets: the accounts/identities on SaaS apps. We found it was useful to not think about these identities as stand-alone isolated islands - they are much more like a graph; less a single web-server on the internet and more like many Windows endpoints on an Active Directory. ",[],{},{"nodeType":1294,"data":1363,"content":1364},{},[1365,1369,1378,1382,1391,1395,1404],{"nodeType":1293,"value":1366,"marks":1367,"data":1368},"You can leverage this access to an identity on a trusted platform to target (so laterally more or escalate privilege to) other users or identities. For example, attacks like using access to SaaS apps to ",[],{},{"nodeType":1342,"data":1370,"content":1372},{"uri":1371},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/in-app_phishing/description.md",[1373],{"nodeType":1293,"value":1374,"marks":1375,"data":1377},"phish other employees through comments",[1376],{"type":1350},{},{"nodeType":1293,"value":1379,"marks":1380,"data":1381}," and ",[],{},{"nodeType":1342,"data":1383,"content":1385},{"uri":1384},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/im_user_spoofing/description.md",[1386],{"nodeType":1293,"value":1387,"marks":1388,"data":1390},"spoofing users on IM platforms",[1389],{"type":1350},{},{"nodeType":1293,"value":1392,"marks":1393,"data":1394}," to social engineer them there - or perhaps ",[],{},{"nodeType":1342,"data":1396,"content":1398},{"uri":1397},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/link_backdooring/description.md",[1399],{"nodeType":1293,"value":1400,"marks":1401,"data":1403},"backdooring links",[1402],{"type":1350},{},{"nodeType":1293,"value":1405,"marks":1406,"data":1407}," in documents.",[],{},{"nodeType":1294,"data":1409,"content":1410},{},[1411],{"nodeType":1293,"value":1412,"marks":1413,"data":1414},"In this case, unusually, it’s not the data in these hundreds of SaaS apps that create risk, and you need to consider low-risk (from a data perspective) apps as a vector to pivot to higher risk apps in your estate.",[],{},{"nodeType":1416,"data":1417,"content":1418},"heading-2",{},[1419],{"nodeType":1293,"value":1420,"marks":1421,"data":1422},"Initial access and poisoned tenants",[],{},{"nodeType":1294,"data":1424,"content":1425},{},[1426,1430,1439,1442,1451,1455,1464],{"nodeType":1293,"value":1427,"marks":1428,"data":1429},"Attacks like ",[],{},{"nodeType":1342,"data":1431,"content":1433},{"uri":1432},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/credential_stuffing/description.md",[1434],{"nodeType":1293,"value":1435,"marks":1436,"data":1438},"credential stuffing",[1437],{"type":1350},{},{"nodeType":1293,"value":1379,"marks":1440,"data":1441},[],{},{"nodeType":1342,"data":1443,"content":1445},{"uri":1444},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/email_phishing/description.md",[1446],{"nodeType":1293,"value":1447,"marks":1448,"data":1450},"email phishing",[1449],{"type":1350},{},{"nodeType":1293,"value":1452,"marks":1453,"data":1454}," that get you initial access to SaaS apps are fairly well known - because they work and are widely used. We’re also starting to see tools and attacks that suggest ",[],{},{"nodeType":1342,"data":1456,"content":1458},{"uri":1457},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/im_phishing/description.md",[1459],{"nodeType":1293,"value":1460,"marks":1461,"data":1463},"phishing employees through these IM apps",[1462],{"type":1350},{},{"nodeType":1293,"value":1465,"marks":1466,"data":1467}," is about to go mainstream.",[],{},{"nodeType":1294,"data":1469,"content":1470},{},[1471,1475,1484],{"nodeType":1293,"value":1472,"marks":1473,"data":1474},"Another interesting attack is a spin on the classic waterhole attack called a ",[],{},{"nodeType":1342,"data":1476,"content":1478},{"uri":1477},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/poisoned_tenants/description.md",[1479],{"nodeType":1293,"value":1480,"marks":1481,"data":1483},"poisoned tenant",[1482],{"type":1350},{},{"nodeType":1293,"value":1485,"marks":1486,"data":1487},". Rather than attacking a customer tenant for a SaaS app, the attacker lures employees into joining an attacker-controlled tenant. ",[],{},{"nodeType":1294,"data":1489,"content":1490},{},[1491],{"nodeType":1293,"value":1492,"marks":1493,"data":1494},"SaaS apps allow anyone to name app tenants (a.k.a. spaces, teams, or instances) anything they like - including your company name. Attackers send invites to your employees from within the app with a customized message explaining why they should join this new tenant (or sign up to the app if they are not already a user). ",[],{},{"nodeType":1294,"data":1496,"content":1497},{},[1498],{"nodeType":1293,"value":1499,"marks":1500,"data":1501},"Attackers might even pay for premium licenses in the app to further entice employees to join. The attacker then waits for the employee to upload sensitive data or create integrations with other company apps containing crown jewels.",[],{},{"nodeType":1416,"data":1503,"content":1504},{},[1505],{"nodeType":1293,"value":1506,"marks":1507,"data":1508},"Living-off-the-(SaaS)-land to persist and avoid detection",[],{},{"nodeType":1294,"data":1510,"content":1511},{},[1512,1516,1525],{"nodeType":1293,"value":1513,"marks":1514,"data":1515},"In the endpoint world, a favorite technique is the use of legit OS utilities or ",[],{},{"nodeType":1342,"data":1517,"content":1519},{"uri":1518},"https://lolbas-project.github.io",[1520],{"nodeType":1293,"value":1521,"marks":1522,"data":1524},"LOLBaS",[1523],{"type":1350},{},{"nodeType":1293,"value":1526,"marks":1527,"data":1528}," (Living-Off-the-Land Binaries and Scripts), which are often signed Microsoft utilities. Perhaps the most well-known example is executing scripts through PowerShell rather than building custom malware. That isn’t as useful these days but there was a time when PowerShell was routinely used to bypass AV, EDR, and even app allow-listing.",[],{},{"nodeType":1294,"data":1530,"content":1531},{},[1532,1536,1545],{"nodeType":1293,"value":1533,"marks":1534,"data":1535},"In that same living-off-the-land mindset, an attacker trying to maintain access to each SaaS app they compromise using custom OAuth integration apps, might instead choose to use legit SaaS apps that specialize in workflow automation to create ",[],{},{"nodeType":1342,"data":1537,"content":1539},{"uri":1538},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/shadow_workflows/description.md",[1540],{"nodeType":1293,"value":1541,"marks":1542,"data":1544},"shadow workflows",[1543],{"type":1350},{},{"nodeType":1293,"value":1546,"marks":1547,"data":1548},". Utilizing legit SaaS apps also means they can hide in plain sight from incident responders, instead of having to rely on unverified or unpublished integrations.",[],{},{"nodeType":1294,"data":1550,"content":1551},{},[1552],{"nodeType":1293,"value":1553,"marks":1554,"data":1555},"Perhaps the best example here is using a well-known automation app like Zapier, which claims to have more than 5000 integrations. These integrations are often verified, approved, and connected to a trusted vendor (Zapier). An attacker might create workflows to:",[],{},{"nodeType":1557,"data":1558,"content":1559},"unordered-list",{},[1560,1571,1581],{"nodeType":1561,"data":1562,"content":1563},"list-item",{},[1564],{"nodeType":1294,"data":1565,"content":1566},{},[1567],{"nodeType":1293,"value":1568,"marks":1569,"data":1570},"do daily data exfiltration from a victim’s data lake",[],{},{"nodeType":1561,"data":1572,"content":1573},{},[1574],{"nodeType":1294,"data":1575,"content":1576},{},[1577],{"nodeType":1293,"value":1578,"marks":1579,"data":1580},"configure a webhook which adds malicious accounts to a github repo on demand",[],{},{"nodeType":1561,"data":1582,"content":1583},{},[1584],{"nodeType":1294,"data":1585,"content":1586},{},[1587],{"nodeType":1293,"value":1588,"marks":1589,"data":1590},"automatically find and replace bank account numbers in emails to the finance team",[],{},{"nodeType":1294,"data":1592,"content":1593},{},[1594],{"nodeType":1293,"value":1595,"marks":1596,"data":1597},"All appear as legitimate Zapier integrations. But, before you put in alerts specifically for Zapier, know that it’s one of dozens of apps that support these kinds of offensive workflows.",[],{},{"nodeType":1294,"data":1599,"content":1600},{},[1601,1605,1614],{"nodeType":1293,"value":1602,"marks":1603,"data":1604},"A sneaky attacker might go further and use an ",[],{},{"nodeType":1342,"data":1606,"content":1608},{"uri":1607},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/evil_twin_integrations/description.md",[1609],{"nodeType":1293,"value":1610,"marks":1611,"data":1613},"evil twin integration",[1612],{"type":1350},{},{"nodeType":1293,"value":1615,"marks":1616,"data":1617}," to make another instance of an existing integration - making this backdoor almost impossible to discover.",[],{},{"nodeType":1416,"data":1619,"content":1620},{},[1621],{"nodeType":1293,"value":1622,"marks":1623,"data":1624},"Features or vulnerabilities?",[],{},{"nodeType":1294,"data":1626,"content":1627},{},[1628],{"nodeType":1293,"value":1629,"marks":1630,"data":1631},"When looking for attack techniques, you’re typically going after features that have weaknesses you can abuse rather than bugs in a single app that will be patched. ",[],{},{"nodeType":1294,"data":1633,"content":1634},{},[1635,1639,1648,1651,1660],{"nodeType":1293,"value":1636,"marks":1637,"data":1638},"It’s pretty common for SaaS apps to skip email verification or allow multiple simultaneous authentication methods. Both of these are conscious design choices in the name of lowering the friction of account creation and reducing customer support. However, these features make techniques like ",[],{},{"nodeType":1342,"data":1640,"content":1642},{"uri":1641},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/account_ambushing/description.md",[1643],{"nodeType":1293,"value":1644,"marks":1645,"data":1647},"account ambushing",[1646],{"type":1350},{},{"nodeType":1293,"value":1379,"marks":1649,"data":1650},[],{},{"nodeType":1342,"data":1652,"content":1654},{"uri":1653},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/ghost_logins/description.md",[1655],{"nodeType":1293,"value":1656,"marks":1657,"data":1659},"ghost logins",[1658],{"type":1350},{},{"nodeType":1293,"value":1661,"marks":1662,"data":1663}," possible. If these attacks become widespread, these might come to be seen more as bugs rather than a positive feature for users.",[],{},{"nodeType":1294,"data":1665,"content":1666},{},[1667,1671,1680],{"nodeType":1293,"value":1668,"marks":1669,"data":1670},"In other cases, the bugs are serious enough and hard enough to patch that they’re worth noting as a technique. The recently disclosed (and perfectly named) ",[],{},{"nodeType":1342,"data":1672,"content":1674},{"uri":1673},"https://www.descope.com/blog/post/noauth",[1675],{"nodeType":1293,"value":1676,"marks":1677,"data":1679},"nOAuth",[1678],{"type":1350},{},{"nodeType":1293,"value":1681,"marks":1682,"data":1683}," bug fits this bill. ",[],{},{"nodeType":1294,"data":1685,"content":1686},{},[1687],{"nodeType":1293,"value":1688,"marks":1689,"data":1690},"The bug arises from a confusion between an email identity and email metadata field in Microsoft integrations and without a central fix from MS (the fix isn’t trivial), these bugs are likely to be discovered and re-occur on third-party OAuth apps for a while to come.",[],{},{"nodeType":1320,"data":1692,"content":1693},{},[1694],{"nodeType":1293,"value":1695,"marks":1696,"data":1697},"The SaaS market is driving these offensive techniques",[],{},{"nodeType":1294,"data":1699,"content":1700},{},[1701],{"nodeType":1293,"value":1702,"marks":1703,"data":1704},"SaaS apps are basically webapps that are run in the cloud and accessed from endpoints, so then WebApp, endpoint, and cloud security should cover all of SaaS, right? ",[],{},{"nodeType":1294,"data":1706,"content":1707},{},[1708],{"nodeType":1293,"value":1709,"marks":1710,"data":1711},"That was our assumption when we started, but what we found instead was that SaaS marketing  best practices are driving a lot of pretty interesting techniques that you don’t run into in standalone web apps.",[],{},{"nodeType":1416,"data":1713,"content":1714},{},[1715],{"nodeType":1293,"value":1716,"marks":1717,"data":1718},"Modern SaaS is easy to adopt, easy to use, low friction, low cost, low overhead",[],{},{"nodeType":1294,"data":1720,"content":1721},{},[1722],{"nodeType":1293,"value":1723,"marks":1724,"data":1725},"Making apps easy to sign-up for and low effort to support means you need to make some interesting choices when it comes to designing account creation and recovery flows. ",[],{},{"nodeType":1294,"data":1727,"content":1728},{},[1729],{"nodeType":1293,"value":1730,"marks":1731,"data":1732},"Many apps allow users to sign into apps using multiple methods, easily invite collaborators (internal and external) and avoid any additional friction during the sign up process. ",[],{},{"nodeType":1294,"data":1734,"content":1735},{},[1736],{"nodeType":1293,"value":1737,"marks":1738,"data":1739},"For example, many apps avoid verifying new account email addresses. This is not laziness, these are conscious design choices - not driven by security clearly, but not accidents.",[],{},{"nodeType":1416,"data":1741,"content":1742},{},[1743],{"nodeType":1293,"value":1744,"marks":1745,"data":1746},"Modern SaaS is highly integrated",[],{},{"nodeType":1294,"data":1748,"content":1749},{},[1750],{"nodeType":1293,"value":1751,"marks":1752,"data":1753},"Most SaaS apps are trying to build app marketplaces or perform well in other app’s marketplaces (often both) and it’s rare these days to find apps that don’t integrate with other apps. ",[],{},{"nodeType":1294,"data":1755,"content":1756},{},[1757],{"nodeType":1293,"value":1758,"marks":1759,"data":1760},"OAuth has become the de facto standard protocol for doing this, and most users have become quite used to approving OAuth2.0 consent flows. These integrations have opened up lots of incredibly useful doors for attackers to persist access and move laterally across SaaS apps that few incident response teams have run into yet. These tokens don’t expire when you reset passwords, aren’t protected by MFA, and actions they performed are rarely logged. ",[],{},{"nodeType":1294,"data":1762,"content":1763},{},[1764],{"nodeType":1293,"value":1765,"marks":1766,"data":1767},"These are not bugs or oversights but rather a consequence of how these APIs are intended to be used (by machines, not human adversaries).",[],{},{"nodeType":1320,"data":1769,"content":1770},{},[1771],{"nodeType":1293,"value":1772,"marks":1773,"data":1774},"Problems with observing SaaS attacks ",[],{},{"nodeType":1294,"data":1776,"content":1777},{},[1778,1782,1787],{"nodeType":1293,"value":1779,"marks":1780,"data":1781},"This research begs one question above others - ",[],{},{"nodeType":1293,"value":1783,"marks":1784,"data":1786},"“Are we seeing these attacks in the wild?",[1785],{"type":312},{},{"nodeType":1293,"value":1788,"marks":1789,"data":1790},"” ",[],{},{"nodeType":1416,"data":1792,"content":1793},{},[1794],{"nodeType":1293,"value":1795,"marks":1796,"data":1797},"Yes, definitely",[],{},{"nodeType":1294,"data":1799,"content":1800},{},[1801,1805,1814,1817,1826,1830,1839,1843,1852,1856,1865],{"nodeType":1293,"value":1802,"marks":1803,"data":1804},"For some of the better known techniques, like credential stuffing and email phishing, the answer is an easy yes. Stats from ",[],{},{"nodeType":1342,"data":1806,"content":1808},{"uri":1807},"https://www.microsoft.com/en-us/security/blog/2023/05/04/how-microsoft-can-help-you-go-passwordless-this-world-password-day/",[1809],{"nodeType":1293,"value":1810,"marks":1811,"data":1813},"Microsoft (1,287 password attacks every second)",[1812],{"type":1350},{},{"nodeType":1293,"value":1379,"marks":1815,"data":1816},[],{},{"nodeType":1342,"data":1818,"content":1820},{"uri":1819},"https://auth0.com/blog/top-insights-from-our-2022-state-of-secure-identity-report/",[1821],{"nodeType":1293,"value":1822,"marks":1823,"data":1825},"Auth0 (a third of their traffic is credential stuffing)",[1824],{"type":1350},{},{"nodeType":1293,"value":1827,"marks":1828,"data":1829}," speaks volumes. Other sources like the ",[],{},{"nodeType":1342,"data":1831,"content":1833},{"uri":1832},"https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022",[1834],{"nodeType":1293,"value":1835,"marks":1836,"data":1838},"NCSC's Cyber Security Breaches Survey 2022",[1837],{"type":1350},{},{"nodeType":1293,"value":1840,"marks":1841,"data":1842}," and the ",[],{},{"nodeType":1342,"data":1844,"content":1846},{"uri":1845},"https://www.verizon.com/business/resources/reports/dbir/",[1847],{"nodeType":1293,"value":1848,"marks":1849,"data":1851},"Verizon 2023 Data Breach Investigations Report",[1850],{"type":1350},{},{"nodeType":1293,"value":1853,"marks":1854,"data":1855}," suggest that phishing is also a major cause of SaaS breaches. Anecdotal reports from colleagues in the Incident Response field suggest that malicious mail forwarding rules are seen a lot, something which is supported by the ",[],{},{"nodeType":1342,"data":1857,"content":1859},{"uri":1858},"https://expel.com/expel-quarterly-threat-report/",[1860],{"nodeType":1293,"value":1861,"marks":1862,"data":1864},"Expel Quarterly Threat Report for Q1 2023",[1863],{"type":1350},{},{"nodeType":1293,"value":1866,"marks":1867,"data":1868}," (see page 6).",[],{},{"nodeType":1294,"data":1870,"content":1871},{},[1872],{"nodeType":1293,"value":1873,"marks":1874,"data":1875},"The takeaway is that the current focus for defenders should be to ensure users have good phishing-resistant account security in place - make sure you have basics like strong unique passwords and MFA in place across your entire SaaS estate.",[],{},{"nodeType":1416,"data":1877,"content":1878},{},[1879],{"nodeType":1293,"value":1880,"marks":1881,"data":1882},"For newer OAuth attacks it’s a lot less clear…",[],{},{"nodeType":1294,"data":1884,"content":1885},{},[1886,1890,1895,1899,1908],{"nodeType":1293,"value":1887,"marks":1888,"data":1889},"Other techniques like consent phishing, and have been discussed in some breach disclosures like the ",[],{},{"nodeType":1293,"value":1891,"marks":1892,"data":1894},"2020 Sans breach",[1893],{"type":1350},{},{"nodeType":1293,"value":1896,"marks":1897,"data":1898},". These OAuth techniques also pop up in the news (for example, the ",[],{},{"nodeType":1342,"data":1900,"content":1902},{"uri":1901},"https://www.bleepingcomputer.com/news/security/github-how-stolen-oauth-tokens-helped-breach-dozens-of-orgs/",[1903],{"nodeType":1293,"value":1904,"marks":1905,"data":1907},"2022 Github/Heroku/Travis-CI breach",[1906],{"type":1350},{},{"nodeType":1293,"value":1909,"marks":1910,"data":1911}," where GitHub accounts were breached using stolen Heroku and Travis-CI OAuth tokens). ",[],{},{"nodeType":1294,"data":1913,"content":1914},{},[1915,1919,1924],{"nodeType":1293,"value":1916,"marks":1917,"data":1918},"That said, none of these techniques come up as frequently as their usefulness would suggest. This means one of two things: ",[],{},{"nodeType":1293,"value":1920,"marks":1921,"data":1923},"either attackers aren’t yet using them widely or they are and we aren’t detecting them",[1922],{"type":312},{},{"nodeType":1293,"value":1925,"marks":1926,"data":1927},".",[],{},{"nodeType":1294,"data":1929,"content":1930},{},[1931],{"nodeType":1293,"value":1932,"marks":1933,"data":1934},"There is certainly a case to be made that attackers simply don’t need these newer techniques yet. Many organizations don’t have a way of discovering SaaS use in their organization yet, nevermind breached accounts, so new persistence techniques might be a bit more than necessary at the moment.",[],{},{"nodeType":1416,"data":1936,"content":1937},{},[1938],{"nodeType":1293,"value":1939,"marks":1940,"data":1941},"But would we know if it was happening?",[],{},{"nodeType":1294,"data":1943,"content":1944},{},[1945],{"nodeType":1293,"value":1946,"marks":1947,"data":1948},"On the other hand, there is certainly the possibility that these attacks are increasingly used, but are simply not being discovered. A strong argument in favor of this view is the difficulty in investigating these attacks. Very few SaaS apps provide enough logging capability to discover these attacks as a customer, this is true even for the biggest, most mature apps like Office 365 and Google Workspace unless you are on top license tiers. This is doubly true for attacks that use OAuth, with many apps providing no insight or details into actions made using OAuth-authenticated APIs. ",[],{},{"nodeType":1294,"data":1950,"content":1951},{},[1952,1956,1965,1969,1978],{"nodeType":1293,"value":1953,"marks":1954,"data":1955},"This suggests only the SaaS providers for these apps are really in a position to discover and investigate them. This does ring true when you consider that ",[],{},{"nodeType":1342,"data":1957,"content":1959},{"uri":1958},"https://blog.heroku.com/april-2022-incident-review",[1960],{"nodeType":1293,"value":1961,"marks":1962,"data":1964},"Heroku",[1963],{"type":1350},{},{"nodeType":1293,"value":1966,"marks":1967,"data":1968}," relied heavily on Github during the investigation (and in one case even the detection of) their 2022 breaches, and the same  seems true for a similar breach affecting ",[],{},{"nodeType":1342,"data":1970,"content":1972},{"uri":1971},"https://circleci.com/blog/jan-4-2023-incident-report/",[1973],{"nodeType":1293,"value":1974,"marks":1975,"data":1977},"CircleCI",[1976],{"type":1350},{},{"nodeType":1293,"value":1979,"marks":1980,"data":1981}," later that year. Github and CircleCI’s customers prompted the investigation after seeing strange behavior, but Github had access to the logs to investigate. It’s difficult to imagine that most or even many SaaS vendors have the resources or inclination to run these investigations effectively as GitHub appears to have.",[],{},{"nodeType":1294,"data":1983,"content":1984},{},[1985,1989,1999],{"nodeType":1293,"value":1986,"marks":1987,"data":1988},"So, are these attacks happening in the real world? My best guess is it’s a little bit of column A and a little bit of column B – there are likely not so many of these attacks happening yet, and when they do I suspect the vast majority go undetected. ",[],{},{"nodeType":1342,"data":1990,"content":1992},{"uri":1991},"https://www.youtube.com/watch?v=j95kNwZw8YY",[1993],{"nodeType":1293,"value":1994,"marks":1995,"data":1998},"But that’s just like my opinion, man.",[1996,1997],{"type":1350},{"type":312},{},{"nodeType":1293,"value":37,"marks":2000,"data":2001},[],{},{"nodeType":1294,"data":2003,"content":2004},{},[2005],{"nodeType":1293,"value":2006,"marks":2007,"data":2008},"This is part of the reason we think enabling red-teamers to try these techniques in anger is useful - this is the time-proven way to understand these risks.",[],{},{"nodeType":1320,"data":2010,"content":2011},{},[2012],{"nodeType":1293,"value":2013,"marks":2014,"data":2015},"What’s next?",[],{},{"nodeType":1294,"data":2017,"content":2018},{},[2019],{"nodeType":1293,"value":2020,"marks":2021,"data":2022},"We’ve barely scratched the surface, but perhaps there is enough here to get the discussion going. From past experience, discussion may not be enough, and it’s likely that live offensive work like penetration tests or more likely red-team exercises will be required to make the risks of using these techniques real for the wider security community. ",[],{},{"nodeType":1294,"data":2024,"content":2025},{},[2026],{"nodeType":1293,"value":2027,"marks":2028,"data":2029},"After all, seeing is believing. We think some more practical examples and tools to help red- teamers use these techniques on engagements will help drive awareness forward so we’ll be looking to build out this content.",[],{},{"nodeType":1294,"data":2031,"content":2032},{},[2033,2037,2046],{"nodeType":1293,"value":2034,"marks":2035,"data":2036},"We’ve started with pure networkless attacks that don’t touch customer networks or endpoints, but there are many useful techniques to connect the old endpoint world to the SaaS world. Consider stealing OAuth tokens from a thick client on an endpoint, or using a ",[],{},{"nodeType":1342,"data":2038,"content":2040},{"uri":2039},"https://github.blog/2023-07-18-security-alert-social-engineering-campaign-targets-technology-industry-employees/",[2041],{"nodeType":1293,"value":2042,"marks":2043,"data":2045},"backdoored github repo to get code execution on endpoints",[2044],{"type":1350},{},{"nodeType":1293,"value":1925,"marks":2047,"data":2048},[],{},{"nodeType":1294,"data":2050,"content":2051},{},[2052,2056,2063],{"nodeType":1293,"value":2053,"marks":2054,"data":2055},"Help us all better understand how widespread these attacks are by sharing some war stories - blueteams, have you seen these attacks in IR investigations? Red-teamers, have tried these or similar techniques against SaaS? Even better, we’d love some comments, discussions, or PRs on ",[],{},{"nodeType":1342,"data":2057,"content":2058},{"uri":1344},[2059],{"nodeType":1293,"value":1347,"marks":2060,"data":2062},[2061],{"type":1350},{},{"nodeType":1293,"value":2064,"marks":2065,"data":2066},"!",[],{},{"entries":2068},{"hyperlink":2069,"block":2070,"inline":2071},[],[],[],{"items":2073},[2074,2078],{"sys":2075,"name":2077},{"id":2076},"3SA5H01UkKauuiTdt0KC6q","Shadow IT",{"sys":2079,"name":2081},{"id":2080},"3pjES4THCIfSAwhGdNwBcy","Identity security",{"items":2083},[2084,2421],{"__typename":2085,"sys":2086,"content":2088,"title":2401,"synopsis":2402,"hashTags":118,"publishedDate":2403,"slug":2404,"tagsCollection":2405,"authorsCollection":2413},"BlogPosts",{"id":2087},"2cLFeaDTWWdZ8G8U12qmiZ",{"json":2089},{"data":2090,"content":2091,"nodeType":1295},{},[2092,2099,2106,2113,2120,2127,2134,2141,2148,2155,2162,2169,2193,2213,2220,2227,2234,2297,2321,2340,2347,2354,2361,2368,2375,2382],{"data":2093,"content":2094,"nodeType":1320},{},[2095],{"data":2096,"marks":2097,"value":2098,"nodeType":1293},{},[],"Prevention isn’t always the answer",{"data":2100,"content":2101,"nodeType":1294},{},[2102],{"data":2103,"marks":2104,"value":2105,"nodeType":1293},{},[],"As a security team, our job is to help our company achieve its goals by taking risks securely. Simply using a computer represents a risk over the more traditional pen and paper, but the productivity gains clearly outweigh the risk; so the security team ensures the business takes that risk securely. Outright prevention - i.e. not using a computer - in this case, makes no sense.",{"data":2107,"content":2108,"nodeType":1294},{},[2109],{"data":2110,"marks":2111,"value":2112,"nodeType":1293},{},[],"Of course, within how the computer operates we might choose to prevent some functionality in the name of security, but the principle remains the same - prevention usually requires a trade-off against productivity.",{"data":2114,"content":2115,"nodeType":1320},{},[2116],{"data":2117,"marks":2118,"value":2119,"nodeType":1293},{},[],"Detection, but at the cost of privacy",{"data":2121,"content":2122,"nodeType":1294},{},[2123],{"data":2124,"marks":2125,"value":2126,"nodeType":1293},{},[],"When a base level of security became more common (through better awareness, accessible knowledge, and sensible vendor defaults), attackers shifted to using techniques that couldn’t be prevented because the business relied on the underlying tools - a malicious Word doc, a sneaky PowerShell script, a dodgy PDF.",{"data":2128,"content":2129,"nodeType":1294},{},[2130],{"data":2131,"marks":2132,"value":2133,"nodeType":1293},{},[],"Now prevention wasn’t an option, the security team had to monitor usage for malicious activity. But monitoring comes at a cost. To detect when malicious activity happens, the security team needs to monitor all activity, including legitimate activity. So, while a detection approach doesn’t restrict what a user can do, it comes at the cost of their privacy.",{"data":2135,"content":2136,"nodeType":1320},{},[2137],{"data":2138,"marks":2139,"value":2140,"nodeType":1293},{},[],"Building trust with your users",{"data":2142,"content":2143,"nodeType":1294},{},[2144],{"data":2145,"marks":2146,"value":2147,"nodeType":1293},{},[],"In either case, when introducing security controls you should aim to justify and explain this decision to your users, remembering that security’s job is to help them do their jobs securely - it shouldn’t be for them to figure out how to do their jobs within the confines of what the security team has decided is OK. A security team should be more like the secret service, than the prison service.",{"data":2149,"content":2150,"nodeType":1294},{},[2151],{"data":2152,"marks":2153,"value":2154,"nodeType":1293},{},[],"Although, of course, many employees won’t have much interest in the motivations of their IT/security team, maintaining this attitude will help you build and keep trust with them. With trust in hand, employees will be less likely to try to work around your controls.",{"data":2156,"content":2157,"nodeType":1320},{},[2158],{"data":2159,"marks":2160,"value":2161,"nodeType":1293},{},[],"SaaS - the new frontier",{"data":2163,"content":2164,"nodeType":1294},{},[2165],{"data":2166,"marks":2167,"value":2168,"nodeType":1293},{},[],"In recent years, our computers are mostly just windows to the Internet - many users access their email, video conferencing, productivity suites and more via their browser (or Electron apps pretending they aren’t browsers).",{"data":2170,"content":2171,"nodeType":1294},{},[2172,2176,2181,2185,2189],{"data":2173,"marks":2174,"value":2175,"nodeType":1293},{},[],"And, as is often the way, we’re relearning the same lessons as before. Should employees be ",{"data":2177,"marks":2178,"value":2180,"nodeType":1293},{},[2179],{"type":312},"allowed",{"data":2182,"marks":2183,"value":2184,"nodeType":1293},{},[]," to sign up for and use arbitrary SaaS platforms? Should employees be ",{"data":2186,"marks":2187,"value":2180,"nodeType":1293},{},[2188],{"type":312},{"data":2190,"marks":2191,"value":2192,"nodeType":1293},{},[]," to add arbitrary apps into Microsoft 365, Google Workspace, or other SaaS platforms?",{"data":2194,"content":2195,"nodeType":1294},{},[2196,2200,2209],{"data":2197,"marks":2198,"value":2199,"nodeType":1293},{},[],"Regardless of your answer, your coworkers have already spoken and it’s almost certainly already happening. A ",{"data":2201,"content":2203,"nodeType":1342},{"uri":2202},"https://track.g2.com/resources/shadow-it-statistics",[2204],{"data":2205,"marks":2206,"value":2208,"nodeType":1293},{},[2207],{"type":1350},"report from G2",{"data":2210,"marks":2211,"value":2212,"nodeType":1293},{},[]," stated that 80% of workers admit to using SaaS applications at work without getting approval from IT. If you want to enable your colleagues’ productivity, prevention, it would seem, isn’t an option.",{"data":2214,"content":2215,"nodeType":1320},{},[2216],{"data":2217,"marks":2218,"value":2219,"nodeType":1293},{},[],"The risks of SaaS",{"data":2221,"content":2222,"nodeType":1294},{},[2223],{"data":2224,"marks":2225,"value":2226,"nodeType":1293},{},[],"So how do we secure the company in this new way of working? We still have plenty to consider.",{"data":2228,"content":2229,"nodeType":1294},{},[2230],{"data":2231,"marks":2232,"value":2233,"nodeType":1293},{},[],"We can start thinking about SaaS not just as an allow or not to allow, but taking a more flexible and pragmatic approach, asking questions like::",{"data":2235,"content":2236,"nodeType":1557},{},[2237,2247,2257,2267,2277,2287],{"data":2238,"content":2239,"nodeType":1561},{},[2240],{"data":2241,"content":2242,"nodeType":1294},{},[2243],{"data":2244,"marks":2245,"value":2246,"nodeType":1293},{},[],"What kind of data users are entering into these third-party platforms?",{"data":2248,"content":2249,"nodeType":1561},{},[2250],{"data":2251,"content":2252,"nodeType":1294},{},[2253],{"data":2254,"marks":2255,"value":2256,"nodeType":1293},{},[],"How much do we trust the controls the third-party has in place?",{"data":2258,"content":2259,"nodeType":1561},{},[2260],{"data":2261,"content":2262,"nodeType":1294},{},[2263],{"data":2264,"marks":2265,"value":2266,"nodeType":1293},{},[],"Are those controls appropriate for the data? ",{"data":2268,"content":2269,"nodeType":1561},{},[2270],{"data":2271,"content":2272,"nodeType":1294},{},[2273],{"data":2274,"marks":2275,"value":2276,"nodeType":1293},{},[],"Is this platform redundant with the other services we use (e.g. “we use Google Drive, not Dropbox”)? ",{"data":2278,"content":2279,"nodeType":1561},{},[2280],{"data":2281,"content":2282,"nodeType":1294},{},[2283],{"data":2284,"marks":2285,"value":2286,"nodeType":1293},{},[],"Does IT or security need to manage accounts for joiners/leavers?",{"data":2288,"content":2289,"nodeType":1561},{},[2290],{"data":2291,"content":2292,"nodeType":1294},{},[2293],{"data":2294,"marks":2295,"value":2296,"nodeType":1293},{},[],"Does this platform impact our compliance? (e.g. does storing this data on this platform compromise our GDPR status?)",{"data":2298,"content":2299,"nodeType":1294},{},[2300,2304,2317],{"data":2301,"marks":2302,"value":2303,"nodeType":1293},{},[],"No one said it would be easy 🙃 and it’s easy to see why many organizations initially opt to simply try to block users from using such systems. Assessing each application can be daunting using traditional third-party security assessment techniques - we’ve written a ",{"data":2305,"content":2311,"nodeType":2316},{"target":2306},{"sys":2307},{"id":2308,"type":2309,"linkType":2310},"3PqX7fLrTIYhWjbEhHSRHG","Link","Entry",[2312],{"data":2313,"marks":2314,"value":2315,"nodeType":1293},{},[],"short guide","entry-hyperlink",{"data":2318,"marks":2319,"value":2320,"nodeType":1293},{},[]," on how to approach security auditing in a world of SaaS, which you might find useful.",{"data":2322,"content":2323,"nodeType":1294},{},[2324,2328,2336],{"data":2325,"marks":2326,"value":2327,"nodeType":1293},{},[],"But the first step in managing this new world is through visibility. Knowing the problem is half the battle and we published ",{"data":2329,"content":2331,"nodeType":1342},{"uri":2330},"https://pushsecurity.com/blog/rolling-your-own-saas-discovery/",[2332],{"data":2333,"marks":2334,"value":2335,"nodeType":1293},{},[],"an article",{"data":2337,"marks":2338,"value":2339,"nodeType":1293},{},[]," about how to manually find the SaaS apps your employees are using. The problem is, a lot of them are either error-prone or quite invasive, potentially collecting your users private activity. In the trade-off of security versus privacy, we think that’s a bit too far and will likely damage the trust you’ve built with your coworkers.",{"data":2341,"content":2342,"nodeType":1320},{},[2343],{"data":2344,"marks":2345,"value":2346,"nodeType":1293},{},[],"Monitoring SaaS use without compromising privacy",{"data":2348,"content":2349,"nodeType":1294},{},[2350],{"data":2351,"marks":2352,"value":2353,"nodeType":1293},{},[],"Our approach at Push is to deploy our browser extension to our users’ browsers which is configured with the domains we use for work (e.g. @pushsecurity.com). The browser extension only monitors logins where an @pushsecurity.com email address is used, which we can reasonably assume means the platform is being used for work reasons.",{"data":2355,"content":2356,"nodeType":1294},{},[2357],{"data":2358,"marks":2359,"value":2360,"nodeType":1293},{},[],"We share this with employees up front during the onboarding process and, if you click on the browser extension, it also lets you know which domains it’s monitoring:",{"data":2362,"content":2366,"nodeType":2367},{"target":2363},{"sys":2364},{"id":2365,"type":2309,"linkType":2310},"6z1apzuDIaXXN7xIAHEUku",[],"embedded-entry-block",{"data":2369,"content":2370,"nodeType":1294},{},[2371],{"data":2372,"marks":2373,"value":2374,"nodeType":1293},{},[],"This helps our users understand why we are monitoring which SaaS they’re using which in turn makes them aware of the risk we are managing and why.",{"data":2376,"content":2377,"nodeType":1294},{},[2378],{"data":2379,"marks":2380,"value":2381,"nodeType":1293},{},[],"With this approach we’ve built a comprehensive picture of which SaaS platforms our team is using which has helped us understand where our data lives and which platforms need extra attention to ensure we have all the right controls in place. When our users use a new platform we can reach out to them at the start of their journey to understand what they’re trying to achieve and how we can help them do it securely.",{"data":2383,"content":2384,"nodeType":1294},{},[2385,2388,2397],{"data":2386,"marks":2387,"value":37,"nodeType":1293},{},[],{"data":2389,"content":2391,"nodeType":1342},{"uri":2390},"https://pushsecurity.com/features/saas-discovery",[2392],{"data":2393,"marks":2394,"value":2396,"nodeType":1293},{},[2395],{"type":1350},"Learn more about how Push can discover SaaS apps your employees are using",{"data":2398,"marks":2399,"value":2400,"nodeType":1293},{},[]," without compromising their privacy. ","How to discover SaaS use without invading employee privacy","Learn how to manage SaaS in a way that keeps employees productive and doesn't compromise privacy.","2022-08-22T00:00:00.000Z","how-to-discover-saas-use-without-invading-employee-privacy",{"items":2406},[2407,2409],{"sys":2408,"name":2077},{"id":2076},{"sys":2410,"name":2412},{"id":2411},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"items":2414},[2415],{"fullName":2416,"firstName":2417,"jobTitle":2418,"profilePicture":2419},"Andy Waugh","Andy","VP Product",{"url":2420},"https://images.ctfassets.net/y1cdw1ablpvd/3Rf76rJn6S9inMb4dUnAIJ/0a787f8141d05b95300e2fe77c4493fa/DSC_6868.jpg",{"__typename":2085,"sys":2422,"content":2424,"title":2754,"synopsis":2755,"hashTags":118,"publishedDate":2756,"slug":2757,"tagsCollection":2758,"authorsCollection":2764},{"id":2423},"4LOMe7ez5adQtwbPireIBc",{"json":2425},{"data":2426,"content":2427,"nodeType":1295},{},[2428,2435,2456,2463,2470,2477,2484,2491,2498,2505,2512,2519,2526,2533,2540,2556,2563,2570,2577,2584,2591,2598,2617,2624,2631,2638,2645,2652,2661,2694,2702,2735],{"data":2429,"content":2430,"nodeType":1294},{},[2431],{"data":2432,"marks":2433,"value":2434,"nodeType":1293},{},[],"As part of your larger cloud security strategy, you’ve likely been asked to focus on how to secure SaaS apps used in your company. The first step to securing SaaS is getting a real sense of what platforms employees are actually using, beyond those that you already know about. Since SaaS is so easy for employees to adopt and start using without any input from IT and security, they’re likely using hundreds of SaaS apps that aren’t even on your radar. The first step in securing something is getting full visibility into what you even need to secure in the first place. ",{"data":2436,"content":2437,"nodeType":1294},{},[2438,2442,2452],{"data":2439,"marks":2440,"value":2441,"nodeType":1293},{},[],"To help guide folks through how you might do SaaS discovery on your own, we wrote an ",{"data":2443,"content":2447,"nodeType":2316},{"target":2444},{"sys":2445},{"id":2446,"type":2309,"linkType":2310},"45iZ69EdPF4629gZ6yf7p5",[2448],{"data":2449,"marks":2450,"value":2451,"nodeType":1293},{},[],"article",{"data":2453,"marks":2454,"value":2455,"nodeType":1293},{},[]," about how to manually find what apps employees are using. In it, we explored how to analyze data that you already have on hand to find the unknown apps (shadow IT) used within your business. That’s a pretty significant manual effort, though, and most security teams don’t have the resources to do it. Plus, while these manual attempts can chip away at the SaaS discovery process, none are great at giving you a comprehensive view of SaaS use, nor do they keep up with the constant influx of apps employees are signing up for daily. ",{"data":2457,"content":2458,"nodeType":1294},{},[2459],{"data":2460,"marks":2461,"value":2462,"nodeType":1293},{},[],"To get truly broad coverage of what SaaS employees are using, you need a large dataset of SaaS apps, the domains associated with them, and this dataset must constantly be updated and expanded to include new apps that are launched every day. ",{"data":2464,"content":2465,"nodeType":1294},{},[2466],{"data":2467,"marks":2468,"value":2469,"nodeType":1293},{},[],"Unless you can find such a dataset, you must create it. And creating a constantly updated dataset is no small undertaking. That’s why there are so many off-the-shelf solutions and tools that focus solely on SaaS discovery these days. Many say that they are full-scale SaaS security platforms, but what that means isn’t always clear, even after reading product marketing materials. If you were to look at a venn diagram of “SaaS security platforms,” you’d have a giant mess of interlocking circles, with some shared activities amongst all (or most) tools and then vastly different features from that core functionality.",{"data":2471,"content":2472,"nodeType":1294},{},[2473],{"data":2474,"marks":2475,"value":2476,"nodeType":1293},{},[],"How “good” they are at SaaS discovery really depends on what data they’re using, what they have access to within your environment, the quality of their proprietary datasets (breadth, depth, and timeliness of that data), and how they work with your existing data and tools. To help navigate this mess, we’re sharing some pros and cons of the categories of commercial tools on the market.",{"data":2478,"content":2479,"nodeType":1294},{},[2480],{"data":2481,"marks":2482,"value":2483,"nodeType":1293},{},[],"To determine which solution you need, you need to consider your tech stack, your specific needs, your risk tolerance, and your short and long term objectives. In this article, we’ll break down some major use cases and match them up with what solutions make the most sense to address them.",{"data":2485,"content":2486,"nodeType":1416},{},[2487],{"data":2488,"marks":2489,"value":2490,"nodeType":1293},{},[],"You’re a large enterprise interested in securing core SaaS platforms",{"data":2492,"content":2493,"nodeType":1294},{},[2494],{"data":2495,"marks":2496,"value":2497,"nodeType":1293},{},[],"\nWorking to only secure 20 or so core applications that have already been sanctioned by the security team? A cloud security posture management (CSPM) or SaaS security posture management (SSPM) solution might be the answer you’re looking for, particularly if you’re on the highest tier license for those apps. ",{"data":2499,"content":2500,"nodeType":1294},{},[2501],{"data":2502,"marks":2503,"value":2504,"nodeType":1293},{},[],"You can make the most of these tools during in-depth investigations or threat hunting exercises. Leverage them to enforce custom SaaS or cloud app policies as well. The caveat with this one is that you’ll need a fairly sophisticated security team to manage, customize, and run SSPM and CSPM tools.",{"data":2506,"content":2507,"nodeType":1294},{},[2508],{"data":2509,"marks":2510,"value":2511,"nodeType":1293},{},[],"An ideal environment for these solutions is one that has a full SOC capability so that you extend your existing security monitoring and threat hunting coverage into these core SaaS platforms. You’ll be able to secure a small handful of your business critical applications as long as they’re large and well-established platforms. ",{"data":2513,"content":2514,"nodeType":1294},{},[2515],{"data":2516,"marks":2517,"value":2518,"nodeType":1293},{},[],"The reason you’ll need top-level licenses and well-established SaaS platforms to make these solutions work is because they rely on API data from those SaaS platforms. Those mature APIs provide necessary information about those core apps that CSPMs and SSPMs use to provide security insights you need to manage the risks. Unfortunately, they won’t cover the dozens of smaller SaaS apps most organizations use, and are normally only available on top license tiers.",{"data":2520,"content":2521,"nodeType":1416},{},[2522],{"data":2523,"marks":2524,"value":2525,"nodeType":1293},{},[],"You’re a more traditional, on-prem enterprise interested in blocking unsanctioned SaaS",{"data":2527,"content":2528,"nodeType":1294},{},[2529],{"data":2530,"marks":2531,"value":2532,"nodeType":1293},{},[],"If your environment is traditional on-site internal networks and you have mature gateway monitoring technology in place already, a cloud access security broker (CASB) may be your best path to securing cloud apps. CASBs work best if you have no employees working from home or on the road or you’re forcing employees to only access work platforms and internet browsers through your corporate VPN.",{"data":2534,"content":2535,"nodeType":1294},{},[2536],{"data":2537,"marks":2538,"value":2539,"nodeType":1293},{},[],"CASBs typically pull network data such as DNS, SASE, VPN, proxy, and firewall logs. They may also require that you install an agent on each employees’ devices if you want coverage when they are out of the office. ",{"data":2541,"content":2542,"nodeType":1294},{},[2543,2547,2552],{"data":2544,"marks":2545,"value":2546,"nodeType":1293},{},[],"With those data sources, they provide good aggregate information about SaaS platforms that are accessed. What they ",{"data":2548,"marks":2549,"value":2551,"nodeType":1293},{},[2550],{"type":312},"can’t do well",{"data":2553,"marks":2554,"value":2555,"nodeType":1293},{},[]," is provide any insight into how the SaaS app is being used, by which employees (you typically get IP addresses not user names), and for what purpose - as an example, they are typically not able to tell the difference between opening a SaaS product’s homepage, or actually logging into the application - so you are going to have a fairly large number of false positives. ",{"data":2557,"content":2558,"nodeType":1294},{},[2559],{"data":2560,"marks":2561,"value":2562,"nodeType":1293},{},[],"A CASB also really makes sense if you’re forced into complying with strict regulatory requirements to block everything until you’re able to do an in-depth due diligence process on each app. If your goal (or need) is to block access to unknown, unvetted, or unsanctioned SaaS at the network level with no exceptions, a CASB might be for you.",{"data":2564,"content":2565,"nodeType":1416},{},[2566],{"data":2567,"marks":2568,"value":2569,"nodeType":1293},{},[],"You’re a cloud-native company who wants to enable SaaS without introducing too much risk",{"data":2571,"content":2572,"nodeType":1294},{},[2573],{"data":2574,"marks":2575,"value":2576,"nodeType":1293},{},[],"For cloud-native companies that need better coverage, and are looking for more nuanced controls than network-level blocking, a solution that discovers and secures SaaS through the browser is the way to go. Since employees access SaaS through their browser, it’s a logical step to collect data about who is using what apps through a browser extension. ",{"data":2578,"content":2579,"nodeType":1294},{},[2580],{"data":2581,"marks":2582,"value":2583,"nodeType":1293},{},[],"The browser approach lets you do true SaaS discovery - so you can find what employees are actually using (not just accessing) and then go about securing those apps. You also don’t need to do much in terms of managing a browser-based solution once it’s set up. It simply runs in the background and surfaces employee SaaS use data into a dashboard. ",{"data":2585,"content":2586,"nodeType":1294},{},[2587],{"data":2588,"marks":2589,"value":2590,"nodeType":1293},{},[],"By combining browser-level data and robust security APIs from those core business platforms that SSPMs typically tap into, you can get broad visibility of SaaS use in your company for those large in number, but less mature, more up-and-coming apps, and the depth of security data you need for those few core apps that most employees are using. ",{"data":2592,"content":2593,"nodeType":1294},{},[2594],{"data":2595,"marks":2596,"value":2597,"nodeType":1293},{},[],"The other key benefit of a browser-based approach for SaaS discovery is that you can get incredibly powerful data about who is using the app, how they’re using it, if they’re using security features such as MFA, if they’re reusing passwords across multiple apps, if they’re sharing passwords, when they’ve used it last, and so on. That data is critical when it comes to securing SaaS because the devil truly is in the details. ",{"data":2599,"content":2600,"nodeType":1294},{},[2601,2605,2613],{"data":2602,"marks":2603,"value":2604,"nodeType":1293},{},[],"If we’ve piqued your interest and you’re curious to see what we can discover about SaaS in your business, ",{"data":2606,"content":2608,"nodeType":1342},{"uri":2607},"https://login.pushsecurity.com/",[2609],{"data":2610,"marks":2611,"value":2612,"nodeType":1293},{},[],"try the free browser extension",{"data":2614,"marks":2615,"value":2616,"nodeType":1293},{},[],". ",{"data":2618,"content":2619,"nodeType":1416},{},[2620],{"data":2621,"marks":2622,"value":2623,"nodeType":1293},{},[],"Consider their data sources  ",{"data":2625,"content":2626,"nodeType":1294},{},[2627],{"data":2628,"marks":2629,"value":2630,"nodeType":1293},{},[],"The critical thing to understand when you’re evaluating if a solution will work for you would be understanding what their data sources are, what weaknesses those data sources inherently have, and what aligns best with your goals. We’ve tried to surface some of that information within the use cases in this article.",{"data":2632,"content":2633,"nodeType":1294},{},[2634],{"data":2635,"marks":2636,"value":2637,"nodeType":1293},{},[],"So if you’re looking at an EDR that says they can discover SaaS usage, they’ll likely be leveraging endpoint data to detect SaaS use. If you’re looking at CASBs that integrate with your proxy, they’re probably looking at network level data – you get the idea.  ",{"data":2639,"content":2640,"nodeType":1416},{},[2641],{"data":2642,"marks":2643,"value":2644,"nodeType":1293},{},[],"Conclusion",{"data":2646,"content":2647,"nodeType":1294},{},[2648],{"data":2649,"marks":2650,"value":2651,"nodeType":1293},{},[],"To wrap this up, we’re going to summarize some key points and provide some questions to ask yourself, your team, or even the vendor of the solution you’re evaluating, as you consider what combination of efforts or what tool is right for you. ",{"data":2653,"content":2654,"nodeType":1294},{},[2655],{"data":2656,"marks":2657,"value":2660,"nodeType":1293},{},[2658],{"type":2659},"bold","Does this solution provide SaaS discovery?",{"data":2662,"content":2663,"nodeType":1557},{},[2664,2674,2684],{"data":2665,"content":2666,"nodeType":1561},{},[2667],{"data":2668,"content":2669,"nodeType":1294},{},[2670],{"data":2671,"marks":2672,"value":2673,"nodeType":1293},{},[],"Will this tool find what SaaS apps employees are using, including those you don’t already know about? If so, how? ",{"data":2675,"content":2676,"nodeType":1561},{},[2677],{"data":2678,"content":2679,"nodeType":1294},{},[2680],{"data":2681,"marks":2682,"value":2683,"nodeType":1293},{},[],"Will the tool be able to differentiate between a user visiting a SaaS website, and actually logging into the app? How will it determine who the user is?",{"data":2685,"content":2686,"nodeType":1561},{},[2687],{"data":2688,"content":2689,"nodeType":1294},{},[2690],{"data":2691,"marks":2692,"value":2693,"nodeType":1293},{},[],"If the tool doesn’t provide you with SaaS discovery (finding Shadow IT and the apps employees are using that aren’t on your radar), how will you deal with those apps employees are using without your knowledge?",{"data":2695,"content":2696,"nodeType":1294},{},[2697],{"data":2698,"marks":2699,"value":2701,"nodeType":1293},{},[2700],{"type":2659},"Does the tool provide enough context so you can manage SaaS risk?",{"data":2703,"content":2704,"nodeType":1557},{},[2705,2715,2725],{"data":2706,"content":2707,"nodeType":1561},{},[2708],{"data":2709,"content":2710,"nodeType":1294},{},[2711],{"data":2712,"marks":2713,"value":2714,"nodeType":1293},{},[],"Are you getting context about how your users are using apps (are they logging in with social logins or passwords, do they have MFA enabled, are they admins on the app, etc.), or is it only providing generic information about the app?",{"data":2716,"content":2717,"nodeType":1561},{},[2718],{"data":2719,"content":2720,"nodeType":1294},{},[2721],{"data":2722,"marks":2723,"value":2724,"nodeType":1293},{},[],"How will you engage employees that already rely on these SaaS platforms, or want to adopt new apps, can you handle that though email or in-person - or do you need something more scalable?",{"data":2726,"content":2727,"nodeType":1561},{},[2728],{"data":2729,"content":2730,"nodeType":1294},{},[2731],{"data":2732,"marks":2733,"value":2734,"nodeType":1293},{},[],"Do you need the ability to apply progressive controls, or simply need the ability to block apps entirely?",{"data":2736,"content":2737,"nodeType":1294},{},[2738,2742,2750],{"data":2739,"marks":2740,"value":2741,"nodeType":1293},{},[],"\nIf you aren’t sure about these questions, why not consider what a ",{"data":2743,"content":2745,"nodeType":1342},{"uri":2744},"/product",[2746],{"data":2747,"marks":2748,"value":2749,"nodeType":1293},{},[],"user-powered security approach",{"data":2751,"marks":2752,"value":2753,"nodeType":1293},{},[]," might look like for your organization.","How to find the right SaaS security solution for your organization ","In this guide, we’ll break down some major SaaS use cases and match them up with solutions that can address them, covering pros and cons for each.\n","2022-07-25T00:00:00.000Z","how-to-find-the-right-saas-security-solution-for-your-organization",{"items":2759},[2760,2762],{"sys":2761,"name":2077},{"id":2076},{"sys":2763,"name":2412},{"id":2411},{"items":2765},[2766],{"fullName":2767,"firstName":2768,"jobTitle":2769,"profilePicture":2770},"Jacques Louw","Jacques","Co-founder / CRO",{"url":2771},"https://images.ctfassets.net/y1cdw1ablpvd/39m8bektV23lnCRcEq0G8h/2a08f6276a50744f1a4b499b273f6bb2/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-21.jpg",{"items":2773},[2774],{"fullName":2775,"firstName":2776,"jobTitle":2777,"profilePicture":2778},"Sally Soulliere","Sally","Head of Brand & Content",{"url":2779},"https://images.ctfassets.net/y1cdw1ablpvd/7Gh4SbbEj6Zsbd6OzGto8Q/885041a4ddeccc5ef3045c0e22975ef4/T016S22KZ96-U036FPETQRH-330f87708d26-192.jpeg","content:blog:embrace-saas-to-move-faster-than-your-competitors.json","json","content","blog/embrace-saas-to-move-faster-than-your-competitors.json","blog/embrace-saas-to-move-faster-than-your-competitors",1776359992340]