[{"data":1,"prerenderedAt":3706},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":95,"navbar-about-highlight":155,"navbar-resource-highlight":211,"use-case-page":256,"blog/focus-on-account-security-to-reduce-saas-risks":1276},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8,59,76],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":14,"data":15,"variations":50,"lastUpdated":51,"firstPublished":52,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":54,"meta":55,"rev":58},1742213002749,"efff2a27faf4408e9f908eba4b5542fe","inductive-automation","1c6207a5f24948ab82d4a0b17f251193","published",[],{"testimonial":16,"description":43,"type":19,"link":44,"title":47,"testimonialLink":48,"image":49},{"@type":17,"id":18,"model":19,"value":20},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79","testimonial",{"query":21,"folders":22,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":26,"variations":30,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":35,"rev":42},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":27,"jobTitle":28,"quote":24,"image":29},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,1,"ST0tXQM8slWpFrmioqKHmENB2qe2",{"kind":36,"lastPreviewUrl":37,"breakpoints":38,"hasAutosaves":41},"data","",{"small":39,"medium":40},640,768,true,"3v32gocrrqz","Join the industry's top security minds as they break down the browser attack landscape.",{"url":45,"text":46},"https://pushsecurity.com/webinar/state-of-browser-security","Save Your Spot","State of Browser Attacks Series","/customer-stories/inductive-automation","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe94fca10aa7b46ac8052b7ea22de54cd",{},1776257019270,1742221533648,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2",[],{"breakpoints":56,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},320,"motto9r9yg",{"createdDate":60,"id":61,"name":62,"modelId":12,"published":13,"query":63,"data":64,"variations":69,"lastUpdated":70,"firstPublished":71,"testRatio":33,"createdBy":53,"lastUpdatedBy":72,"folders":73,"meta":74,"rev":58},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner",[],{"type":65,"url":66,"text":67,"link":68},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,"jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":36,"lastPreviewUrl":37,"breakpoints":75,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},{"createdDate":77,"id":78,"name":79,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":80,"data":81,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":92,"meta":93,"rev":58},1742208469288,"6763051b201f44a0838c6400c580ca67","Resource highlight",[],{"image":82,"type":83,"description":84,"link":85,"title":88},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9","resource","Learn about the latest techniques being used in the wild.",{"url":86,"text":87},"/resources/browser-attacks-report","Download now","Report: 2026 Browser Attack Techniques",{},1776255866789,1742208570400,[],{"kind":36,"lastPreviewUrl":37,"breakpoints":94,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},{"createdDate":96,"id":97,"name":98,"modelId":99,"published":13,"query":100,"data":101,"variations":145,"lastUpdated":146,"firstPublished":147,"testRatio":33,"createdBy":34,"lastUpdatedBy":148,"folders":149,"meta":150,"rev":154},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":102,"text":103,"url":37,"blocks":104,"state":141},"ewrererw","testrfesssssssssss",[105,129],{"@type":106,"@version":107,"id":108,"component":109,"responsiveStyles":119},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":110,"tag":110,"options":111,"isRSC":118},"TopBannerContent",{"text":112,"ctaText":46,"url":45,"mainText":113,"cta":116},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks",{"content":114,"fontSize":115},"\u003Cp>New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks\u003C/p>","text-base",{"content":117,"fontSize":115,"url":45},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">Save Your Spot\u003C/strong>\u003C/p>\n",null,{"large":120},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"marginTop":126,"marginBottom":126,"fontSize":127,"fontWeight":128},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":130,"@type":106,"tagName":131,"properties":132,"responsiveStyles":136},"builder-pixel-08zrjigffq5t","img",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":137},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},"block","hidden","none",{"deviceSize":142,"location":143},"large",{"path":37,"query":144},{},{},1775137295127,1774968080803,"ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"breakpoints":151,"hasLinks":6,"kind":152,"lastPreviewUrl":153,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","2lvuonnywj",[156,180],{"createdDate":157,"id":158,"name":159,"modelId":160,"published":13,"stageModifiedSincePublish":6,"query":161,"data":162,"variations":173,"lastUpdated":174,"firstPublished":175,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":176,"meta":177,"rev":179},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":163,"type":19,"testimonialLink":48,"testimonial":164},{},{"@type":17,"id":18,"model":19,"value":165},{"query":166,"folders":167,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":168,"variations":169,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":170,"rev":172},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":171,"hasAutosaves":41},{"small":39,"medium":40},"7t755zfvte3",{},1776247404986,1776247404973,[],{"breakpoints":178,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"4moh0qpywtr",{"createdDate":181,"id":182,"name":88,"modelId":160,"published":13,"meta":183,"stageModifiedSincePublish":6,"query":185,"data":186,"variations":207,"lastUpdated":208,"firstPublished":209,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":210,"rev":179},1776255761419,"05a9322735fc427db12e2740e4302300",{"breakpoints":184,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":187,"link":206,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":189},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":190,"folders":191,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":194,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":203,"rev":205},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":36,"lastPreviewUrl":37,"breakpoints":204,"hasAutosaves":41},{"small":39,"medium":40},"6s8ic0w0ao6",{"text":87,"url":86},{},1776255810913,1776255810900,[],[212,235],{"createdDate":213,"id":214,"name":88,"modelId":215,"published":13,"meta":216,"stageModifiedSincePublish":6,"query":218,"data":219,"variations":230,"lastUpdated":231,"firstPublished":232,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":233,"rev":234},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":217,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":220,"link":229,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":221},{"query":222,"folders":223,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":224,"variations":225,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":226,"rev":228},[],[],{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":227,"hasAutosaves":41},{"small":39,"medium":40},"r77qqueuo3j",{"text":87,"url":86},{},1776256937553,1776256937540,[],"q0jkez80wkg",{"createdDate":236,"id":237,"name":11,"modelId":215,"published":13,"stageModifiedSincePublish":6,"query":238,"data":239,"variations":250,"lastUpdated":251,"firstPublished":252,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":253,"meta":254,"rev":234},1776256949234,"ce043785b71b4ece98eac811ecf4ba10",[],{"link":240,"type":19,"testimonial":241,"testimonialLink":48},{},{"@type":17,"id":18,"model":19,"value":242},{"query":243,"folders":244,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":245,"variations":246,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":247,"rev":249},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":248,"hasAutosaves":41},{"small":39,"medium":40},"mnaneamy308",{},1776256974140,1776256974130,[],{"breakpoints":255,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[257,441,560,679,797,917,1037,1157],{"createdDate":258,"id":259,"name":260,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":262,"data":268,"variations":429,"lastUpdated":430,"firstPublished":431,"testRatio":33,"screenshot":432,"createdBy":34,"lastUpdatedBy":433,"folders":434,"meta":435,"rev":440},1744829487099,"387451215c314dd5bd654668cdc1a197","Zero-day phishing","cca4143377554c5a9163cc203a8ed2ba",[263],{"@type":264,"property":265,"operator":266,"value":267},"@builder.io/core:Query","urlPath","is","/uc/zero-day-phishing-protection",{"inputs":269,"customFonts":270,"seoTitle":318,"title":318,"tsCode":37,"seoDescription":319,"fontAwesomeIcon":320,"jsCode":37,"blocks":321,"url":267,"state":426},[],[271],{"family":272,"kind":273,"version":274,"lastModified":275,"files":276,"category":295,"menu":296,"subsets":297,"variants":300},"DM Sans","webfonts#webfont","v14","2023-07-13",{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"900italic":286,"700italic":287,"100italic":288,"italic":289,"regular":290,"200italic":291,"500italic":292,"300italic":293,"600italic":294},"https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAop1hTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwA_JxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAkJxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAfJthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwARZthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAC5thTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8gCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9uCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDG3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-7DW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat_XDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9XCm3zRmYJpso5.ttf","sans-serif","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRT23z.ttf",[298,299],"latin","latin-ext",[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"100","200","300","regular","500","600","800","900","100italic","200italic","300italic","italic","500italic","600italic","700italic","800italic","900italic","Zero-day phishing protection","Detect phishing TTPs directly in the browser and stop credential theft.","faFishingRod",[322,421],{"@type":106,"@version":107,"tagName":323,"id":324,"children":325},"div","builder-76c6b8d1499346c7bc1fd56ae4e93638",[326,343,351,358,370,385,396,407,413],{"@type":106,"@version":107,"layerName":327,"id":328,"component":329,"responsiveStyles":340},"UseCaseHero","builder-5228fe062bef4a40a91e43f1112832fa",{"name":327,"options":330,"isRSC":118},{"title":318,"description":331,"points":332,"video":339},"\u003Cp>Push detects phishing as it happens. Autonomous agents hunt for new phishing techniques, identify kit signatures, and deploy detections within minutes of a new attack being analyzed. From cloned login pages to AiTM credential harvesting, Push sees what traditional filters miss and stops threats before they escalate.\u003C/p>",[333,335,337],{"item":334},"Detect phishing that bypasses traditional filters, including AiTM, SSO password theft, and fake login pages",{"item":336},"Stop never-before-seen attacks with AI-native behavioral and on-page analysis inside the browser",{"item":338},"Investigate faster with unified browser, user, and page context","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F40433ceeb4f94b43a82e039a0f4fd411%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=40433ceeb4f94b43a82e039a0f4fd411&alt=media&optimized=true",{"large":341},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},"transparent",{"@type":106,"@version":107,"id":344,"component":345,"responsiveStyles":348},"builder-96634044407e491299e291ed64669e39",{"name":346,"options":347,"isRSC":118},"TrustedBy",{"AllPartners":41,"backgroundTransparent":6},{"large":349},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},"#000",{"@type":106,"@version":107,"id":352,"component":353,"responsiveStyles":356},"builder-2c3768f930534557bb8978e32b6a6a0f",{"name":354,"options":355,"isRSC":118},"Diagonal",{"darkMode":41},{"large":357},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":360,"component":361,"responsiveStyles":368},"TextImageBlockVertical","builder-7c3c1c2840424db2ad2ccbfaf382dd64",{"name":359,"tag":359,"options":362,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":365,"description":366,"animatedTitle":37,"image":367,"reverse":6,"descriptionPaddingHorizontal":118},1200,800,"\u003Ch2>Why stop at the inbox?\u003C/h2>","\u003Cp>Phishing attacks have evolved. Whether attackers lure users with QR codes, instant messages, or OAuth consent screens, the outcome is the same: it plays out in the browser. Push gives you real-time detection for in-browser threats, stopping phishing and consent-based attacks before they lead to compromise\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7fdcac241f0e4a049166d7076858adeb",{"large":369},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":371,"component":372,"responsiveStyles":380},"builder-41c978b3669749cf947e622b4e79e4d7",{"name":373,"options":374,"isRSC":118},"TextImageBlockHorizontal",{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":377,"description":378,"reverse":41,"image":379},600,100,"\u003Cp>Detect phishing at the edge\u003C/p>","\u003Cp>Push uses industry-first telemetry to detect phishing based on behavior, not static indicators. Autonomous agents analyze how phishing pages behave and how users interact with them, uncovering fake logins, credential theft, and phishing kits the moment they load in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9df3d180c97b4e61af142af2ccd68721",{"large":381},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},"DM Sans, sans-serif","20px","0px",{"@type":106,"@version":107,"id":386,"component":387,"responsiveStyles":393},"builder-d2a7bc941feb43cdb898bc116b203cf9",{"name":373,"options":388,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":390,"description":391,"reverse":6,"image":392},120,"\u003Ch2>Go beyond blocklists and IOCs\u003C/h2>","\u003Cp>Push goes beyond URLs and easy-to-change indicators. It reads the full phishing playbook like script behavior, session hijacks, DOM changes, user inputs, then connects the dots in real time. This gives your team a complete picture of how the phishing attempt worked, not just an alert.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabfd58db169b433e96d3f1261797156e",{"large":394},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},"36px",{"@type":106,"@version":107,"layerName":373,"id":397,"component":398,"responsiveStyles":404},"builder-42c32198083f4880acb37c5cb76934da",{"name":373,"options":399,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":401,"description":402,"reverse":41,"image":403},140,"\u003Ch2>Enhance your phishing response\u003C/h2>","\u003Cp>When phishing enters your environment, speed matters. Push gives you instant access to the telemetry that counts like session data, user behavior, and page activity, so you can investigate fast, trigger in-browser prompts, or forward alerts to your SIEM or SOAR for response. All in real time, right from the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbb195aec46904056b85e8688629e558e",{"large":405},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},"47px",{"@type":106,"@version":107,"id":408,"component":409,"responsiveStyles":411},"builder-9a95b9cbc4854421a92ef7b90f6c7adb",{"name":354,"options":410,"isRSC":118},{"darkMode":6},{"large":412},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":414,"component":415,"responsiveStyles":419},"builder-0afa17a9f25c4661a90f314d5578aa18",{"name":416,"tag":416,"options":417,"isRSC":118},"LatestResources",{"sectionHeading":37,"customClass":418},"bg-black",{"large":420},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":422,"@type":106,"tagName":131,"properties":423,"responsiveStyles":424},"builder-pixel-21yj6h3p4wh",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":425},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":427},{"path":37,"query":428},{},{},1776275046831,1745499158657,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fff60c30a8442489c8ed7e0af9599d14f","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"lastPreviewUrl":436,"winningTest":118,"breakpoints":437,"kind":438,"hasLinks":6,"originalContentId":439,"hasAutosaves":6},"https://pushsecurity.com/uc/zero-day-phishing-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=387451215c314dd5bd654668cdc1a197&builder.overrides.387451215c314dd5bd654668cdc1a197=387451215c314dd5bd654668cdc1a197&builder.overrides.use-case-page:/uc/zero-day-phishing-protection=387451215c314dd5bd654668cdc1a197&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},"page","2daa5670b8504fc7ba4700633e8bd921","atvz4dp24b7",{"createdDate":442,"id":443,"name":444,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":445,"data":448,"variations":552,"lastUpdated":553,"firstPublished":554,"testRatio":33,"screenshot":555,"createdBy":34,"lastUpdatedBy":433,"folders":556,"meta":557,"rev":440},1756833377777,"54f8256648f54d439303734b1e69221b","Browser extension security",[446],{"@type":264,"property":265,"operator":266,"value":447},"/uc/browser-extension-security",{"seoDescription":449,"jsCode":37,"fontAwesomeIcon":450,"tsCode":37,"title":444,"seoTitle":444,"customFonts":451,"inputs":456,"blocks":457,"url":447,"state":549},"Shine a light on risky browser extensions.","faPuzzlePiece",[452],{"kind":273,"family":272,"version":274,"files":453,"category":295,"lastModified":275,"subsets":454,"variants":455,"menu":296},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"100italic":288,"italic":289,"regular":290,"900italic":286,"800italic":285,"700italic":287,"200italic":291,"300italic":293,"500italic":292,"600italic":294},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],[],[458,544],{"@type":106,"@version":107,"tagName":323,"id":459,"meta":460,"children":461},"builder-71d0648c1d2f4ede8d0d0b5b28b7b94c",{"previousId":324},[462,478,485,492,501,511,521,531,538],{"@type":106,"@version":107,"id":463,"meta":464,"component":465,"responsiveStyles":476},"builder-ff325b4b8fad4edea53f38865947e854",{"previousId":328},{"name":327,"options":466,"isRSC":118},{"title":444,"description":467,"points":468,"video":475},"\u003Cp>Browser extensions introduce new code, new permissions, and new potential for risk. Many include AI features, and most go completely unnoticed. Push gives you full visibility into every extension used across your workforce, across major browsers, so you can uncover shadow IT, assess risky permissions, and block unsafe tools before they lead to compromise.\u003C/p>",[469,471,473],{"item":470},"Discover every browser extension in use",{"item":472},"Spot risky or unsanctioned behavior",{"item":474},"Make informed decisions on extension policy","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc538aad95d7f403aa3c3551af72f67c0?alt=media&token=1411fa6d-2eac-4e6c-94bf-ea117da12d67&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",{"large":477},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":479,"meta":480,"component":481,"responsiveStyles":483},"builder-fb89d128c64e47cf9cbb11d90fc24523",{"previousId":344},{"name":346,"options":482,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":484},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":486,"meta":487,"component":488,"responsiveStyles":490},"builder-54388d35126c4d0096eeebaf8c4448cd",{"previousId":352},{"name":354,"options":489,"isRSC":118},{"darkMode":41},{"large":491},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":493,"component":494,"responsiveStyles":499},"builder-3c8fa6785dd6466abf52a2470d66d85a",{"name":359,"tag":359,"options":495,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":496,"description":497,"image":498,"reverse":6},"\u003Ch2>Take control of browser extensions\u003C/h2>","\u003Cp>Attackers are increasingly using malicious browser extensions to gain access to data processed and stored in the browser. And the problem is, most security teams have no visibility into what extensions are being used. Push changes that. With browser-native telemetry, the Push extension continuously inventories browser extensions across your environment, flags the risky ones, and gives you intelligence to act. \u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0a004f16a6874f4c8fdf14344acc9fec",{"large":500},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":502,"meta":503,"component":504,"responsiveStyles":509},"builder-93738f98109a4009affb349afd7bb182",{"previousId":371},{"name":373,"options":505,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":506,"description":507,"reverse":41,"image":508},"\u003Ch2>Discover every extension in use\u003C/h2>","\u003Cp>Push gives you structured, searchable data about every extension in your environment, so you’re not just seeing what’s there, but also understanding how it got there, what it can do, and who it affects. It’s the kind of granular insight that’s nearly impossible to get from traditional tools, and it lays the groundwork for better policy decisions and faster investigations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0e5727ca99474f14b1b7916bf6bbb782",{"large":510},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":512,"meta":513,"component":514,"responsiveStyles":519},"builder-83393acb12ee4fdd840839185b51edb4",{"previousId":386},{"name":373,"options":515,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":516,"description":517,"reverse":6,"image":518},"\u003Ch2>Spot risky or malicious extensions\u003C/h2>","\u003Cp>Push highlights extensions with dangerous permissions, broad access, or poor reputations. This includes AI extensions that request access far beyond what their stated purpose requires. You can quickly detect sideloaded, manually installed, or development-mode extensions that bypass normal controls. And because Push shows you who’s using them and where, you can respond precisely and effectively.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa104d58c8da34fbb8901f738fb21453b",{"large":520},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":522,"meta":523,"component":524,"responsiveStyles":529},"builder-da98e3de949646d89c53a0d1c2784664",{"previousId":397},{"name":373,"options":525,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":526,"description":527,"reverse":41,"image":528},"\u003Ch2>Accelerate security reviews\u003C/h2>","\u003Cp>Most teams have extension policies, they just don’t have the data to enforce them. Push reveals how each extension entered your environment, whether it was installed manually, sideloaded, or deployed in dev mode. You’ll see which users are running what, and where, so you can surface violations, investigate quickly, and respond with confidence.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F229f355be6f243b180f410d237a75bb3",{"large":530},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":532,"meta":533,"component":534,"responsiveStyles":536},"builder-1a689287d1a1418997d57db578a71105",{"previousId":408},{"name":354,"options":535,"isRSC":118},{"darkMode":6},{"large":537},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":539,"component":540,"responsiveStyles":542},"builder-feb4e75029f84c10b6498ef1f8f79128",{"name":416,"tag":416,"options":541,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":543},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":545,"@type":106,"tagName":131,"properties":546,"responsiveStyles":547},"builder-pixel-0edn39avfcei",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":548},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":550},{"path":37,"query":551},{},{},1776275365038,1757000441666,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8d496cf111644ee5afcc046b72d1ca5a",[],{"kind":438,"winningTest":118,"breakpoints":558,"lastPreviewUrl":559,"hasLinks":6,"originalContentId":259,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/browser-extension-security?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=54f8256648f54d439303734b1e69221b&builder.overrides.54f8256648f54d439303734b1e69221b=54f8256648f54d439303734b1e69221b&builder.overrides.use-case-page:/uc/browser-extension-security=54f8256648f54d439303734b1e69221b&builder.options.locale=Default",{"createdDate":561,"id":562,"name":563,"modelId":261,"published":13,"query":564,"data":567,"variations":670,"lastUpdated":671,"firstPublished":672,"testRatio":33,"screenshot":673,"createdBy":34,"lastUpdatedBy":674,"folders":675,"meta":676,"rev":440},1744923509705,"94bebb7bb99d48629ad157e80cf4d81d","Account takeover detection",[565],{"@type":264,"property":265,"operator":266,"value":566},"/uc/account-takeover-detection",{"title":563,"customFonts":568,"jsCode":37,"seoTitle":563,"seoDescription":573,"fontAwesomeIcon":574,"tsCode":37,"blocks":575,"url":566,"state":667},[569],{"kind":273,"category":295,"variants":570,"menu":296,"files":571,"family":272,"subsets":572,"version":274,"lastModified":275},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"800italic":285,"700italic":287,"italic":289,"900italic":286,"600italic":294,"200italic":291,"regular":290,"100italic":288},[298,299],"Stop ATO with stolen credential and compromised token detection.","faUserSecret",[576,662],{"@type":106,"@version":107,"tagName":323,"id":577,"meta":578,"children":579},"builder-e7913a774cae44c5a23d6081c5c30a52",{"previousId":324},[580,596,603,610,619,629,639,649,656],{"@type":106,"@version":107,"id":581,"meta":582,"component":583,"responsiveStyles":594},"builder-f1f1ab1601bc4c0f8c2a8aafd173675d",{"previousId":328},{"name":327,"options":584,"isRSC":118},{"title":563,"description":585,"points":586,"video":593},"\u003Cp>Attackers don’t need to phish, they just need a password that works. Push monitors for signs of credential-based attacks in real time, directly in the browser, catching account takeover attempts before the damage spreads. From ghost logins to credential stuffing, Push cuts off the paths attackers use to quietly slip in the back door.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[587,589,591],{"item":588},"Identify credential-based ATO as it unfolds",{"item":590},"Surface hijacked sessions and token misuse",{"item":592},"Strengthen authentication where your IdP can’t","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb4dd9db24bc9495b8a686b1b4d492016%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=b4dd9db24bc9495b8a686b1b4d492016&alt=media&optimized=true",{"large":595},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":597,"meta":598,"component":599,"responsiveStyles":601},"builder-0bc0d1c78ece4994993c3a6427a4d533",{"previousId":344},{"name":346,"options":600,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":602},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":604,"meta":605,"component":606,"responsiveStyles":608},"builder-e45de8f3768c4f16938dbf78e4e87524",{"previousId":352},{"name":354,"options":607,"isRSC":118},{"darkMode":41},{"large":609},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":611,"component":612,"responsiveStyles":617},"builder-c98e8bfd341146c1b67c02d5698ff093",{"name":359,"tag":359,"options":613,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":614,"description":615,"image":616,"reverse":6},"\u003Ch2>Assume less. See more.\u003C/h2>","\u003Cp>Most account takeovers don’t start with a breach, they start with a login. Whether it’s a reused password, a local account, or an outdated login flow, Push shows you how accounts are actually accessed day to day, not just how policies say they should be. That means no more blind spots around ghost logins, bypassed SSO, or stale access paths that quietly persist.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F18630ad2746d4eb7b7fcc0428b11a8f0",{"large":618},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":620,"meta":621,"component":622,"responsiveStyles":627},"builder-55c1fc38ddc04fd1a0d6a8e2fb819e00",{"previousId":371},{"name":373,"options":623,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":624,"description":625,"reverse":41,"image":626},"\u003Ch2>Catch stolen credential use in real time\u003C/h2>","\u003Cp>Push monitors login activity directly in the browser to detect signs of credential-based attacks like leaked password use or suspicious login flows. By analyzing attacker TTPs instead of relying on known indicators, Push spots credential stuffing and account takeover attempts the moment they begin, not after they’ve succeeded.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F52b0123cac2c4dfdb1dc0af6adf9d603",{"large":628},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":630,"meta":631,"component":632,"responsiveStyles":637},"builder-dfb31737b30948c6b95323655d571a50",{"previousId":386},{"name":373,"options":633,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":634,"description":635,"reverse":6,"image":636},"\u003Ch2>Detect session hijacks and stealth access\u003C/h2>","\u003Cp>Attackers don’t always need a login screen, they often sidestep it entirely using stolen session tokens. Push detects when valid sessions are reused in unexpected ways, identifying hijacked sessions and stealth access attempts that traditional tools miss. Because we monitor directly in the browser, you see what’s happening inside active sessions in real time.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F94a6859a99e04d309ffe5841f3dbdf5c",{"large":638},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":640,"meta":641,"component":642,"responsiveStyles":647},"builder-f7585b90eb974d03a7dc7eae5b58d227",{"previousId":397},{"name":373,"options":643,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":644,"description":645,"reverse":41,"image":646},"\u003Ch2>Harden accounts before they’re compromised\u003C/h2>","\u003Cp>Push goes beyond alerts. It identifies apps that still allow local logins, even when SSO is configured, so you can remove weak access paths. Push also flags users without MFA, reused work credentials, or weak passwords, and prompts users in-browser to fix risky behaviors before they’re exploited.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01c1b638f1b6497093a4f2b8ceddb5bb",{"large":648},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":650,"meta":651,"component":652,"responsiveStyles":654},"builder-ad81d1e3afec49a791214194eae09bdc",{"previousId":408},{"name":354,"options":653,"isRSC":118},{"darkMode":6},{"large":655},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":657,"component":658,"responsiveStyles":660},"builder-8dac1aa4b9d148628d92252bd8eff822",{"name":416,"tag":416,"options":659,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":661},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":663,"@type":106,"tagName":131,"properties":664,"responsiveStyles":665},"builder-pixel-s5u3wmvz7jq",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":666},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":668},{"path":37,"query":669},{},{},1770892814499,1745499162732,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F58b660fa94aa4b30b0faeb9b663ae41a","SfUPqW5tkibIPby49keNFMdHFTr1",[],{"lastPreviewUrl":677,"hasLinks":6,"originalContentId":259,"breakpoints":678,"winningTest":118,"kind":438,"hasAutosaves":41},"https://pushsecurity.com/uc/account-takeover-detection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.94bebb7bb99d48629ad157e80cf4d81d=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.use-case-page:/uc/account-takeover-detection=94bebb7bb99d48629ad157e80cf4d81d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":680,"id":681,"name":682,"modelId":261,"published":13,"query":683,"data":686,"variations":789,"lastUpdated":790,"firstPublished":791,"testRatio":33,"screenshot":792,"createdBy":34,"lastUpdatedBy":674,"folders":793,"meta":794,"rev":440},1745009370904,"23eb48fb56d3451cab77cb6ed140ee6d","Attack path hardening",[684],{"@type":264,"property":265,"operator":266,"value":685},"/uc/attack-path-hardening",{"tsCode":37,"seoDescription":687,"jsCode":37,"customFonts":688,"fontAwesomeIcon":693,"seoTitle":682,"title":682,"blocks":694,"url":685,"state":786},"Harden access paths with visibility,  detection, and guardrails.",[689],{"kind":273,"files":690,"version":274,"lastModified":275,"subsets":691,"menu":296,"category":295,"variants":692,"family":272},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"regular":290,"italic":289,"800italic":285,"500italic":292,"600italic":294,"200italic":291,"900italic":286,"700italic":287,"100italic":288,"300italic":293},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"faRadar",[695,781],{"@type":106,"@version":107,"tagName":323,"id":696,"meta":697,"children":698},"builder-1d8553eddcaa44d7bba9e2f4ca13af2a",{"previousId":577},[699,715,722,729,738,748,758,768,775],{"@type":106,"@version":107,"id":700,"meta":701,"component":702,"responsiveStyles":713},"builder-84fe3d7c85a743cf8cef649aa974f1ef",{"previousId":581},{"name":327,"options":703,"isRSC":118},{"title":682,"description":704,"points":705,"video":712},"\u003Cp>Push continuously monitors your environment for exposed login paths, weak credentials, and missing protections like MFA. It detects the gaps attackers exploit and helps you close them before they’re used.\u003C/p>",[706,708,710],{"item":707},"Find weak spots like reused passwords, local logins, and missing MFA",{"item":709},"Monitor how users actually log in across apps, flows, and tools",{"item":711},"Enforce secure access with in-browser guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdbdcf52892034f1bbddded77f753a343%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=dbdcf52892034f1bbddded77f753a343&alt=media&optimized=true",{"large":714},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":716,"meta":717,"component":718,"responsiveStyles":720},"builder-b3f66f5b08054cc78a06fecfc3ae2337",{"previousId":597},{"name":346,"options":719,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":721},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":723,"meta":724,"component":725,"responsiveStyles":727},"builder-4c73418b84be49ed85e6e13d2625c5a0",{"previousId":604},{"name":354,"options":726,"isRSC":118},{"darkMode":41},{"large":728},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":730,"component":731,"responsiveStyles":736},"builder-dec0246085e1485c803f7152b1922a81",{"name":359,"tag":359,"options":732,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":733,"description":734,"image":735,"reverse":6},"\u003Ch2>Find the gaps that lead to compromise\u003C/h2>","\u003Cp>Misconfigurations don’t show up in your config files, they show up in how users actually access apps. Push monitors real login behavior in the browser, surfacing risky patterns like local login access, duplicate accounts, or missing protections that leave doors wide open.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F309a59bba8d247a19476bb369397460e",{"large":737},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":739,"meta":740,"component":741,"responsiveStyles":746},"builder-ebf049a645604a249550996a88f8f3b6",{"previousId":620},{"name":373,"options":742,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":743,"description":744,"reverse":41,"image":745},"\u003Ch2>See real login behavior\u003C/h2>","\u003Cp>Push watches authentication flows as they happen, giving you a live view of how users log in, which methods they choose, and where protections like MFA are missing. Plus, uncover every app and account in use, even shadow IT you didn’t know existed, without relying on stale config files or IdP assumptions. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb51f6b0357cc451b87a7a5016d984e5e",{"large":747},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":749,"meta":750,"component":751,"responsiveStyles":756},"builder-431d175c59004669b0b2776b07d71737",{"previousId":630},{"name":373,"options":752,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":753,"description":754,"reverse":6,"image":755},"\u003Ch2>Find and fix posture drift\u003C/h2>","\u003Cp>Security posture isn’t static. Push continuously monitors for issues like missing MFA or legacy login methods. When something falls out of policy, you know immediately with custom notifications so you can act before it turns into risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F324e39127dfc41e592b1183dfb39892d",{"large":757},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":759,"meta":760,"component":761,"responsiveStyles":766},"builder-3dffdcbe0a484e2ca4c03f019b6d40ee",{"previousId":640},{"name":373,"options":762,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":763,"description":764,"reverse":41,"image":765},"\u003Ch2>Guide users with in-browser guardrails\u003C/h2>","\u003Cp>Push doesn’t just surface problems, it helps you fix them. When users sign in without MFA, reuse a password, or use insecure credentials, Push prompts them directly in the browser to secure their access. It’s faster, more effective, and actually gets results.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fee8b75d13e45488aba55434a8b49ebb0",{"large":767},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":769,"meta":770,"component":771,"responsiveStyles":773},"builder-976bc222cd7647ff905f1e01cfedc453",{"previousId":650},{"name":354,"options":772,"isRSC":118},{"darkMode":6},{"large":774},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":776,"component":777,"responsiveStyles":779},"builder-8c47ec2fd0f74382bb3e6c870555632c",{"name":416,"tag":416,"options":778,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":780},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":782,"@type":106,"tagName":131,"properties":783,"responsiveStyles":784},"builder-pixel-7akm7dayau8",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":785},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":787},{"path":37,"query":788},{},{},1770892844854,1745499166112,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6ca12bf728a045f1a31d40c0beb3bfe5",[],{"kind":438,"lastPreviewUrl":795,"breakpoints":796,"hasLinks":6,"originalContentId":562,"winningTest":118,"hasAutosaves":6},"https://pushsecurity.com/uc/attack-path-hardening?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.23eb48fb56d3451cab77cb6ed140ee6d=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.use-case-page:/uc/attack-path-hardening=23eb48fb56d3451cab77cb6ed140ee6d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":798,"id":799,"name":800,"modelId":261,"published":13,"query":801,"data":804,"variations":909,"lastUpdated":910,"firstPublished":911,"testRatio":33,"screenshot":912,"createdBy":34,"lastUpdatedBy":674,"folders":913,"meta":914,"rev":440},1761675020232,"ea4f309d2ffe46c5aa97ebf0fda4e2e3","ClickFix Protection",[802],{"@type":264,"property":265,"operator":266,"value":803},"/uc/clickfix-protection",{"seoDescription":805,"fontAwesomeIcon":806,"customFonts":807,"seoTitle":812,"jsCode":37,"tsCode":37,"title":812,"blocks":813,"url":803,"state":906},"Block attacks that trick users into running malicious code.","faLaptopCode",[808],{"files":809,"subsets":810,"menu":296,"version":274,"kind":273,"family":272,"lastModified":275,"variants":811,"category":295},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"200italic":291,"800italic":285,"700italic":287,"600italic":294,"100italic":288,"italic":289,"regular":290,"300italic":293,"500italic":292,"900italic":286},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"ClickFix protection",[814,901],{"@type":106,"@version":107,"tagName":323,"id":815,"meta":816,"children":817},"builder-d7eefdde0f2a4b2b9de3dcb2978fd6cb",{"previousId":696},[818,834,841,848,858,868,878,888,895],{"@type":106,"@version":107,"id":819,"meta":820,"component":821,"responsiveStyles":832},"builder-56e2c54bcce040a4af8b92ae03706c12",{"previousId":700},{"name":327,"options":822,"isRSC":118},{"title":812,"description":823,"points":824,"image":831},"\u003Cp>ClickFix attacks are one of the fastest-growing threats, tricking users into copying malicious code from a webpage and running it locally. This technique bypasses traditional EDR, email gateways, and network filters, leading directly to ransomware and data theft. Push stops this attack at the source, in the browser, by detecting and blocking the malicious behavior before the user can ever paste the code.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[825,827,829],{"item":826},"Detect ClickFix, FileFix, and fake CAPTCHA in the browser",{"item":828},"Block malicious copy-and-paste actions before code is executed",{"item":830},"See full telemetry into which users were targeted and what they saw","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b74af62889847ebb3927364485b0546",{"large":833},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":835,"meta":836,"component":837,"responsiveStyles":839},"builder-05f9614d4e3e4dc88b3ee8658f54e10e",{"previousId":716},{"name":346,"options":838,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":840},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":842,"meta":843,"component":844,"responsiveStyles":846},"builder-c4fb5179366243c1b6c32d368675cf47",{"previousId":723},{"name":354,"options":845,"isRSC":118},{"darkMode":41},{"large":847},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":849,"meta":850,"component":851,"responsiveStyles":856},"builder-261af50705fd445d8cca4a6ba20d5391",{"previousId":730},{"name":359,"tag":359,"options":852,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":853,"description":854,"reverse":6,"image":855},"\u003Ch2>Stop ClickFix-style attacks before they become a breach\u003C/h2>","\u003Cp>Traditional security tools are blind to malicious copy and paste attacks because the attack exploits a gap between the browser and the endpoint. EDR only sees the payload after it runs, and network tools see only part of the picture.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F98b2f7e08dec4eafaf8e24937605b8cf",{"large":857},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":859,"meta":860,"component":861,"responsiveStyles":866},"builder-7d21b8aab8064c40b1e5dd23c4749309",{"previousId":739},{"name":373,"options":862,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":863,"description":864,"reverse":41,"image":865},"\u003Ch2>Discover lures at the source\u003C/h2>","\u003Cp>Push inspects page behavior to identify ClickFix attacks as they happen. By inspecting the page, its structure, and how the user interacts with it, Push can detect and block these in-browser threats in real time. This deep, TTP-based inspection spots the trap even on novel pages that are built to bypass traditional web filters and blocklists.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F665bf47e01544c75bf9ddafd3917927b",{"large":867},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":869,"meta":870,"component":871,"responsiveStyles":876},"builder-fb91943adf6149259ed9e1e6566c9afe",{"previousId":749},{"name":373,"options":872,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":873,"description":874,"reverse":6,"image":875},"\u003Ch2>Block the malicious action\u003C/h2>","\u003Cp>When Push detects a malicious script, it intercepts the user's action and blocks the code from being copied to the clipboard. The user is protected, the attack is stopped, and no malicious code ever reaches the endpoint. Unlike broad DLP tools, this action is surgical, targeting only malicious behavior without disrupting normal work.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5ee68f81f1ac416685cbfe91298cf827",{"large":877},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":879,"meta":880,"component":881,"responsiveStyles":886},"builder-bfac95fada864e5a8259b955b5b5f98b",{"previousId":759},{"name":373,"options":882,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":883,"description":884,"reverse":41,"image":885},"\u003Ch2>Accelerate ClickFix investigations\u003C/h2>","\u003Cp>When an attack happens, knowing what the user saw or did is critical. Push provides rich browser session data for rapid investigation and containment. Security teams get detailed telemetry on which users were targeted, what lure they were served, and when the block occurred. This enables defenders to reconstruct what happened and respond quickly, even when other tools miss the activity entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6cdf2a8aeddc4e9a9023cbf974e40239",{"large":887},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":889,"meta":890,"component":891,"responsiveStyles":893},"builder-136892e831684a6987f87d3be67c33d1",{"previousId":769},{"name":354,"options":892,"isRSC":118},{"darkMode":6},{"large":894},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":896,"component":897,"responsiveStyles":899},"builder-dec26b739f2f42beb5a73cfc6c675b60",{"name":416,"tag":416,"options":898,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":900},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":902,"@type":106,"tagName":131,"properties":903,"responsiveStyles":904},"builder-pixel-zzjpxxgrc2l",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":905},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":907},{"path":37,"query":908},{},{},1770892881888,1761847585203,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F375467b8bef34ed1a8a1cc5b8b67d75f",[],{"lastPreviewUrl":915,"originalContentId":681,"winningTest":118,"hasLinks":6,"kind":438,"breakpoints":916,"hasAutosaves":6},"https://pushsecurity.com/uc/clickfix-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.ea4f309d2ffe46c5aa97ebf0fda4e2e3=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.use-case-page:/uc/clickfix-protection=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":918,"id":919,"name":920,"modelId":261,"published":13,"query":921,"data":924,"variations":1029,"lastUpdated":1030,"firstPublished":1031,"testRatio":33,"screenshot":1032,"createdBy":34,"lastUpdatedBy":674,"folders":1033,"meta":1034,"rev":440},1745009743870,"a9d5556e77f84a37b5bd52310a7110c1","Incident response",[922],{"@type":264,"property":265,"operator":266,"value":923},"/uc/incident-response",{"seoDescription":925,"customFonts":926,"title":920,"jsCode":37,"fontAwesomeIcon":931,"seoTitle":932,"tsCode":37,"blocks":933,"url":923,"state":1026},"Investigate and respond faster with unique browser telemetry.",[927],{"kind":273,"subsets":928,"menu":296,"variants":929,"category":295,"family":272,"version":274,"lastModified":275,"files":930},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"900italic":286,"600italic":294,"200italic":291,"300italic":293,"100italic":288,"700italic":287,"800italic":285,"regular":290,"italic":289,"500italic":292},"faSatelliteDish","Browser based incident response",[934,1021],{"@type":106,"@version":107,"tagName":323,"id":935,"meta":936,"children":937},"builder-653c4aed737b4def88dc4cd2d695660a",{"previousId":696},[938,955,962,969,978,988,998,1008,1015],{"@type":106,"@version":107,"id":939,"meta":940,"component":941,"responsiveStyles":953},"builder-18190bd36518467d9154d27d7e945b9b",{"previousId":700},{"name":327,"options":942,"isRSC":118},{"title":943,"description":944,"points":945,"video":952},"Browser-based incident response","\u003Cp>Push gives you real-time visibility into what actually happened during a breach, right in the browser where the attack played out. From credential theft to session hijacking, Push captures high-fidelity telemetry so you can investigate quickly, contain confidently, and shut it down before it spreads.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[946,948,950],{"item":947},"Reconstruct what happened with real browser session context",{"item":949},"Investigate faster with real-world session context",{"item":951},"Trigger response actions automatically through your SIEM or SOAR","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd00e39d3b6e346c296261d875cf55652%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=d00e39d3b6e346c296261d875cf55652&alt=media&optimized=true",{"large":954},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":956,"meta":957,"component":958,"responsiveStyles":960},"builder-8a0a8ea63f5d48dd8a6726f2d49cf0ca",{"previousId":716},{"name":346,"options":959,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":961},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":963,"meta":964,"component":965,"responsiveStyles":967},"builder-2df65c3f54334df2b26e7cb744886cdc",{"previousId":723},{"name":354,"options":966,"isRSC":118},{"darkMode":41},{"large":968},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":970,"component":971,"responsiveStyles":976},"builder-2c32c869efc2423ab69ef06b150e9f97",{"name":359,"tag":359,"options":972,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":973,"description":974,"image":975,"reverse":6},"\u003Ch2>See attacks unfold, not just their aftermath\u003C/h2>","\u003Cp>Attacks happen in the browser, not in logs. Push captures what traditional tools miss: what users clicked, what loaded, what was entered, and how attackers moved. That gives you real-world evidence, not just assumptions, when every second matters.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F36fc719bd1de4a38b916f4d25c81a26d",{"large":977},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":979,"meta":980,"component":981,"responsiveStyles":986},"builder-370e53c6016e432db01e9193a2ce90f6",{"previousId":739},{"name":373,"options":982,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":983,"description":984,"reverse":41,"image":985},"\u003Ch2>Investigate faster with high-fidelity data\u003C/h2>","\u003Cp>Reconstructing an incident shouldn’t feel like guesswork. Push records detailed telemetry from inside the browser: page loads, credential inputs, DOM changes, session activity, user behavior. It’s structured, exportable, and ready to plug into your investigation workflows, so you can move fast without digging through proxy logs or relying on user reports.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa6adda040e684e67a8d68a55c5ce5f6d",{"large":987},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":989,"meta":990,"component":991,"responsiveStyles":996},"builder-a7f3767a8d184bd08fb24520bf210e95",{"previousId":749},{"name":373,"options":992,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":993,"description":994,"reverse":6,"image":995},"\u003Ch2>Contain and respond in real time\u003C/h2>","\u003Cp>When something looks off, Push doesn’t just alert you, it gives you options. Guide users with in-browser prompts. Terminate sessions. Trigger SOAR workflows. Enrich SIEM alerts. Push gives you the context and control to stop spread before it starts.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb3dedeed5aba4847a2c2d22e10d0ec12",{"large":997},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":999,"meta":1000,"component":1001,"responsiveStyles":1006},"builder-b92036ee0ece4b32acdbdcc7c377366b",{"previousId":759},{"name":373,"options":1002,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1003,"description":1004,"reverse":41,"image":1005},"\u003Ch2>Prevent the next one\u003C/h2>","\u003Cp>Push helps you respond fast, but it also helps you fix what went wrong. It surfaces misconfigurations and risky behaviors that made the attack possible in the first place, then guides users in-browser to remediate. One tool. Full loop. No loose ends.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc1ecc2d5d3814b62b072fac01827ff96",{"large":1007},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1009,"meta":1010,"component":1011,"responsiveStyles":1013},"builder-5e8ae39655274de89da32ab573a2525a",{"previousId":769},{"name":354,"options":1012,"isRSC":118},{"darkMode":6},{"large":1014},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1016,"component":1017,"responsiveStyles":1019},"builder-dfd6850cfb4741d2b8a0c16c2780f00a",{"name":416,"tag":416,"options":1018,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1020},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1022,"@type":106,"tagName":131,"properties":1023,"responsiveStyles":1024},"builder-pixel-z197gdgcmu",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1025},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1027},{"path":37,"query":1028},{},{},1770892908052,1745427419274,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb07017bfd318431690a5bb35bda35b99",[],{"kind":438,"breakpoints":1035,"originalContentId":681,"winningTest":118,"lastPreviewUrl":1036,"hasLinks":6,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/incident-response?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.a9d5556e77f84a37b5bd52310a7110c1=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.use-case-page:/uc/incident-response=a9d5556e77f84a37b5bd52310a7110c1&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"createdDate":1038,"id":1039,"name":1040,"modelId":261,"published":13,"query":1041,"data":1044,"variations":1149,"lastUpdated":1150,"firstPublished":1151,"testRatio":33,"screenshot":1152,"createdBy":34,"lastUpdatedBy":674,"folders":1153,"meta":1154,"rev":440},1746122471259,"5f118e24433d46ceb79f5099987156d7","Shadow SaaS",[1042],{"@type":264,"property":265,"operator":266,"value":1043},"/uc/shadow-saas",{"seoTitle":1045,"seoDescription":1046,"customFonts":1047,"fontAwesomeIcon":1052,"title":1053,"jsCode":37,"tsCode":37,"blocks":1054,"url":1043,"state":1146},"Find and secure shadow SaaS","See and control shadow SaaS in the browser.",[1048],{"kind":273,"variants":1049,"files":1050,"family":272,"version":274,"subsets":1051,"lastModified":275,"category":295,"menu":296},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"regular":290,"900italic":286,"italic":289,"100italic":288,"200italic":291,"600italic":294,"700italic":287,"800italic":285},[298,299],"faShieldCheck","Secure shadow SaaS",[1055,1141],{"@type":106,"@version":107,"tagName":323,"id":1056,"meta":1057,"children":1058},"builder-04da805c4cd34652a2db452fcda52e1d",{"previousId":935},[1059,1075,1082,1089,1098,1108,1118,1128,1135],{"@type":106,"@version":107,"id":1060,"meta":1061,"component":1062,"responsiveStyles":1073},"builder-830d414faeaf41439142f9157e8288c8",{"previousId":939},{"name":327,"options":1063,"isRSC":118},{"title":1045,"description":1064,"points":1065,"video":1072},"\u003Cp>SaaS sprawl is one of today’s fastest-growing security blind spots because most tools monitor around the edges. Push sees it at the source, in the browser, revealing every app users access, flagging risky tools, and helping you shut down exposure before it leads to a breach. No guesswork. No nasty surprises. Just real-time visibility and control.\u003C/p>",[1066,1068,1070],{"item":1067},"Discover every SaaS app users access, managed or not",{"item":1069},"Spot accounts with weak security postures like missing MFA, unmanaged access, and no SSO",{"item":1071},"Control usage with in-browser prompts, blocks, and security guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e4eece318d04d6586e691d59d0741cf%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=3e4eece318d04d6586e691d59d0741cf&alt=media&optimized=true",{"large":1074},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1076,"meta":1077,"component":1078,"responsiveStyles":1080},"builder-cd7833f966cb4c7e8adf0d6c979414a6",{"previousId":956},{"name":346,"options":1079,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1081},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1083,"meta":1084,"component":1085,"responsiveStyles":1087},"builder-49d720b45430454e8b08c526f267c19f",{"previousId":963},{"name":354,"options":1086,"isRSC":118},{"darkMode":41},{"large":1088},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1090,"component":1091,"responsiveStyles":1096},"builder-3dde0bf6c8544e5e9ab41b18a9d68034",{"name":359,"tag":359,"options":1092,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1093,"description":1094,"image":1095,"reverse":6},"\u003Ch2>Use your browser to curb Saas Sprawl\u003C/h2>","\u003Cp>Shadow SaaS isn’t hiding in your network, it’s in your browser. From AI tools to unsanctioned file-sharing sites, security risks live in the apps your users sign into every day. Push maps your organization's true SaaS footprint in real time, exposing apps and accounts with unmanaged access, poor authentication, or no security oversight.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb6811a214c7949b6bbe0b9a3bca62efd",{"large":1097},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1099,"meta":1100,"component":1101,"responsiveStyles":1106},"builder-e2420451ccdc4f088d0a4904cff45935",{"previousId":979},{"name":373,"options":1102,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1103,"description":1104,"reverse":41,"image":1105},"\u003Ch2>Discover hidden SaaS usage\u003C/h2>","\u003Cp>Push captures live browser telemetry across every tab and session. Whether a user signs into a sanctioned app with a personal account or tries a new AI plugin, you’ll see it in real time, with no integrations or manual tagging.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe16e301f9af94665b95d98232a863d8a",{"large":1107},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1109,"meta":1110,"component":1111,"responsiveStyles":1116},"builder-b36de7fce7994beea9e58d94662e7166",{"previousId":989},{"name":373,"options":1112,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1113,"description":1114,"reverse":6,"image":1115},"\u003Ch2>Spot risky access and unsafe usage\u003C/h2>","\u003Cp>Discovery is just the beginning. Push flags apps with risky traits, no MFA, no SSO, known vulnerabilities, or broad access scopes. You’ll know which tools introduce real risk, and which users are exposed so you can act with precision.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6585f3c242da4d70ae3cb7d02f481bef",{"large":1117},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1119,"meta":1120,"component":1121,"responsiveStyles":1126},"builder-dc366b5134684fe7a508edf8913103ea",{"previousId":999},{"name":373,"options":1122,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1123,"description":1124,"reverse":41,"image":1125},"\u003Ch2>Close gaps before they grow\u003C/h2>","\u003Cp>Push turns insight into action. When risky SaaS use is detected, guide users to enable MFA, block high-risk apps, or apply in-browser guardrails automatically. All without deploying new infrastructure or managing dozens of integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe6d60b6d91414819bc6258a318f00557",{"large":1127},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1129,"meta":1130,"component":1131,"responsiveStyles":1133},"builder-8708f6f0d8da4b3f9e17bf16cda70219",{"previousId":1009},{"name":354,"options":1132,"isRSC":118},{"darkMode":6},{"large":1134},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1136,"component":1137,"responsiveStyles":1139},"builder-8ff4b38d60534cf28cb523ab0f754875",{"name":416,"tag":416,"options":1138,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1140},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1142,"@type":106,"tagName":131,"properties":1143,"responsiveStyles":1144},"builder-pixel-d1ul2kmxbed",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1145},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1147},{"path":37,"query":1148},{},{},1770892936802,1746714967208,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01bfb2304521412fbd2e1a1180904d40",[],{"originalContentId":919,"winningTest":118,"lastPreviewUrl":1155,"breakpoints":1156,"kind":438,"hasLinks":6,"hasAutosaves":6},"https://pushsecurity.com/uc/shadow-saas?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=5f118e24433d46ceb79f5099987156d7&builder.overrides.5f118e24433d46ceb79f5099987156d7=5f118e24433d46ceb79f5099987156d7&builder.overrides.use-case-page:/uc/shadow-saas=5f118e24433d46ceb79f5099987156d7&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":1158,"id":1159,"name":1160,"modelId":261,"published":13,"query":1161,"data":1164,"variations":1268,"lastUpdated":1269,"firstPublished":1270,"testRatio":33,"screenshot":1271,"createdBy":34,"lastUpdatedBy":674,"folders":1272,"meta":1273,"rev":440},1764707470172,"b62629ce2f3741158d961cd10fe74b31","Shadow AI",[1162],{"@type":264,"property":265,"operator":266,"value":1163},"/uc/shadow-ai",{"fontAwesomeIcon":1165,"seoTitle":1166,"jsCode":37,"customFonts":1167,"title":1172,"tsCode":37,"seoDescription":1173,"blocks":1174,"url":1163,"state":1265},"faBrainCircuit","Secure AI native and AI enhanced apps. ",[1168],{"variants":1169,"category":295,"files":1170,"subsets":1171,"family":272,"kind":273,"menu":296,"lastModified":275,"version":274},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"regular":290,"700italic":287,"200italic":291,"italic":289,"500italic":292,"600italic":294,"300italic":293,"100italic":288,"900italic":286},[298,299],"Secure shadow AI","See and control shadow AI apps in the browser.",[1175,1260],{"@type":106,"@version":107,"tagName":323,"id":1176,"meta":1177,"children":1178},"builder-a6e5717a2c914d5695058e4ee201a05d",{"previousId":1056},[1179,1195,1202,1209,1219,1228,1237,1247,1254],{"@type":106,"@version":107,"id":1180,"meta":1181,"component":1182,"responsiveStyles":1193},"builder-3e0ed678683f4a0eb7aa00253cf263b2",{"previousId":1060},{"name":327,"options":1183,"isRSC":118},{"title":1172,"description":1184,"points":1185,"image":1192},"\u003Cp>Your employees are adopting AI faster than you can track it. From native features in corporate apps to unapproved shadow tools, it’s all happening in the browser. Push detects every AI interaction in real time, letting you categorize apps and enforce acceptable use policies in the browser.\u003C/p>",[1186,1188,1190],{"item":1187},"Map every AI tool used across your workforce",{"item":1189},"Review and classify apps by sensitivity, purpose, and policy status",{"item":1191},"Enforce AI usage rules directly in the browser","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33cf153d920f4e389f3650253577cff7",{"large":1194},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1196,"meta":1197,"component":1198,"responsiveStyles":1200},"builder-76968f8471d14893b8189d75b08fb426",{"previousId":1076},{"name":346,"options":1199,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1201},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1203,"meta":1204,"component":1205,"responsiveStyles":1207},"builder-b55b9d4bc5a649d8839ce7f6c2043d95",{"previousId":1083},{"name":354,"options":1206,"isRSC":118},{"darkMode":41},{"large":1208},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1210,"meta":1211,"component":1212,"responsiveStyles":1217},"builder-c3f38ef4d75d4989a29b5903175ed8a1",{"previousId":1090},{"name":359,"tag":359,"options":1213,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1214,"description":1215,"image":1216,"reverse":6},"\u003Ch2>Use your browser to govern AI \u003C/h2>","\u003Cp>The AI footprint inside your company is bigger than you think. From text generators to meeting assistants and design copilots, employees test, adopt, and connect new tools constantly. Push shows you those tools and which users are accessing them, without relying on network scans or API integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F30b43bda6f1644c19478fb1efa20050c",{"large":1218},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1220,"meta":1221,"component":1222,"responsiveStyles":1226},"builder-90ee9cb9afc44e7f885523715bf51a53",{"previousId":1099},{"name":373,"options":1223,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1224,"description":1225,"reverse":41,"image":1115},"\u003Ch2>Discover every AI tool users touch\u003C/h2>","\u003Cp>Push captures live telemetry from the browser, identifying every AI-native and AI-enhanced application users access. You’ll know which corporate identities are connected, how data flows, and what new AI apps appear across your environment. \u003C/p>",{"large":1227},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1229,"meta":1230,"component":1231,"responsiveStyles":1235},"builder-9e44539fa53c4d8e87406036c921fc46",{"previousId":1109},{"name":373,"options":1232,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1233,"description":1234,"reverse":6,"image":1125},"\u003Ch2>Classify and manage AI risk\u003C/h2>","\u003Cp>For apps you choose to allow, Push lets you apply custom in-browser banners. You can bulk-select categories of AI tools and require users to read and acknowledge your acceptable use policy before they proceed. This creates an auditable trail and moves policy from an easy to forget document to an active, in-workflow control.\u003C/p>",{"large":1236},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1238,"meta":1239,"component":1240,"responsiveStyles":1245},"builder-44c1a891926f4bdeaaa37e90721fe6ac",{"previousId":1119},{"name":373,"options":1241,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1242,"description":1243,"reverse":41,"image":1244},"\u003Ch2>Enforce your AI policy in the browser\u003C/h2>","\u003Cp>When an AI tool is deemed non-compliant or too risky, Push blocks it at the source. The block happens directly in the browser, preventing the user from accessing the site or submitting data. This gives you an immediate, powerful lever to stop data exfiltration and enforce a hard line on unacceptable risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa359ac1805af4e15a8a7f84632b9bb55",{"large":1246},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1248,"meta":1249,"component":1250,"responsiveStyles":1252},"builder-dcc906f9cbe54dc68b3c672668e7a38f",{"previousId":1129},{"name":354,"options":1251,"isRSC":118},{"darkMode":6},{"large":1253},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1255,"component":1256,"responsiveStyles":1258},"builder-d2d64780c31b4349bc75805b23a07e38",{"name":416,"tag":416,"options":1257,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1259},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1261,"@type":106,"tagName":131,"properties":1262,"responsiveStyles":1263},"builder-pixel-wxx9tk70r9p",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1264},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1266},{"path":37,"query":1267},{},{},1770892957225,1764950077593,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe558b8b069884037a8e6904f7ecc029c",[],{"winningTest":118,"breakpoints":1274,"originalContentId":1039,"kind":438,"lastPreviewUrl":1275,"hasLinks":6,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/shadow-ai?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=b62629ce2f3741158d961cd10fe74b31&builder.overrides.b62629ce2f3741158d961cd10fe74b31=b62629ce2f3741158d961cd10fe74b31&builder.overrides.use-case-page:/uc/shadow-ai=b62629ce2f3741158d961cd10fe74b31&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"_path":1277,"_dir":1278,"_draft":6,"_partial":6,"_locale":37,"sys":1279,"ogImage":118,"summary":1282,"title":1296,"subtitle":118,"metaTitle":1297,"synopsis":1298,"hashTags":118,"publishedDate":1299,"slug":1300,"tagsCollection":1301,"relatedBlogPostsCollection":1311,"authorsCollection":2748,"content":2756,"_id":3701,"_type":3702,"_source":3703,"_file":3704,"_stem":3705,"_extension":3702},"/blog/focus-on-account-security-to-reduce-saas-risks","blog",{"id":1280,"publishedAt":1281},"3eCWNBg1avThJNsZSwaq1y","2025-01-15T14:29:18.579Z",{"json":1283},{"data":1284,"content":1285,"nodeType":1295},{},[1286],{"data":1287,"content":1288,"nodeType":1294},{},[1289],{"data":1290,"marks":1291,"value":1292,"nodeType":1293},{},[],"You’ve probably locked down the known cloud services your company is using, but what about all those other SaaS apps people in the company are using? ","text","paragraph","document","Focus on account and identity security to reduce SaaS risks","Reduce SaaS risks by focusing on account security","You’ve probably locked down the known cloud services your company is using, but what about all those other SaaS apps people in the company are using? \n","2023-08-15T00:00:00.000Z","focus-on-account-security-to-reduce-saas-risks",{"items":1302},[1303,1307],{"sys":1304,"name":1306},{"id":1305},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"sys":1308,"name":1310},{"id":1309},"3pjES4THCIfSAwhGdNwBcy","Identity security",{"items":1312},[1313,1966],{"__typename":1314,"sys":1315,"content":1317,"title":1946,"synopsis":1947,"hashTags":118,"publishedDate":1948,"slug":1949,"tagsCollection":1950,"authorsCollection":1958},"BlogPosts",{"id":1316},"3PqX7fLrTIYhWjbEhHSRHG",{"json":1318},{"nodeType":1295,"data":1319,"content":1320},{},[1321,1333,1340,1347,1354,1362,1393,1400,1419,1426,1446,1453,1462,1603,1610,1617,1624,1677,1684,1703,1710,1717,1724,1731,1738,1745,1752,1759,1766,1774,1781,1788,1813,1820,1827,1834,1841,1848,1855,1862,1869,1876,1883,1890,1897,1904,1911,1918,1922,1929,1932,1939],{"nodeType":1294,"data":1322,"content":1323},{},[1324,1328],{"nodeType":1293,"value":1325,"marks":1326,"data":1327},"SaaS is exploding and making employees more productive than ever. If your security strategy relies on simply blocking all SaaS that hasn’t been sanctioned by your security team, you’re also blocking your coworkers from all the productivity gains that SaaS brings to the table. Not only that, but blocking through official channels doesn’t effectively stop employees from accessing the SaaS apps they want to use – you just can’t see it because they may have turned off the endpoint agent you’re using to manage SaaS policies, bypass the proxy, or change proxy settings. And now you’ve got a “Shadow IT problem!” *",[],{},{"nodeType":1293,"value":1329,"marks":1330,"data":1332},"Dread ensues*",[1331],{"type":312},{},{"nodeType":1294,"data":1334,"content":1335},{},[1336],{"nodeType":1293,"value":1337,"marks":1338,"data":1339},"Some folks even choose to block or turn off app stores to limit SaaS adoption by employees. The issue with this is that you’re blocking them from using productivity tools they want to do their work. You think you’re preventing risk (though we know employees find ways to adopt and use SaaS regardless of your controls), but you’re also restricting employees from being productive, flexible, and, frankly, you’re ticking them off. These kinds of actions widen the divide between security and the rest of the company, which is never a good thing. ",[],{},{"nodeType":1294,"data":1341,"content":1342},{},[1343],{"nodeType":1293,"value":1344,"marks":1345,"data":1346},"Stay cool, stay calm, we’ve got this. To manage SaaS, you need some sense of control over what employees are using and how they’re using it, right? By working with employees and doing the legwork to understand their needs, you can start to repair relationships there, which makes your job much easier in the long run.",[],{},{"nodeType":1294,"data":1348,"content":1349},{},[1350],{"nodeType":1293,"value":1351,"marks":1352,"data":1353},"However, before we go down the path of understanding how employees are using SaaS, you first need to know which apps they’re using.",[],{},{"nodeType":1355,"data":1356,"content":1357},"heading-1",{},[1358],{"nodeType":1293,"value":1359,"marks":1360,"data":1361},"How do I find the SaaS apps employees are actually using?",[],{},{"nodeType":1294,"data":1363,"content":1364},{},[1365,1369,1375,1379,1389],{"nodeType":1293,"value":1366,"marks":1367,"data":1368},"You can discover the apps employees are using in a couple ways: 1) manually, using the data you already have access to or, 2) using a pre-existing tool (oh hey, we have one you can ",[],{},{"nodeType":1293,"value":1370,"marks":1371,"data":1374},"use for free",[1372],{"type":1373},"underline",{},{"nodeType":1293,"value":1376,"marks":1377,"data":1378},"). We wrote a ",[],{},{"nodeType":1380,"data":1381,"content":1383},"hyperlink",{"uri":1382},"https://pushsecurity.com/blog/rolling-your-own-saas-discovery/",[1384],{"nodeType":1293,"value":1385,"marks":1386,"data":1388},"guide",[1387],{"type":1373},{},{"nodeType":1293,"value":1390,"marks":1391,"data":1392}," about how you might do the manual approach for SaaS discovery, though fair warning… this manual effort isn’t for the faint of heart.",[],{},{"nodeType":1294,"data":1394,"content":1395},{},[1396],{"nodeType":1293,"value":1397,"marks":1398,"data":1399},"For the purposes of this guide, we’re going to assume you’ve taken care of the SaaS discovery process already and you’re now facing a list of SaaS - potentially a very large one - you didn’t know employees were using. ",[],{},{"nodeType":1294,"data":1401,"content":1402},{},[1403,1407,1415],{"nodeType":1293,"value":1404,"marks":1405,"data":1406},"If you haven’t discovered the unknown SaaS in your organization, we suggest you ",[],{},{"nodeType":1380,"data":1408,"content":1410},{"uri":1409},"https://login.pushsecurity.com/u/signup",[1411],{"nodeType":1293,"value":1412,"marks":1413,"data":1414},"sign up",[],{},{"nodeType":1293,"value":1416,"marks":1417,"data":1418},", let us do the heavy lifting for you to discover SaaS, then use that list as a starting point for this next phase of the process…",[],{},{"nodeType":1355,"data":1420,"content":1421},{},[1422],{"nodeType":1293,"value":1423,"marks":1424,"data":1425},"I’ve found some SaaS apps I didn’t know about. Now what?",[],{},{"nodeType":1294,"data":1427,"content":1428},{},[1429,1433,1442],{"nodeType":1293,"value":1430,"marks":1431,"data":1432},"You’ve found the apps (hooray!), so now you’re on the hook to figure out what risks those apps might pose to the company (wasn’t ignorance bliss?). Does it help to know that most organizations find a large list of unknown apps so you’re not alone? A ",[],{},{"nodeType":1380,"data":1434,"content":1436},{"uri":1435},"https://track.g2.com/resources/shadow-it-statistics",[1437],{"nodeType":1293,"value":1438,"marks":1439,"data":1441},"report",[1440],{"type":1373},{},{"nodeType":1293,"value":1443,"marks":1444,"data":1445}," from G2 Crowd stated that the average company has 975 unknown cloud services and that 67% of teams have introduced their own collaboration tools into an organization.",[],{},{"nodeType":1294,"data":1447,"content":1448},{},[1449],{"nodeType":1293,"value":1450,"marks":1451,"data":1452},"Even though you’re not alone, you still need to protect employee and company data from unnecessary third-party risk. Here’s a quick rundown of what you need to do next to get a handle on SaaS without restricting its use.",[],{},{"nodeType":1454,"data":1455,"content":1461},"embedded-entry-block",{"target":1456},{"sys":1457},{"id":1458,"type":1459,"linkType":1460},"TgFACpcpdooMuPLPXvlk4","Link","Entry",[],{"nodeType":1463,"data":1464,"content":1465},"ordered-list",{},[1466,1526,1541,1556,1571],{"nodeType":1467,"data":1468,"content":1469},"list-item",{},[1470,1483],{"nodeType":1294,"data":1471,"content":1472},{},[1473,1479],{"nodeType":1293,"value":1474,"marks":1475,"data":1478},"Ensure basic account security controls are in place across all SaaS. ",[1476],{"type":1477},"bold",{},{"nodeType":1293,"value":1480,"marks":1481,"data":1482},"To get at this information, you’ll need either a tool (we got you!) or you’ll need to go directly to employees to get necessary information about how they’re accessing and using SaaS. You’ll need to know:",[],{},{"nodeType":1463,"data":1484,"content":1485},{},[1486,1496,1506,1516],{"nodeType":1467,"data":1487,"content":1488},{},[1489],{"nodeType":1294,"data":1490,"content":1491},{},[1492],{"nodeType":1293,"value":1493,"marks":1494,"data":1495},"Are employees using multi-factor authentication (MFA) or two-factor authentication (2FA) where available? ",[],{},{"nodeType":1467,"data":1497,"content":1498},{},[1499],{"nodeType":1294,"data":1500,"content":1501},{},[1502],{"nodeType":1293,"value":1503,"marks":1504,"data":1505},"What about strong passwords and password policies? ",[],{},{"nodeType":1467,"data":1507,"content":1508},{},[1509],{"nodeType":1294,"data":1510,"content":1511},{},[1512],{"nodeType":1293,"value":1513,"marks":1514,"data":1515},"Are they sharing passwords across multiple apps? ",[],{},{"nodeType":1467,"data":1517,"content":1518},{},[1519],{"nodeType":1294,"data":1520,"content":1521},{},[1522],{"nodeType":1293,"value":1523,"marks":1524,"data":1525},"Are they sharing login credentials as a team - some teams will do this to stay on a free or trial tier by only having a “single” user. ",[],{},{"nodeType":1467,"data":1527,"content":1528},{},[1529],{"nodeType":1294,"data":1530,"content":1531},{},[1532,1537],{"nodeType":1293,"value":1533,"marks":1534,"data":1536},"Try to identify SaaS that is no longer needed/used and remove it. ",[1535],{"type":1477},{},{"nodeType":1293,"value":1538,"marks":1539,"data":1540},"You won't believe how quickly you build up SaaS baggage as users move to the newest hottest thing.",[],{},{"nodeType":1467,"data":1542,"content":1543},{},[1544],{"nodeType":1294,"data":1545,"content":1546},{},[1547,1552],{"nodeType":1293,"value":1548,"marks":1549,"data":1551},"Identify apps that are used to create and store data you care about. ",[1550],{"type":1477},{},{"nodeType":1293,"value":1553,"marks":1554,"data":1555},"Then prioritize them for some additional scrutiny.",[],{},{"nodeType":1467,"data":1557,"content":1558},{},[1559],{"nodeType":1294,"data":1560,"content":1561},{},[1562,1567],{"nodeType":1293,"value":1563,"marks":1564,"data":1566},"Identify apps that integrate with those core apps. ",[1565],{"type":1477},{},{"nodeType":1293,"value":1568,"marks":1569,"data":1570},"They’re also processing that same data you care about. These are usually called OAuth applications or third-party integrations like apps and bots that add functionality and features to the core app.",[],{},{"nodeType":1467,"data":1572,"content":1573},{},[1574,1590],{"nodeType":1294,"data":1575,"content":1576},{},[1577,1581,1586],{"nodeType":1293,"value":1578,"marks":1579,"data":1580},"Where your additional scrutiny identifies risks you can't live with, ",[],{},{"nodeType":1293,"value":1582,"marks":1583,"data":1585},"stop new users adopting those apps (by giving them a better alternative)",[1584],{"type":1477},{},{"nodeType":1293,"value":1587,"marks":1588,"data":1589}," and migrate existing users over to that alternative, approved app. ",[],{},{"nodeType":1463,"data":1591,"content":1592},{},[1593],{"nodeType":1467,"data":1594,"content":1595},{},[1596],{"nodeType":1294,"data":1597,"content":1598},{},[1599],{"nodeType":1293,"value":1600,"marks":1601,"data":1602},"To do this, you’ll need to look for secure alternatives to the SaaS employees are using that you have deemed too risky. This is important, albeit time-consuming. Offering an alternative sweetens the process for using more secure platforms before you outright block the bad ones. It also lets your colleagues know you’re considering their needs and not just restricting their work.",[],{},{"nodeType":1294,"data":1604,"content":1605},{},[1606],{"nodeType":1293,"value":1607,"marks":1608,"data":1609},"Beyond just the security of the technology itself, you need to ensure employees are doing their part in using the app securely. ",[],{},{"nodeType":1355,"data":1611,"content":1612},{},[1613],{"nodeType":1293,"value":1614,"marks":1615,"data":1616},"How to prioritize which apps require additional scrutiny",[],{},{"nodeType":1294,"data":1618,"content":1619},{},[1620],{"nodeType":1293,"value":1621,"marks":1622,"data":1623},"There’s no right or wrong approach for how to prioritize the apps you find during the discovery process, but we’ve found that most our customers prioritize apps based on if the app is:",[],{},{"nodeType":1625,"data":1626,"content":1627},"unordered-list",{},[1628,1638,1648,1667],{"nodeType":1467,"data":1629,"content":1630},{},[1631],{"nodeType":1294,"data":1632,"content":1633},{},[1634],{"nodeType":1293,"value":1635,"marks":1636,"data":1637},"used by many people in the company, and",[],{},{"nodeType":1467,"data":1639,"content":1640},{},[1641],{"nodeType":1294,"data":1642,"content":1643},{},[1644],{"nodeType":1293,"value":1645,"marks":1646,"data":1647},"requesting access to highly sensitive data to work or integrating with SaaS that have data you don’t want exposed. This might be a cloud drive containing all sorts of documents, a CRM that uses customer data inputs, a billing platform, an app that’s used for signing legal documents, an HR platform, etc.",[],{},{"nodeType":1467,"data":1649,"content":1650},{},[1651],{"nodeType":1294,"data":1652,"content":1653},{},[1654,1658,1663],{"nodeType":1293,"value":1655,"marks":1656,"data":1657},"one you’ve never heard of before. Larger SaaS apps built for businesses (Salesforce, Microsoft, Google, etc.) are ",[],{},{"nodeType":1293,"value":1659,"marks":1660,"data":1662},"more likely",[1661],{"type":312},{},{"nodeType":1293,"value":1664,"marks":1665,"data":1666}," to be secure than some of the smaller, newer SaaS apps who haven’t gone through the same levels of security reviews before going to market. ",[],{},{"nodeType":1467,"data":1668,"content":1669},{},[1670],{"nodeType":1294,"data":1671,"content":1672},{},[1673],{"nodeType":1293,"value":1674,"marks":1675,"data":1676},"used by high profile employees or employees with access to very sensitive corporate information (C-level executives, finance, legal, HR, etc.). ",[],{},{"nodeType":1294,"data":1678,"content":1679},{},[1680],{"nodeType":1293,"value":1681,"marks":1682,"data":1683},"For example, if you have a whole team using a single app that you’ve never heard of, add that app to the top of your priorities list for investigation. It’s likely business critical and serving a need for that team, so taking it away won’t be a good idea if you’re trying to build bridges between security and employees. Plus, more users probably means more data is stored within the app. Those users might also have integrated a lot of third-party apps or bots (OAuth) to that core application. ",[],{},{"nodeType":1294,"data":1685,"content":1686},{},[1687,1691,1699],{"nodeType":1293,"value":1688,"marks":1689,"data":1690},"Once you’ve determined which apps need investigation and prioritized them, head over to the National Cyber Security Centre’s ",[],{},{"nodeType":1380,"data":1692,"content":1694},{"uri":1693},"https://www.ncsc.gov.uk/collection/cloud/the-cloud-security-principles/lightweight-approach-to-cloud-security",[1695],{"nodeType":1293,"value":1696,"marks":1697,"data":1698},"lightweight approach to cloud security",[],{},{"nodeType":1293,"value":1700,"marks":1701,"data":1702}," article. They offer some great guidance for how to reasonably access the risk of a SaaS app with limited time and resources. ",[],{},{"nodeType":1294,"data":1704,"content":1705},{},[1706],{"nodeType":1293,"value":1707,"marks":1708,"data":1709},"A big missing piece most companies have in their SaaS security strategy, though, is that they’re not working with employees to understand how they’re using SaaS. Before you roll your eyes, hear us out…",[],{},{"nodeType":1355,"data":1711,"content":1712},{},[1713],{"nodeType":1293,"value":1714,"marks":1715,"data":1716},"Secure SaaS by working with employees",[],{},{"nodeType":1294,"data":1718,"content":1719},{},[1720],{"nodeType":1293,"value":1721,"marks":1722,"data":1723},"Remember, employees are the owners of SaaS in your company - they’ve adopted and used SaaS tools in your environment, so they know better than anyone else how they’re using it, if they’re still using it, what the additional integrations in the app offer, and what it does for them. You, as their security lead, know how to determine if they’re logging in securely, if the data the app is requesting access to is an acceptable risk, if they’ve enabled built-in common sense security features like 2FA/MFA, and if the third-party integrations they’ve added are too high risk or requesting excessive permissions.",[],{},{"nodeType":1294,"data":1725,"content":1726},{},[1727],{"nodeType":1293,"value":1728,"marks":1729,"data":1730},"By working with employees, you can get the full picture of SaaS use within the company and understand what your colleagues need and coach them to improve the security of how they’re accessing and using the tools they prefer. The problem is that it’s really difficult to do manually in a real world environment because it’s just so time-consuming to reach out to each employee and ask a series of questions to get the context you need. ",[],{},{"nodeType":1294,"data":1732,"content":1733},{},[1734],{"nodeType":1293,"value":1735,"marks":1736,"data":1737},"If an entire team is using an app you weren’t aware of, you can talk to the technical owner or administrator of the app to understand how they’re using it. What doesn’t work at scale with manual outreach, however, is understanding how securely employees are logging in and accessing SaaS. ",[],{},{"nodeType":1294,"data":1739,"content":1740},{},[1741],{"nodeType":1293,"value":1742,"marks":1743,"data":1744},"You can automate this process with the right tool, using things like ChatOps and browser notifications, and just sit back and watch as employees improve their own security over time. This is particularly useful when it comes to some of the security hygiene basics, like using strong passwords and enabling MFA, which make a significant impact on overall security posture for very little effort.",[],{},{"nodeType":1355,"data":1746,"content":1747},{},[1748],{"nodeType":1293,"value":1749,"marks":1750,"data":1751},"What will I gain from working with employees?",[],{},{"nodeType":1294,"data":1753,"content":1754},{},[1755],{"nodeType":1293,"value":1756,"marks":1757,"data":1758},"Now that you know that working directly with employees to secure SaaS isn’t a pipe dream, nor does it have to be a manual effort or a one-off security campaign, what impact should you expect from these efforts? And how do you measure that impact?",[],{},{"nodeType":1294,"data":1760,"content":1761},{},[1762],{"nodeType":1293,"value":1763,"marks":1764,"data":1765},"Here are some of the most obvious wins…",[],{},{"nodeType":1767,"data":1768,"content":1769},"heading-2",{},[1770],{"nodeType":1293,"value":1771,"marks":1772,"data":1773},"Reduce your attack surface",[],{},{"nodeType":1294,"data":1775,"content":1776},{},[1777],{"nodeType":1293,"value":1778,"marks":1779,"data":1780},"Say you discover your marketing team is using Trello to manage projects, while the sales team is using Asana. Once you have this information, you can talk to the heads of each department to see if they’ll agree on a single solution. ",[],{},{"nodeType":1294,"data":1782,"content":1783},{},[1784],{"nodeType":1293,"value":1785,"marks":1786,"data":1787},"Without management, you’re likely to wind up using multiple (often dozens) of chat, project management, calendar-sharing apps and so on within your company. The issue with this is that it opens you up to unnecessary risk, with your data being held on the systems of hundreds of third parties outside of your traditional perimeter. By connecting users to each other and consolidating the SaaS apps in your company, you can dramatically reduce your attack surface. ",[],{},{"nodeType":1294,"data":1789,"content":1790},{},[1791,1795,1804,1809],{"nodeType":1293,"value":1792,"marks":1793,"data":1794},"Similarly, removing dormant apps and accounts can have a huge impact. In a ",[],{},{"nodeType":1380,"data":1796,"content":1798},{"uri":1797},"https://productiv.com/blog/less-than-half-of-company-saas-applications-are-regularly-used-by-employees/",[1799],{"nodeType":1293,"value":1800,"marks":1801,"data":1803},"recent report",[1802],{"type":1373},{},{"nodeType":1293,"value":1805,"marks":1806,"data":1808}," ",[1807],{"type":1373},{},{"nodeType":1293,"value":1810,"marks":1811,"data":1812},"by Productiv, they found that on average only 45% of the apps an organization or its employees have an account with are regularly engaged with. That means that potentially half of your SaaS attack surface is totally unnecessary.",[],{},{"nodeType":1294,"data":1814,"content":1815},{},[1816],{"nodeType":1293,"value":1817,"marks":1818,"data":1819},"Working with employees to find out what apps they are using (and which they are no longer) will allow you to eliminate attacker opportunities to access your data or steal employee account credentials.  ",[],{},{"nodeType":1767,"data":1821,"content":1822},{},[1823],{"nodeType":1293,"value":1824,"marks":1825,"data":1826},"Reduce supply chain risk",[],{},{"nodeType":1294,"data":1828,"content":1829},{},[1830],{"nodeType":1293,"value":1831,"marks":1832,"data":1833},"Every third-party SaaS app that your employees use is a supplier and therefore contributes to your overall supply chain risk exposure. Traditionally all technology and software providers will have been reviewed by security teams to ensure that they do not present excessive risk to your organization. However, the explosion in SaaS use has made this more challenging; 1) Most organizations have a large number of SaaS suppliers and its growing, 2) SaaS suppliers are now responsible for more aspects of security than on-prem software suppliers ever were (such as infrastructure security) so there is more to review and assure. ",[],{},{"nodeType":1294,"data":1835,"content":1836},{},[1837],{"nodeType":1293,"value":1838,"marks":1839,"data":1840},"Every time a duplicate or dormant SaaS app is removed, you’re removing a supplier whose security practices and posture need assuring. This saves your security team bags of time and reduces your overall cyber risk exposure. ",[],{},{"nodeType":1294,"data":1842,"content":1843},{},[1844],{"nodeType":1293,"value":1845,"marks":1846,"data":1847},"However, for the third-parties you need to continue to work with, you’ll want to perform due diligence to make sure you aren’t exposing yourself to the risk of a supply chain attack. ",[],{},{"nodeType":1294,"data":1849,"content":1850},{},[1851],{"nodeType":1293,"value":1852,"marks":1853,"data":1854},"Before you can trust a SaaS vendor with your data, you have to be assured the vendor is committed to maintaining an appropriate security standard and has the resources and capabilities to deliver against it. And you need to know how the vendor will secure your data when it is in transit, use and at rest. Understand how the vendor secures their network, monitors for malicious activity, what they’ll do in the event of an incident, and whether they have an adequate business continuity and disaster recovery plan. ",[],{},{"nodeType":1294,"data":1856,"content":1857},{},[1858],{"nodeType":1293,"value":1859,"marks":1860,"data":1861},"To speed up the due diligence process, you might rely on the vendor providing certification of a recognized standard, such as ISO27001, which demonstrates a solid security baseline.",[],{},{"nodeType":1767,"data":1863,"content":1864},{},[1865],{"nodeType":1293,"value":1866,"marks":1867,"data":1868},"Establish security as a business enabler",[],{},{"nodeType":1294,"data":1870,"content":1871},{},[1872],{"nodeType":1293,"value":1873,"marks":1874,"data":1875},"One thing to note, if you’re removing an app, it’s always a good idea to notify the employee(s) using it and suggest secure alternatives. Security teams are often seen as a blocker to be avoided and worked around. During that conversation, you can ask them what they were using the app for and then do some research to offer an alternative option that isn’t as risky to the company. ",[],{},{"nodeType":1294,"data":1877,"content":1878},{},[1879],{"nodeType":1293,"value":1880,"marks":1881,"data":1882},"Being able to recommend useful tools that can help your colleagues with their jobs (as opposed to just saying no or blocking unsanctioned apps) is  the difference between being seen as a business enabler rather than a business blocker. Once your security team is known for promoting innovative new technology as well as managing risk, employee engagement will increase. ",[],{},{"nodeType":1767,"data":1884,"content":1885},{},[1886],{"nodeType":1293,"value":1887,"marks":1888,"data":1889},"Greater productivity and competitiveness",[],{},{"nodeType":1294,"data":1891,"content":1892},{},[1893],{"nodeType":1293,"value":1894,"marks":1895,"data":1896},"SaaS has empowered employees to self-adopt the tools that will help them do their jobs better. This is something that should be harnessed, not resisted. A more productive workforce creates a more competitive company. Security’s job is to manage the risks it introduces to a level that the business can accept, not to eliminate those risks altogether. ",[],{},{"nodeType":1294,"data":1898,"content":1899},{},[1900],{"nodeType":1293,"value":1901,"marks":1902,"data":1903},"Balancing productivity returns with cyber risk requires employees and security to work together to understand the trade-off and make the best decision for the whole organization. If you can facilitate this collaboration to make better decisions, faster as to what technology and tools your organization can safely take advantage of, then your organization will be more competitive and more successful.  ",[],{},{"nodeType":1355,"data":1905,"content":1906},{},[1907],{"nodeType":1293,"value":1908,"marks":1909,"data":1910},"You can secure SaaS without pissing off employees",[],{},{"nodeType":1294,"data":1912,"content":1913},{},[1914],{"nodeType":1293,"value":1915,"marks":1916,"data":1917},"We’ll end this blog with a single key takeaway: ",[],{},{"nodeType":1919,"data":1920,"content":1921},"hr",{},[],{"nodeType":1294,"data":1923,"content":1924},{},[1925],{"nodeType":1293,"value":1926,"marks":1927,"data":1928},"To keep employees happy and productive while still securing corporate data, you need to work with them to understand what they need and point them at the most secure SaaS alternative. ",[],{},{"nodeType":1919,"data":1930,"content":1931},{},[],{"nodeType":1294,"data":1933,"content":1934},{},[1935],{"nodeType":1293,"value":1936,"marks":1937,"data":1938},"One of the big wins that’s really hard to measure or quantify is that by working with employees, you position yourself as a business enabler. The more you know about the tools employees are choosing to use, the more you understand their needs and desires so that you can find a balanced solution.",[],{},{"nodeType":1294,"data":1940,"content":1941},{},[1942],{"nodeType":1293,"value":1943,"marks":1944,"data":1945},"We would never recommend that you just open the gates to SaaS and leave employees to sign up with wild abandon, but strictly locking down SaaS clearly doesn’t work. With more SaaS apps coming to market daily, the only approach that can scale and keep up with employees’ needs for productivity and flexibility is one that makes them part of the conversation. You’ve got to work with the SaaS users and empathize with their needs. Only then can you really create a cloud security strategy that’s going to work in the real world. With new tools that can do the heavy lifting for you, a user-powered approach finally makes sense. You got this.",[],{},"5 steps to manage the risk of unsanctioned SaaS ","Learn some lightweight ways to manage the risks SaaS introduces without relying on restrictive policies that block employees from using their preferred tools.","2022-08-11T00:00:00.000Z","manage-saas-risks-without-hindering-employees",{"items":1951},[1952,1956],{"sys":1953,"name":1955},{"id":1954},"3SA5H01UkKauuiTdt0KC6q","Shadow IT",{"sys":1957,"name":1306},{"id":1305},{"items":1959},[1960],{"fullName":1961,"firstName":1962,"jobTitle":1963,"profilePicture":1964},"Jacques Louw","Jacques","Co-founder / CRO",{"url":1965},"https://images.ctfassets.net/y1cdw1ablpvd/39m8bektV23lnCRcEq0G8h/2a08f6276a50744f1a4b499b273f6bb2/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-21.jpg",{"__typename":1314,"sys":1967,"content":1969,"title":2732,"synopsis":2733,"hashTags":118,"publishedDate":2734,"slug":2735,"tagsCollection":2736,"authorsCollection":2742},{"id":1968},"6ppEa7WXiKcgLQ9yGn7q3k",{"json":1970},{"nodeType":1295,"data":1971,"content":1972},{},[1973,1980,1987,1994,2003,2010,2016,2023,2029,2036,2043,2050,2057,2064,2071,2078,2084,2091,2107,2114,2121,2127,2134,2141,2157,2176,2183,2190,2197,2204,2211,2218,2241,2248,2255,2262,2269,2276,2283,2290,2297,2313,2346,2355,2362,2369,2376,2383,2406,2413,2420,2427,2434,2441,2448,2455,2462,2468,2475,2482,2489,2501,2508,2515,2522,2528,2535,2542,2549,2572,2579,2586,2593,2609,2616,2623,2630,2693,2699,2706,2713,2720,2726],{"nodeType":1294,"data":1974,"content":1975},{},[1976],{"nodeType":1293,"value":1977,"marks":1978,"data":1979},"Employees using a new work SaaS application used to be the final step of the software-onboarding process. ",[],{},{"nodeType":1294,"data":1981,"content":1982},{},[1983],{"nodeType":1293,"value":1984,"marks":1985,"data":1986},"Now it's the first. ",[],{},{"nodeType":1294,"data":1988,"content":1989},{},[1990],{"nodeType":1293,"value":1991,"marks":1992,"data":1993},"SaaS providers bypass IT and security and hook employees with free apps and trials. This has led to sensitive data on shadow SaaS applications that’s accessible via unmanaged cloud accounts – all those accounts that aren’t protected by SSO or logged into via social login accounts. This leads to security threats because attackers know SaaS is a blind spot for most organizations.",[],{},{"nodeType":1294,"data":1995,"content":1996},{},[1997],{"nodeType":1293,"value":1998,"marks":1999,"data":2002},"Attackers exploit this unmonitored attack surface with new takes on old techniques that are going undetected.",[2000,2001],{"type":1477},{"type":312},{},{"nodeType":1294,"data":2004,"content":2005},{},[2006],{"nodeType":1293,"value":2007,"marks":2008,"data":2009},"We’ve gone from this:",[],{},{"nodeType":1454,"data":2011,"content":2015},{"target":2012},{"sys":2013},{"id":2014,"type":1459,"linkType":1460},"1Dw4V0Fd0wI8yB6juzyWjg",[],{"nodeType":1294,"data":2017,"content":2018},{},[2019],{"nodeType":1293,"value":2020,"marks":2021,"data":2022},"To this: ",[],{},{"nodeType":1454,"data":2024,"content":2028},{"target":2025},{"sys":2026},{"id":2027,"type":1459,"linkType":1460},"61Oj6GzX4amLxEJ5fPDJCq",[],{"nodeType":1294,"data":2030,"content":2031},{},[2032],{"nodeType":1293,"value":2033,"marks":2034,"data":2035},"Security is now coming in at the end of their old software procurement process and needs to figure out how to regain control of their data. ",[],{},{"nodeType":1355,"data":2037,"content":2038},{},[2039],{"nodeType":1293,"value":2040,"marks":2041,"data":2042},"You don’t want to stop employees from adopting SaaS apps… ",[],{},{"nodeType":1294,"data":2044,"content":2045},{},[2046],{"nodeType":1293,"value":2047,"marks":2048,"data":2049},"Employees self-adopting SaaS platforms might sound like a security nightmare, but it doesn’t have to be. This actually enables employees to be more productive and your business to be more competitive. ",[],{},{"nodeType":1294,"data":2051,"content":2052},{},[2053],{"nodeType":1293,"value":2054,"marks":2055,"data":2056},"This new landscape has fundamentally changed how software is brought into the business. The days of security acting as a gatekeeper that all apps must pass through before they can touch live data are over. The market forces driving self-service apps aren’t stopping, so the security industry needs to adapt.",[],{},{"nodeType":1355,"data":2058,"content":2059},{},[2060],{"nodeType":1293,"value":2061,"marks":2062,"data":2063},"What’s the impact of self-adoption on security?",[],{},{"nodeType":1767,"data":2065,"content":2066},{},[2067],{"nodeType":1293,"value":2068,"marks":2069,"data":2070},"Loss of visibility",[],{},{"nodeType":1294,"data":2072,"content":2073},{},[2074],{"nodeType":1293,"value":2075,"marks":2076,"data":2077},"Most SaaS providers have moved to the product-led growth (PLG) model as the fastest and easiest way to get users for their apps. They want employees to start using SaaS without going through IT and security teams’ lengthy approval processes. This SaaS vendor sales model has had a massive impact on security and introduced SaaS security risks, but most security teams are unaware of the scale and scope of the problem because they can’t get necessary visibility into all the tools and apps their employees are using.",[],{},{"nodeType":1767,"data":2079,"content":2080},{},[2081],{"nodeType":1293,"value":1040,"marks":2082,"data":2083},[],{},{"nodeType":1294,"data":2085,"content":2086},{},[2087],{"nodeType":1293,"value":2088,"marks":2089,"data":2090},"This problem is often called “Shadow SaaS” and it’s also the first problem to solve -  the old adage “you can’t secure what you don’t know about” is as true in the SaaS world as it is in any other security domain.",[],{},{"nodeType":1294,"data":2092,"content":2093},{},[2094,2098,2103],{"nodeType":1293,"value":2095,"marks":2096,"data":2097},"The lack of visibility means many IT and security teams missed the explosion of SaaS apps, plugins, extensions, and integrations that make up the modern IT stack. More crucially,",[],{},{"nodeType":1293,"value":2099,"marks":2100,"data":2102}," they’ve missed the movement of company data into these apps.",[2101],{"type":312},{},{"nodeType":1293,"value":2104,"marks":2105,"data":2106}," ",[],{},{"nodeType":1767,"data":2108,"content":2109},{},[2110],{"nodeType":1293,"value":2111,"marks":2112,"data":2113},"SaaS Sprawl",[],{},{"nodeType":1294,"data":2115,"content":2116},{},[2117],{"nodeType":1293,"value":2118,"marks":2119,"data":2120},"Complicating matters further, many of these apps are duplicate, abandoned or unmanaged - an issue often called “SaaS sprawl.”",[],{},{"nodeType":1454,"data":2122,"content":2126},{"target":2123},{"sys":2124},{"id":2125,"type":1459,"linkType":1460},"5NfrrDeIPs7TE213UYly7E",[],{"nodeType":1767,"data":2128,"content":2129},{},[2130],{"nodeType":1293,"value":2131,"marks":2132,"data":2133},"Increasing incidents and impacts",[],{},{"nodeType":1294,"data":2135,"content":2136},{},[2137],{"nodeType":1293,"value":2138,"marks":2139,"data":2140},"Though security teams have lost direct visibility, they’ve not lost complete visibility and many are finding out about at least a fraction of these apps - typically by working with finance teams once employees want apps to go from free-tier to licensed plans. And all too often, security teams find out about shadow SaaS apps in the worst way possible - when something has already gone wrong and security is asked to respond to an incident on a SaaS platform.",[],{},{"nodeType":1294,"data":2142,"content":2143},{},[2144,2148,2153],{"nodeType":1293,"value":2145,"marks":2146,"data":2147},"In both cases, ",[],{},{"nodeType":1293,"value":2149,"marks":2150,"data":2152},"Security is getting visibility too late to be of much value",[2151],{"type":312},{},{"nodeType":1293,"value":2154,"marks":2155,"data":2156},". Once a team has been using an app (even on a free tier) for a year, there’s not much Security can do that will convince employees/teams to move to a more secure app. ",[],{},{"nodeType":1294,"data":2158,"content":2159},{},[2160,2166,2171],{"nodeType":1293,"value":2161,"marks":2162,"data":2165},"To change that, Security needs to intervene and get involved very early in the app adoption process ",[2163,2164],{"type":1477},{"type":312},{},{"nodeType":1293,"value":2167,"marks":2168,"data":2170},"- long before finance is involved.",[2169],{"type":312},{},{"nodeType":1293,"value":2104,"marks":2172,"data":2175},[2173,2174],{"type":1477},{"type":312},{},{"nodeType":1294,"data":2177,"content":2178},{},[2179],{"nodeType":1293,"value":2180,"marks":2181,"data":2182},"Incident Response is necessary, of course, when a SaaS account is breached, but can’t recover the lost data after attackers have had access to it. ",[],{},{"nodeType":1767,"data":2184,"content":2185},{},[2186],{"nodeType":1293,"value":2187,"marks":2188,"data":2189},"Holy S*it - there are so many apps!",[],{},{"nodeType":1294,"data":2191,"content":2192},{},[2193],{"nodeType":1293,"value":2194,"marks":2195,"data":2196},"Once teams get visibility into the scope of the Shadow SaaS and sprawl problem, they’re usually surprised by the sheer volume of apps employees have adopted. \n\nThen they realize they need to do risk assessments on dozens of apps a month instead of the dozen a year that were going through IT in the old, managed and controlled process. To deal with this massive influx of new apps, security teams feel they must either radically increase the headcount, cut corners or drastically increase acceptable risk levels for data security. Neither of these are great options.",[],{},{"nodeType":1767,"data":2198,"content":2199},{},[2200],{"nodeType":1293,"value":2201,"marks":2202,"data":2203},"This is why SSPMs and CASBs exist, right?",[],{},{"nodeType":1294,"data":2205,"content":2206},{},[2207],{"nodeType":1293,"value":2208,"marks":2209,"data":2210},"SaaS Security Posture Management (SSPMs) and Cloud Access Security Brokers (CASBs) are the most common categories of solutions meant to attack this visibility blindspot issue, but none of these tools are getting the full picture of the problem. ",[],{},{"nodeType":1294,"data":2212,"content":2213},{},[2214],{"nodeType":1293,"value":2215,"marks":2216,"data":2217},"At best, they simply chip away at the problem and make security feel like they’ve got a handle on employee-adopted SaaS. At worst, they give a false sense of security while only actually covering a small portion of the SaaS apps where business data actually lives. ",[],{},{"nodeType":1294,"data":2219,"content":2220},{},[2221,2225,2237],{"nodeType":1293,"value":2222,"marks":2223,"data":2224},"The key thing to consider about any of these solutions is what data sources they’re using to collect (typically network data, financial records, email data, application or endpoint data). We won’t dig into the full list of pros and cons of these types of tools, but we encourage you to read about them more ",[],{},{"nodeType":2226,"data":2227,"content":2231},"entry-hyperlink",{"target":2228},{"sys":2229},{"id":2230,"type":1459,"linkType":1460},"45iZ69EdPF4629gZ6yf7p5",[2232],{"nodeType":1293,"value":2233,"marks":2234,"data":2236},"here",[2235],{"type":1373},{},{"nodeType":1293,"value":2238,"marks":2239,"data":2240},". ",[],{},{"nodeType":1294,"data":2242,"content":2243},{},[2244],{"nodeType":1293,"value":2245,"marks":2246,"data":2247},"SSPM tools typically don’t do SaaS discovery - they don’t find apps employees log into, but they do tackle the application hardening and monitoring problem because they focus on policy enforcement and log-monitoring through APIs. ",[],{},{"nodeType":1294,"data":2249,"content":2250},{},[2251],{"nodeType":1293,"value":2252,"marks":2253,"data":2254},"Both SSPMs and CASBs make sense logically as a way to regain control of the situation. But we’d like to challenge the thinking that regaining control has to mean enforcing rigid security policies and restricting app access. ",[],{},{"nodeType":1355,"data":2256,"content":2257},{},[2258],{"nodeType":1293,"value":2259,"marks":2260,"data":2261},"Adjust your thinking to secure SaaS",[],{},{"nodeType":1767,"data":2263,"content":2264},{},[2265],{"nodeType":1293,"value":2266,"marks":2267,"data":2268},"Resist the temptation to revert to the old ways ",[],{},{"nodeType":1294,"data":2270,"content":2271},{},[2272],{"nodeType":1293,"value":2273,"marks":2274,"data":2275},"When the idea of the options above proves daunting or impossible, Security often tries to revert to the old process - putting security measures in place to regain the ability to set the pace of adoption by re-establishing the gate. ",[],{},{"nodeType":1294,"data":2277,"content":2278},{},[2279],{"nodeType":1293,"value":2280,"marks":2281,"data":2282},"Practically, this means that you’re deploying technical controls to try block all SaaS apps until they are approved (and marked as allowed) by IT or Security. Technically, this makes total sense. But the unforeseen consequence is that it positions Security as blockers (aka the “Department of No”) and puts them at odds with the rest of the business, rather than working towards a shared goal. ",[],{},{"nodeType":1767,"data":2284,"content":2285},{},[2286],{"nodeType":1293,"value":2287,"marks":2288,"data":2289},"Why being the “Department of No” doesn’t work ",[],{},{"nodeType":1294,"data":2291,"content":2292},{},[2293],{"nodeType":1293,"value":2294,"marks":2295,"data":2296},"This block-everything-until-security-approves-it position requires incredible executive support to maintain. For all but the most risk-sensitive organizations (read .gov), this position also normalizes employee behavior to bypass Security in favor of working quickly and effectively. ",[],{},{"nodeType":1294,"data":2298,"content":2299},{},[2300,2304,2309],{"nodeType":1293,"value":2301,"marks":2302,"data":2303},"In the end, Security actually ",[],{},{"nodeType":1293,"value":2305,"marks":2306,"data":2308},"loses visibility",[2307],{"type":312},{},{"nodeType":1293,"value":2310,"marks":2311,"data":2312}," into employee SaaS use and effectively loses control, rather than locking it down. On behalf of all the employees out there, I want to make a point to say employees aren’t trying to break rules Security put in place, they’re just trying to get their jobs done, and might try and find ways around things they see as unreasonably slowing them down or preventing them from reaching their targets. Seen in this light, it’s no surprise that:",[],{},{"nodeType":1625,"data":2314,"content":2315},{},[2316,2326,2336],{"nodeType":1467,"data":2317,"content":2318},{},[2319],{"nodeType":1294,"data":2320,"content":2321},{},[2322],{"nodeType":1293,"value":2323,"marks":2324,"data":2325},"If you block websites, employees bypass network controls, ",[],{},{"nodeType":1467,"data":2327,"content":2328},{},[2329],{"nodeType":1294,"data":2330,"content":2331},{},[2332],{"nodeType":1293,"value":2333,"marks":2334,"data":2335},"if you block social logins, employees use passwords, ",[],{},{"nodeType":1467,"data":2337,"content":2338},{},[2339],{"nodeType":1294,"data":2340,"content":2341},{},[2342],{"nodeType":1293,"value":2343,"marks":2344,"data":2345},"if you stop them using work devices to sign up to apps, they use personal devices.",[],{},{"nodeType":1294,"data":2347,"content":2348},{},[2349],{"nodeType":1293,"value":2350,"marks":2351,"data":2354},"Each blocking action leads to a worse security outcome and blinds the security team further - losing control rather than regaining it.",[2352,2353],{"type":1477},{"type":312},{},{"nodeType":1294,"data":2356,"content":2357},{},[2358],{"nodeType":1293,"value":2359,"marks":2360,"data":2361},"You can attempt to delay this process by blocking, or you can adapt.",[],{},{"nodeType":1767,"data":2363,"content":2364},{},[2365],{"nodeType":1293,"value":2366,"marks":2367,"data":2368},"Don’t worry, there’s a better way, but you must adapt your thinking",[],{},{"nodeType":1294,"data":2370,"content":2371},{},[2372],{"nodeType":1293,"value":2373,"marks":2374,"data":2375},"The first thing we need to do as an industry is agree that we don’t want to be the blockers. We don’t want to stop employees from self-adopting apps. We understand they are best placed to find and select the tools that are going to allow them to be more productive and help your company succeed. ",[],{},{"nodeType":1294,"data":2377,"content":2378},{},[2379],{"nodeType":1293,"value":2380,"marks":2381,"data":2382},"We need to:",[],{},{"nodeType":1625,"data":2384,"content":2385},{},[2386,2396],{"nodeType":1467,"data":2387,"content":2388},{},[2389],{"nodeType":1294,"data":2390,"content":2391},{},[2392],{"nodeType":1293,"value":2393,"marks":2394,"data":2395},"embrace SaaS app self-adoption, and ",[],{},{"nodeType":1467,"data":2397,"content":2398},{},[2399],{"nodeType":1294,"data":2400,"content":2401},{},[2402],{"nodeType":1293,"value":2403,"marks":2404,"data":2405},"stop asking employees to adapt to fit our legacy processes. ",[],{},{"nodeType":1294,"data":2407,"content":2408},{},[2409],{"nodeType":1293,"value":2410,"marks":2411,"data":2412},"Security can no longer be a gate with a default stance of “No, until.” Instead Security needs to be a partner that says “Yes, unless.”",[],{},{"nodeType":1767,"data":2414,"content":2415},{},[2416],{"nodeType":1293,"value":2417,"marks":2418,"data":2419},"From the “Department of No” to the “Department of Yes, Unless?”",[],{},{"nodeType":1294,"data":2421,"content":2422},{},[2423],{"nodeType":1293,"value":2424,"marks":2425,"data":2426},"To adapt to this new SaaS-first world, security must move from saying “No, until we’ve had time to fully vet and onboard this app officially” to “Yes! You can use that app, unless we quickly identify security risks that outweigh the value of the tool.”",[],{},{"nodeType":1294,"data":2428,"content":2429},{},[2430],{"nodeType":1293,"value":2431,"marks":2432,"data":2433},"We know this is deeply uncomfortable for many security practitioners, but it will lead to a better long-term outcome.",[],{},{"nodeType":1355,"data":2435,"content":2436},{},[2437],{"nodeType":1293,"value":2438,"marks":2439,"data":2440},"How to regain control of the SaaS explosion",[],{},{"nodeType":1767,"data":2442,"content":2443},{},[2444],{"nodeType":1293,"value":2445,"marks":2446,"data":2447},"Step 1: Understand how employees typically test drive and eventually adopt SaaS",[],{},{"nodeType":1294,"data":2449,"content":2450},{},[2451],{"nodeType":1293,"value":2452,"marks":2453,"data":2454},"Obviously, self-adoption of SaaS is fundamentally different to IT/Security adopted and managed from a risk perspective. With SaaS, there’s no giant commitment upfront. Apps don’t (usually) just go from unknown and unused to adopted in a day. Just like adopting software was a process for Security and IT back in the day, employees follow a (less rigid) process with SaaS - from testing > to using > to finding value > to inviting teammates, etc. ",[],{},{"nodeType":1294,"data":2456,"content":2457},{},[2458],{"nodeType":1293,"value":2459,"marks":2460,"data":2461},"The risk grows as we proceed through the adoption process as employees add more data into the app and integrate it with other apps. The workflow below outlines a fairly typical SaaS testing and adopting process for employees:",[],{},{"nodeType":1454,"data":2463,"content":2467},{"target":2464},{"sys":2465},{"id":2466,"type":1459,"linkType":1460},"2nzyuXDxjBGZN0YMvskGak",[],{"nodeType":1767,"data":2469,"content":2470},{},[2471],{"nodeType":1293,"value":2472,"marks":2473,"data":2474},"Step 2: Get involved early to have a real security impact",[],{},{"nodeType":1294,"data":2476,"content":2477},{},[2478],{"nodeType":1293,"value":2479,"marks":2480,"data":2481},"The upside for Security is that because SaaS adoption is a process over time, we can use that time to assess the risk of the app before it’s fully adopted, as long as we know about the app from the start. ",[],{},{"nodeType":1294,"data":2483,"content":2484},{},[2485],{"nodeType":1293,"value":2486,"marks":2487,"data":2488},"The goal is to catch those apps that are high risk, either because the data going into them (or that will be) is high risk or because the app can perform some high-risk action (like managing your inventory or sending emails to customers or your behalf). Security can focus their efforts on these high-risk vendors and apps to make sure they can be trusted with their data. ",[],{},{"nodeType":1294,"data":2490,"content":2491},{},[2492,2496],{"nodeType":1293,"value":2493,"marks":2494,"data":2495},"But this is key: ",[],{},{"nodeType":1293,"value":2497,"marks":2498,"data":2500},"Security needs to get involved early in the adoption process. ",[2499],{"type":312},{},{"nodeType":1767,"data":2502,"content":2503},{},[2504],{"nodeType":1293,"value":2505,"marks":2506,"data":2507},"Step 3: Get real-time visibility into SaaS apps and risks as employees sign up for them",[],{},{"nodeType":1294,"data":2509,"content":2510},{},[2511],{"nodeType":1293,"value":2512,"marks":2513,"data":2514},"You guessed it - Push can help!",[],{},{"nodeType":1294,"data":2516,"content":2517},{},[2518],{"nodeType":1293,"value":2519,"marks":2520,"data":2521},"We detect employees signing up to new apps and integrating third-party apps to your core work platforms in real-time. That allows you to step in at the earliest opportunity to vet the app for critical issues and guide the employee through the appropriate app onboarding steps. This allows you to focus on the new stuff and buy yourself time. ",[],{},{"nodeType":1454,"data":2523,"content":2527},{"target":2524},{"sys":2525},{"id":2526,"type":1459,"linkType":1460},"1hqMZl60NhvhHIfnO7FttV",[],{"nodeType":1767,"data":2529,"content":2530},{},[2531],{"nodeType":1293,"value":2532,"marks":2533,"data":2534},"Step 4: Avoid wasting time on false-positives",[],{},{"nodeType":1294,"data":2536,"content":2537},{},[2538],{"nodeType":1293,"value":2539,"marks":2540,"data":2541},"You need to trust your data if you want to take action based on the visibility you have of what apps employees are using and how they’re using them. Doing risk assessments or chasing employees about apps they’re not using wastes time and burns goodwill. ",[],{},{"nodeType":1294,"data":2543,"content":2544},{},[2545],{"nodeType":1293,"value":2546,"marks":2547,"data":2548},"Good data allows you to:",[],{},{"nodeType":1625,"data":2550,"content":2551},{},[2552,2562],{"nodeType":1467,"data":2553,"content":2554},{},[2555],{"nodeType":1294,"data":2556,"content":2557},{},[2558],{"nodeType":1293,"value":2559,"marks":2560,"data":2561},"Quickly and accurately identify new SaaS apps and integrations as employees adopt them. ",[],{},{"nodeType":1467,"data":2563,"content":2564},{},[2565],{"nodeType":1294,"data":2566,"content":2567},{},[2568],{"nodeType":1293,"value":2569,"marks":2570,"data":2571},"Identify the security issues that attackers can exploit to compromise your data through common attacks like Credential Stuffing. ",[],{},{"nodeType":1767,"data":2573,"content":2574},{},[2575],{"nodeType":1293,"value":2576,"marks":2577,"data":2578},"Step 5: Use Browser extension data to get the most accurate and useful data for SaaS visibility and risk ",[],{},{"nodeType":1294,"data":2580,"content":2581},{},[2582],{"nodeType":1293,"value":2583,"marks":2584,"data":2585},"Push collects data directly from the app using a browser extension, rather than guessing possible use from other sources like network traffic or email. ",[],{},{"nodeType":1294,"data":2587,"content":2588},{},[2589],{"nodeType":1293,"value":2590,"marks":2591,"data":2592},"That makes Push the only SaaS security solution that can directly observe all SaaS use and the only solution that can identify account security issues across hundreds of apps - completely automatically. ",[],{},{"nodeType":1294,"data":2594,"content":2595},{},[2596,2600,2605],{"nodeType":1293,"value":2597,"marks":2598,"data":2599},"No need for API support, no need for an admin account. It just works. For ",[],{},{"nodeType":1293,"value":2601,"marks":2602,"data":2604},"all",[2603],{"type":1477},{},{"nodeType":1293,"value":2606,"marks":2607,"data":2608}," your SaaS.",[],{},{"nodeType":1767,"data":2610,"content":2611},{},[2612],{"nodeType":1293,"value":2613,"marks":2614,"data":2615},"Step 6: Identify account security risks and discover shadow SaaS at the same time",[],{},{"nodeType":1294,"data":2617,"content":2618},{},[2619],{"nodeType":1293,"value":2620,"marks":2621,"data":2622},"Of course you need to start by discovering SaaS and getting a reliable inventory - but this on its own won’t stop accounts on those apps from getting breached. The most common way SaaS accounts are breached is through attacks like credential stuffing that target weak, breached or shared passwords on accounts that don’t have MFA enabled. ",[],{},{"nodeType":1294,"data":2624,"content":2625},{},[2626],{"nodeType":1293,"value":2627,"marks":2628,"data":2629},"Push can identify account security issues to prevent these common attacks. These include:",[],{},{"nodeType":1625,"data":2631,"content":2632},{},[2633,2643,2653,2663,2673,2683],{"nodeType":1467,"data":2634,"content":2635},{},[2636],{"nodeType":1294,"data":2637,"content":2638},{},[2639],{"nodeType":1293,"value":2640,"marks":2641,"data":2642},"Compromised passwords",[],{},{"nodeType":1467,"data":2644,"content":2645},{},[2646],{"nodeType":1294,"data":2647,"content":2648},{},[2649],{"nodeType":1293,"value":2650,"marks":2651,"data":2652},"Guessable passwords",[],{},{"nodeType":1467,"data":2654,"content":2655},{},[2656],{"nodeType":1294,"data":2657,"content":2658},{},[2659],{"nodeType":1293,"value":2660,"marks":2661,"data":2662},"Account-sharing between multiple employees",[],{},{"nodeType":1467,"data":2664,"content":2665},{},[2666],{"nodeType":1294,"data":2667,"content":2668},{},[2669],{"nodeType":1293,"value":2670,"marks":2671,"data":2672},"Sharing passwords across multiple accounts",[],{},{"nodeType":1467,"data":2674,"content":2675},{},[2676],{"nodeType":1294,"data":2677,"content":2678},{},[2679],{"nodeType":1293,"value":2680,"marks":2681,"data":2682},"Missing MFA",[],{},{"nodeType":1467,"data":2684,"content":2685},{},[2686],{"nodeType":1294,"data":2687,"content":2688},{},[2689],{"nodeType":1293,"value":2690,"marks":2691,"data":2692},"Password manager use",[],{},{"nodeType":1454,"data":2694,"content":2698},{"target":2695},{"sys":2696},{"id":2697,"type":1459,"linkType":1460},"3hR2N6WoP5WDyD6O6zdJP1",[],{"nodeType":1294,"data":2700,"content":2701},{},[2702],{"nodeType":1293,"value":2703,"marks":2704,"data":2705},"We identify these issues at the same time we discover shadow SaaS apps, so you can tackle account compromise at the same time as SaaS discovery to reduce your SaaS security risk exposure faster.",[],{},{"nodeType":1767,"data":2707,"content":2708},{},[2709],{"nodeType":1293,"value":2710,"marks":2711,"data":2712},"Step 7: Automatically reduce the risks we find by engaging employees",[],{},{"nodeType":1294,"data":2714,"content":2715},{},[2716],{"nodeType":1293,"value":2717,"marks":2718,"data":2719},"How do we actually reduce the risks? We engage employees directly via Slack or MS Teams, explain the account security issue we’ve identified in a way they’ll understand, and help them understand how it’s putting them and the business at risk. Then we guide them on how to fix it.",[],{},{"nodeType":1454,"data":2721,"content":2725},{"target":2722},{"sys":2723},{"id":2724,"type":1459,"linkType":1460},"7Hgf81IlfZKoUMOp26ZXmq",[],{"nodeType":1294,"data":2727,"content":2728},{},[2729],{"nodeType":1293,"value":37,"marks":2730,"data":2731},[],{},"7 Steps to secure your data across shadow SaaS apps","Attackers commonly target SaaS apps because they know employees sign up without running them past IT first. Learn how to adjust to secure your data.\n","2023-06-26T00:00:00.000Z","3-steps-to-secure-your-data-across-shadow-saas-apps",{"items":2737},[2738,2740],{"sys":2739,"name":1955},{"id":1954},{"sys":2741,"name":1306},{"id":1305},{"items":2743},[2744],{"fullName":2745,"firstName":2745,"jobTitle":118,"profilePicture":2746},"The Push Team",{"url":2747},"https://images.ctfassets.net/y1cdw1ablpvd/7xpR9kiHAQWtZBj2rpOmmU/052ddfbb96afb37962278062047ab16d/Twitter_Linkedin_icon_white.png",{"items":2749},[2750],{"fullName":2751,"firstName":2752,"jobTitle":2753,"profilePicture":2754},"Sally Soulliere","Sally","Head of Brand & Content",{"url":2755},"https://images.ctfassets.net/y1cdw1ablpvd/7Gh4SbbEj6Zsbd6OzGto8Q/885041a4ddeccc5ef3045c0e22975ef4/T016S22KZ96-U036FPETQRH-330f87708d26-192.jpeg",{"json":2757,"links":3617},{"nodeType":1295,"data":2758,"content":2759},{},[2760,2767,2774,2779,2812,2819,2826,2846,2853,2860,2867,2886,2892,2899,2912,2919,2926,2933,2939,2962,2969,2976,2983,2990,2997,3004,3022,3030,3046,3053,3059,3080,3110,3126,3152,3159,3166,3173,3180,3187,3194,3201,3252,3259,3289,3334,3409,3416,3423,3430,3437,3444,3451,3458,3465,3471,3478,3485,3505,3512,3519,3526,3532,3539,3546,3553,3560,3583,3590,3596],{"nodeType":1294,"data":2761,"content":2762},{},[2763],{"nodeType":1293,"value":2764,"marks":2765,"data":2766},"If you’re working in security, you know you’re on the hook to secure all the assets in your organization’s attack surface – including cloud and SaaS applications. But with employees signing up and adopting SaaS applications without your oversight, the scale of your attack surface has blown up without you even knowing it - leading to a huge increase in SaaS security risks. ",[],{},{"nodeType":1294,"data":2768,"content":2769},{},[2770],{"nodeType":1293,"value":2771,"marks":2772,"data":2773},"You’ve probably locked down the known cloud services and cloud apps your company is using (Google Workspace, Microsoft 365, etc.) and you have policies you’re already enforcing for how employees log into, access, and input sensitive data into cloud platforms like Salesforce and Hubspot. \n\nBut what about all those other SaaS applications people in the company are using? Those apps make up a significant part of your attack surface. ",[],{},{"nodeType":1454,"data":2775,"content":2778},{"target":2776},{"sys":2777},{"id":2125,"type":1459,"linkType":1460},[],{"nodeType":1294,"data":2780,"content":2781},{},[2782,2786,2795,2799,2808],{"nodeType":1293,"value":2783,"marks":2784,"data":2785},"You need visibility into all those apps as the first step. We ",[],{},{"nodeType":2226,"data":2787,"content":2790},{"target":2788},{"sys":2789},{"id":1316,"type":1459,"linkType":1460},[2791],{"nodeType":1293,"value":2792,"marks":2793,"data":2794},"can help there",[],{},{"nodeType":1293,"value":2796,"marks":2797,"data":2798}," and there are some ",[],{},{"nodeType":2226,"data":2800,"content":2803},{"target":2801},{"sys":2802},{"id":2230,"type":1459,"linkType":1460},[2804],{"nodeType":1293,"value":2805,"marks":2806,"data":2807},"semi-hacky ways",[],{},{"nodeType":1293,"value":2809,"marks":2810,"data":2811}," you can even get this visibility on your own. ",[],{},{"nodeType":1355,"data":2813,"content":2814},{},[2815],{"nodeType":1293,"value":2816,"marks":2817,"data":2818},"I found all these shadow SaaS apps, now what?",[],{},{"nodeType":1294,"data":2820,"content":2821},{},[2822],{"nodeType":1293,"value":2823,"marks":2824,"data":2825},"Once you get the list of (likely hundreds) of SaaS applications employees have been using that you weren’t aware of, you’re probably then thinking about the next daunting task - how do I secure all these shadow SaaS or shadow IT assets across your SaaS attack surface to manage SaaS security risks?",[],{},{"nodeType":1294,"data":2827,"content":2828},{},[2829,2833,2842],{"nodeType":1293,"value":2830,"marks":2831,"data":2832},"That’s where the ",[],{},{"nodeType":1380,"data":2834,"content":2836},{"uri":2835},"https://www.ncsc.gov.uk/collection/cloud/understanding-cloud-services/cloud-security-shared-responsibility-model",[2837],{"nodeType":1293,"value":2838,"marks":2839,"data":2841},"shared responsibility model ",[2840],{"type":1373},{},{"nodeType":1293,"value":2843,"marks":2844,"data":2845},"comes into play. You’re not on the hook to take on every aspect of SaaS security, so let’s do a walkthrough of this model and we’ll help you hone in on where you can make the most impact when it comes to securing your sensitive data with every third-party SaaS vendor.",[],{},{"nodeType":1767,"data":2847,"content":2848},{},[2849],{"nodeType":1293,"value":2850,"marks":2851,"data":2852},"SaaS allows you to offload some operational security",[],{},{"nodeType":1294,"data":2854,"content":2855},{},[2856],{"nodeType":1293,"value":2857,"marks":2858,"data":2859},"You’re undoubtedly resource strapped, so using SaaS apps is a great way to delegate as many operational security tasks as possible to the cloud provider.",[],{},{"nodeType":1294,"data":2861,"content":2862},{},[2863],{"nodeType":1293,"value":2864,"marks":2865,"data":2866},"The shared-responsibility model shows you your responsibilities as the customer and which the cloud provider owns - this is one of the reasons SaaS is taking over the world.   ",[],{},{"nodeType":1294,"data":2868,"content":2869},{},[2870,2874,2882],{"nodeType":1293,"value":2871,"marks":2872,"data":2873},"The following table produced by the ",[],{},{"nodeType":1380,"data":2875,"content":2876},{"uri":2835},[2877],{"nodeType":1293,"value":2878,"marks":2879,"data":2881},"National Cyber Security Centre",[2880],{"type":1373},{},{"nodeType":1293,"value":2883,"marks":2884,"data":2885}," (NCSC) shows how much of the balance of security responsibility is outsourced to the SaaS provider. For reference, IaaS = infrastructure-as-a-service; PaaS = platform-as-a-service; SaaS = software-as-a-service:",[],{},{"nodeType":1454,"data":2887,"content":2891},{"target":2888},{"sys":2889},{"id":2890,"type":1459,"linkType":1460},"17rMTpxgCAU5ropjkGIIjK",[],{"nodeType":1294,"data":2893,"content":2894},{},[2895],{"nodeType":1293,"value":2896,"marks":2897,"data":2898},"This table shows that in the SaaS model, you’re delegating a lot of responsibility for security to the vendor, which is great because it reduces the burden on your security team and SaaS providers are certainly best placed to secure their software. ",[],{},{"nodeType":1294,"data":2900,"content":2901},{},[2902,2908],{"nodeType":1293,"value":2903,"marks":2904,"data":2907},"However, this requires far greater trust in SaaS providers. ",[2905,2906],{"type":312},{"type":1477},{},{"nodeType":1293,"value":2909,"marks":2910,"data":2911},"Even so, this is a net positive trade off for most organizations.",[],{},{"nodeType":1294,"data":2913,"content":2914},{},[2915],{"nodeType":1293,"value":2916,"marks":2917,"data":2918},"While we’re offloading a lot to SaaS providers, we aren’t offloading everything. You still need to take care of your responsibilities, even though they’re now quite limited.",[],{},{"nodeType":1355,"data":2920,"content":2921},{},[2922],{"nodeType":1293,"value":2923,"marks":2924,"data":2925},"How to handle your responsibilities for managing SaaS risks in your company ",[],{},{"nodeType":1294,"data":2927,"content":2928},{},[2929],{"nodeType":1293,"value":2930,"marks":2931,"data":2932},"So, how do you go about handling these two responsibilities highlighted in the table below?",[],{},{"nodeType":1454,"data":2934,"content":2938},{"target":2935},{"sys":2936},{"id":2937,"type":1459,"linkType":1460},"4jeDpoYQzPmg5TFApeopSA",[],{"nodeType":1463,"data":2940,"content":2941},{},[2942,2952],{"nodeType":1467,"data":2943,"content":2944},{},[2945],{"nodeType":1294,"data":2946,"content":2947},{},[2948],{"nodeType":1293,"value":2949,"marks":2950,"data":2951},"Configuration of the SaaS app ",[],{},{"nodeType":1467,"data":2953,"content":2954},{},[2955],{"nodeType":1294,"data":2956,"content":2957},{},[2958],{"nodeType":1293,"value":2959,"marks":2960,"data":2961},"Manage identity and access controls provided by the app.",[],{},{"nodeType":1767,"data":2963,"content":2964},{},[2965],{"nodeType":1293,"value":2966,"marks":2967,"data":2968},"Configuration of the SaaS app",[],{},{"nodeType":1294,"data":2970,"content":2971},{},[2972],{"nodeType":1293,"value":2973,"marks":2974,"data":2975},"The way application configuration is presented in the NCSC table above is a bit of a red herring for the apps your employees will be self-adopting. The vast majority of SaaS apps (and especially self-adopted apps) allow very little, if any, security relevant configuration. ",[],{},{"nodeType":1294,"data":2977,"content":2978},{},[2979],{"nodeType":1293,"value":2980,"marks":2981,"data":2982},"Sure, the big core apps like Salesforce, Google Workspace, Microsoft 365 do (and often require a dedicated team or partner to run them), but they are highly unlikely to be self-adopted by employees. ",[],{},{"nodeType":1294,"data":2984,"content":2985},{},[2986],{"nodeType":1293,"value":2987,"marks":2988,"data":2989},"The issues that are likely to lead to a compromise are more likely to be related to the individual accounts on the app, rather than the app configuration - so in practice there may be little to do in terms of hardening most self-managed apps.",[],{},{"nodeType":1767,"data":2991,"content":2992},{},[2993],{"nodeType":1293,"value":2994,"marks":2995,"data":2996},"Manage identity and access controls, like MFA, provided by the app\n",[],{},{"nodeType":1294,"data":2998,"content":2999},{},[3000],{"nodeType":1293,"value":3001,"marks":3002,"data":3003},"You have a few options for handling this one. We’ll go through the key areas below:",[],{},{"nodeType":1463,"data":3005,"content":3006},{},[3007],{"nodeType":1467,"data":3008,"content":3009},{},[3010],{"nodeType":1294,"data":3011,"content":3012},{},[3013,3018],{"nodeType":1293,"value":3014,"marks":3015,"data":3017},"SSO",[3016],{"type":1477},{},{"nodeType":1293,"value":3019,"marks":3020,"data":3021},": Better yet, if there’s a way to tuck the app behind SSO, do it! SAML SSO is the ideal, gold standard solution for managing your SaaS security risks. The big issue is that very, very few apps, particularly the smaller ones most of the employees in your company will be signing up for, offer SSO integrations. ",[],{},{"nodeType":1294,"data":3023,"content":3024},{},[3025],{"nodeType":1293,"value":3026,"marks":3027,"data":3029},"When we looked at the apps we cover, only 30% of them offered SAML SSO integrations. ",[3028],{"type":1477},{},{"nodeType":1294,"data":3031,"content":3032},{},[3033,3037,3042],{"nodeType":1293,"value":3034,"marks":3035,"data":3036},"Making things worse, of those few apps that ",[],{},{"nodeType":1293,"value":3038,"marks":3039,"data":3041},"did ",[3040],{"type":312},{},{"nodeType":1293,"value":3043,"marks":3044,"data":3045},"offer SAML SSO as a feature, they offered it as a paid feature that you can only access at a high pricing tier, typically Enterprise or the highest pricing tier. Many more apps offer social logins (aka OIDC SSO), and while this is not quite as good as SAML, for most organizations this is a far better option compared to local passwords for each SaaS app!",[],{},{"nodeType":1294,"data":3047,"content":3048},{},[3049],{"nodeType":1293,"value":3050,"marks":3051,"data":3052},"You’ve probably heard mutterings about this before and it’s even got its own site, called SSO tax, which gives you a sense of the huge number of apps without SSO integrations. See a screenshot of the site below:",[],{},{"nodeType":1454,"data":3054,"content":3058},{"target":3055},{"sys":3056},{"id":3057,"type":1459,"linkType":1460},"71LeJlkZLWAr2rMN7Izam3",[],{"nodeType":1294,"data":3060,"content":3061},{},[3062,3066,3076],{"nodeType":1293,"value":3063,"marks":3064,"data":3065},"At the moment, this means SAML SSO isn’t a practical option for most apps. We wrote much more on this ",[],{},{"nodeType":2226,"data":3067,"content":3071},{"target":3068},{"sys":3069},{"id":3070,"type":1459,"linkType":1460},"tkUfN6TKuYyVNYDpsGWrE",[3072],{"nodeType":1293,"value":2233,"marks":3073,"data":3075},[3074],{"type":1373},{},{"nodeType":1293,"value":3077,"marks":3078,"data":3079}," as well.",[],{},{"nodeType":1294,"data":3081,"content":3082},{},[3083,3087,3092,3096,3106],{"nodeType":1293,"value":3084,"marks":3085,"data":3086},"2.",[],{},{"nodeType":1293,"value":3088,"marks":3089,"data":3091}," Encourage the other type of SSO — social logins",[3090],{"type":1477},{},{"nodeType":1293,"value":3093,"marks":3094,"data":3095},": It's also smart to make your policy towards OIDC SSO a.k.a. Social Logins (“login with Google” or “login with Microsoft”) clear. Our advice is you should prefer social logins over usernames and passwords wherever possible. Read more about that ",[],{},{"nodeType":2226,"data":3097,"content":3101},{"target":3098},{"sys":3099},{"id":3100,"type":1459,"linkType":1460},"1pbtctbbJRqLuz8dOsecOt",[3102],{"nodeType":1293,"value":2233,"marks":3103,"data":3105},[3104],{"type":1373},{},{"nodeType":1293,"value":3107,"marks":3108,"data":3109},".",[],{},{"nodeType":1294,"data":3111,"content":3112},{},[3113,3117,3122],{"nodeType":1293,"value":3114,"marks":3115,"data":3116},"3.",[],{},{"nodeType":1293,"value":3118,"marks":3119,"data":3121}," Employee trainings and education: ",[3120],{"type":1477},{},{"nodeType":1293,"value":3123,"marks":3124,"data":3125},"Of course, you’ll want to (and typically, you’ll be required to) do regular security training for your employees.",[],{},{"nodeType":1294,"data":3127,"content":3128},{},[3129,3133,3144,3148],{"nodeType":1293,"value":3130,"marks":3131,"data":3132},"If nothing else, make sure employees understand ",[],{},{"nodeType":2226,"data":3134,"content":3138},{"target":3135},{"sys":3136},{"id":3137,"type":1459,"linkType":1460},"5Zy1Kj162pY69NT6001gAa",[3139],{"nodeType":1293,"value":3140,"marks":3141,"data":3143},"the value and impact of MFA",[3142],{"type":1373},{},{"nodeType":1293,"value":1805,"marks":3145,"data":3147},[3146],{"type":1477},{},{"nodeType":1293,"value":3149,"marks":3150,"data":3151},"and other identity access management tools.",[],{},{"nodeType":1355,"data":3153,"content":3154},{},[3155],{"nodeType":1293,"value":3156,"marks":3157,"data":3158},"Doesn’t delegating my responsibility increase SaaS security risks?",[],{},{"nodeType":1294,"data":3160,"content":3161},{},[3162],{"nodeType":1293,"value":3163,"marks":3164,"data":3165},"While delegating security responsibilities is great and takes a huge load off your security team, you need to consider who you’re delegating it to. ",[],{},{"nodeType":1294,"data":3167,"content":3168},{},[3169],{"nodeType":1293,"value":3170,"marks":3171,"data":3172},"This is what’s sometimes understood as supply chain security or third party risk management. You need to trust the SaaS provider to uphold their end of the bargain and, more often than not, also the SaaS/cloud vendors they use (their sub-processors) as well.",[],{},{"nodeType":1294,"data":3174,"content":3175},{},[3176],{"nodeType":1293,"value":3177,"marks":3178,"data":3179},"This sounds a lot scarier than it is. Many SaaS providers do a great job - they provide easy-to-audit, externally-verified, policies through a framework such as SOC2, and most do regular penetration tests and have bug bounty programs, etc.",[],{},{"nodeType":1294,"data":3181,"content":3182},{},[3183],{"nodeType":1293,"value":3184,"marks":3185,"data":3186},"And, before you panic about having to do a full security audit of every one of those hundreds of SaaS providers, know that there are tools that can help with this, which we’ll talk more about at the end of this article.",[],{},{"nodeType":1355,"data":3188,"content":3189},{},[3190],{"nodeType":1293,"value":3191,"marks":3192,"data":3193},"How to determine if you can live with the risk  ",[],{},{"nodeType":1294,"data":3195,"content":3196},{},[3197],{"nodeType":1293,"value":3198,"marks":3199,"data":3200},"Here are a few things you might consider when you assess third-party risk: ",[],{},{"nodeType":1625,"data":3202,"content":3203},{},[3204,3228],{"nodeType":1467,"data":3205,"content":3206},{},[3207,3215],{"nodeType":1294,"data":3208,"content":3209},{},[3210],{"nodeType":1293,"value":3211,"marks":3212,"data":3214},"The data going into these apps is simply too sensitive. ",[3213],{"type":1477},{},{"nodeType":1625,"data":3216,"content":3217},{},[3218],{"nodeType":1467,"data":3219,"content":3220},{},[3221],{"nodeType":1294,"data":3222,"content":3223},{},[3224],{"nodeType":1293,"value":3225,"marks":3226,"data":3227},"Many organizations have very sensitive data, customer information or intellectual property (IP) that they simply aren’t willing to entrust to a third party. ",[],{},{"nodeType":1467,"data":3229,"content":3230},{},[3231,3239],{"nodeType":1294,"data":3232,"content":3233},{},[3234],{"nodeType":1293,"value":3235,"marks":3236,"data":3238},"The app requests administrative access to sensitive systems ",[3237],{"type":1477},{},{"nodeType":1625,"data":3240,"content":3241},{},[3242],{"nodeType":1467,"data":3243,"content":3244},{},[3245],{"nodeType":1294,"data":3246,"content":3247},{},[3248],{"nodeType":1293,"value":3249,"marks":3250,"data":3251},"You may not want to trust a third party with administrative access to critical IT systems",[],{},{"nodeType":1294,"data":3253,"content":3254},{},[3255],{"nodeType":1293,"value":3256,"marks":3257,"data":3258},"If the sensitive data in the app or the access the app has represents some significant (but not unacceptable) risk, you may consider:",[],{},{"nodeType":1625,"data":3260,"content":3261},{},[3262],{"nodeType":1467,"data":3263,"content":3264},{},[3265,3276],{"nodeType":1294,"data":3266,"content":3267},{},[3268,3273],{"nodeType":1293,"value":3269,"marks":3270,"data":3272},"The vendor has a string of repeated breaches or security incidents",[3271],{"type":1477},{},{"nodeType":1293,"value":2238,"marks":3274,"data":3275},[],{},{"nodeType":1625,"data":3277,"content":3278},{},[3279],{"nodeType":1467,"data":3280,"content":3281},{},[3282],{"nodeType":1294,"data":3283,"content":3284},{},[3285],{"nodeType":1293,"value":3286,"marks":3287,"data":3288},"This is troubling because it’s a fairly common pattern for attackers to breach apps in ways that don’t impact customer information, but then use the information they learn from these breaches to launch far more successful breaches in future and gain access to additional sensitive data. ",[],{},{"nodeType":1294,"data":3290,"content":3291},{},[3292,3296,3305,3309,3318,3321,3330],{"nodeType":1293,"value":3293,"marks":3294,"data":3295},"Consider the string of breaches at ",[],{},{"nodeType":1380,"data":3297,"content":3299},{"uri":3298},"https://www.bleepingcomputer.com/search/?q=lastpass+breach",[3300],{"nodeType":1293,"value":3301,"marks":3302,"data":3304},"LastPass",[3303],{"type":1373},{},{"nodeType":1293,"value":3306,"marks":3307,"data":3308},", ",[],{},{"nodeType":1380,"data":3310,"content":3312},{"uri":3311},"https://www.bleepingcomputer.com/search/?q=okta+breach",[3313],{"nodeType":1293,"value":3314,"marks":3315,"data":3317},"Okta",[3316],{"type":1373},{},{"nodeType":1293,"value":3306,"marks":3319,"data":3320},[],{},{"nodeType":1380,"data":3322,"content":3324},{"uri":3323},"https://www.bleepingcomputer.com/search/?q=twilio+breach",[3325],{"nodeType":1293,"value":3326,"marks":3327,"data":3329},"Twilio",[3328],{"type":1373},{},{"nodeType":1293,"value":3331,"marks":3332,"data":3333}," (and many others) or as a typical example of this.",[],{},{"nodeType":1625,"data":3335,"content":3336},{},[3337,3361,3385],{"nodeType":1467,"data":3338,"content":3339},{},[3340,3348],{"nodeType":1294,"data":3341,"content":3342},{},[3343],{"nodeType":1293,"value":3344,"marks":3345,"data":3347},"The app doesn’t offer adequate security features. ",[3346],{"type":1477},{},{"nodeType":1625,"data":3349,"content":3350},{},[3351],{"nodeType":1467,"data":3352,"content":3353},{},[3354],{"nodeType":1294,"data":3355,"content":3356},{},[3357],{"nodeType":1293,"value":3358,"marks":3359,"data":3360},"You want to see features like MFA, SSO (either social login through OIDC or, ideally, SAML), and bonus points for the ability to enforce these controls. This is especially important on platforms where the data is high-risk.",[],{},{"nodeType":1467,"data":3362,"content":3363},{},[3364,3372],{"nodeType":1294,"data":3365,"content":3366},{},[3367],{"nodeType":1293,"value":3368,"marks":3369,"data":3371},"They operate in a sanctioned country ",[3370],{"type":1477},{},{"nodeType":1625,"data":3373,"content":3374},{},[3375],{"nodeType":1467,"data":3376,"content":3377},{},[3378],{"nodeType":1294,"data":3379,"content":3380},{},[3381],{"nodeType":1293,"value":3382,"marks":3383,"data":3384},"Clearly SaaS providers operating from (or that have close ties with) sanctioned or politically-complicated countries represent additional risk.",[],{},{"nodeType":1467,"data":3386,"content":3387},{},[3388,3396],{"nodeType":1294,"data":3389,"content":3390},{},[3391],{"nodeType":1293,"value":3392,"marks":3393,"data":3395},"The SaaS vendor may not have the resources to adequately protect your sensitive data. ",[3394],{"type":1477},{},{"nodeType":1625,"data":3397,"content":3398},{},[3399],{"nodeType":1467,"data":3400,"content":3401},{},[3402],{"nodeType":1294,"data":3403,"content":3404},{},[3405],{"nodeType":1293,"value":3406,"marks":3407,"data":3408},"Also, question vendors that are so small that it is hard to imagine they can afford to spend significant resources on security. ",[],{},{"nodeType":1294,"data":3410,"content":3411},{},[3412],{"nodeType":1293,"value":3413,"marks":3414,"data":3415},"These are really common apps that integrate with your Google Workspace or Microsoft 365 - they add a feature or help streamline the employee’s workflow but aren’t a fully baked SaaS app with funding, a product and engineering team, or customer support.",[],{},{"nodeType":1355,"data":3417,"content":3418},{},[3419],{"nodeType":1293,"value":3420,"marks":3421,"data":3422},"If you can’t establish trust with a SaaS provider…",[],{},{"nodeType":1294,"data":3424,"content":3425},{},[3426],{"nodeType":1293,"value":3427,"marks":3428,"data":3429},"While the hope is that you can establish enough trust with third-party SaaS providers to allow employees to use the app, there will be exceptions.",[],{},{"nodeType":1767,"data":3431,"content":3432},{},[3433],{"nodeType":1293,"value":3434,"marks":3435,"data":3436},"Guide employees to secure alternatives early, before they invest too much time in a risky platform",[],{},{"nodeType":1294,"data":3438,"content":3439},{},[3440],{"nodeType":1293,"value":3441,"marks":3442,"data":3443},"Obviously, you can block the apps that you’ve deemed too risky for your company’s risk profile, which will reduce the attack surface. However, doing that in a vacuum, without working with the employees who are using (or testing) a SaaS application, can roadblock their work. ",[],{},{"nodeType":1294,"data":3445,"content":3446},{},[3447],{"nodeType":1293,"value":3448,"marks":3449,"data":3450},"While it solves your need for strong SaaS security, if you don’t provide employees with an alternative, more secure app to test, you’re burning all good will with the rest of the company. ",[],{},{"nodeType":1294,"data":3452,"content":3453},{},[3454],{"nodeType":1293,"value":3455,"marks":3456,"data":3457},"Worst case scenario, they’ll work around you to use the tool you removed by using their personal laptop or personal email to log in. ",[],{},{"nodeType":1294,"data":3459,"content":3460},{},[3461],{"nodeType":1293,"value":3462,"marks":3463,"data":3464},"The best path forward is to get into the SaaS adoption process early, as shown in this employee SaaS app adoption workflow: ",[],{},{"nodeType":1454,"data":3466,"content":3470},{"target":3467},{"sys":3468},{"id":3469,"type":1459,"linkType":1460},"6HzSQ8wPVn9RfDSFWGaCh8",[],{"nodeType":1294,"data":3472,"content":3473},{},[3474],{"nodeType":1293,"value":3475,"marks":3476,"data":3477},"The goal is to catch those apps that are high risk, either because the data going into them (or that will be) is high risk or because the app can perform some high-risk action (like managing your inventory or sending emails to customers or your behalf). ",[],{},{"nodeType":1294,"data":3479,"content":3480},{},[3481],{"nodeType":1293,"value":3482,"marks":3483,"data":3484},"By getting in early, you can focus your efforts on these high-risk vendors and apps to make sure they can be trusted with their data. ",[],{},{"nodeType":1294,"data":3486,"content":3487},{},[3488,3492,3501],{"nodeType":1293,"value":3489,"marks":3490,"data":3491},"We’ve written more about this ",[],{},{"nodeType":2226,"data":3493,"content":3496},{"target":3494},{"sys":3495},{"id":1968,"type":1459,"linkType":1460},[3497],{"nodeType":1293,"value":2233,"marks":3498,"data":3500},[3499],{"type":1373},{},{"nodeType":1293,"value":3502,"marks":3503,"data":3504}," and it’s worth your time to read it, we promise. Blocking simply doesn’t work and it frustrates the team, so please consider this new way of securing SaaS. ",[],{},{"nodeType":1355,"data":3506,"content":3507},{},[3508],{"nodeType":1293,"value":3509,"marks":3510,"data":3511},"Try a tool to automate SaaS account security improvements",[],{},{"nodeType":1294,"data":3513,"content":3514},{},[3515],{"nodeType":1293,"value":3516,"marks":3517,"data":3518},"Check out SaaS security tools that don’t only look at the SaaS provider or the SaaS platform itself, but which also focus on the SaaS account or user identity level. ",[],{},{"nodeType":1294,"data":3520,"content":3521},{},[3522],{"nodeType":1293,"value":3523,"marks":3524,"data":3525},"Once you have visibility into which apps employees are using, you can dig into whether they’re using security features like MFA or using strong passwords. If they're not, use Push to equip them to enable MFA on their own: ",[],{},{"nodeType":1454,"data":3527,"content":3531},{"target":3528},{"sys":3529},{"id":3530,"type":1459,"linkType":1460},"22jQt6xKpBHthBFqYlzKD1",[],{"nodeType":1294,"data":3533,"content":3534},{},[3535],{"nodeType":1293,"value":3536,"marks":3537,"data":3538},"Modern SaaS security solutions like Push can not only give you visibility into that information, but automate the process of reaching out to employees to help them turn on security features or updating weak passwords in a few short clicks.",[],{},{"nodeType":1355,"data":3540,"content":3541},{},[3542],{"nodeType":1293,"value":3543,"marks":3544,"data":3545},"Manage SaaS risk as scale without overburdening your team",[],{},{"nodeType":1294,"data":3547,"content":3548},{},[3549],{"nodeType":1293,"value":3550,"marks":3551,"data":3552},"\nWhen facing a list of hundreds of apps that employees are using in your business, doing due diligence feels like a daunting task. Push can help with this as well.",[],{},{"nodeType":1294,"data":3554,"content":3555},{},[3556],{"nodeType":1293,"value":3557,"marks":3558,"data":3559},"You can classify SaaS apps directly in the Push platform based on:",[],{},{"nodeType":1625,"data":3561,"content":3562},{},[3563,3573],{"nodeType":1467,"data":3564,"content":3565},{},[3566],{"nodeType":1294,"data":3567,"content":3568},{},[3569],{"nodeType":1293,"value":3570,"marks":3571,"data":3572},"the sensitivity of the data they contain",[],{},{"nodeType":1467,"data":3574,"content":3575},{},[3576],{"nodeType":1294,"data":3577,"content":3578},{},[3579],{"nodeType":1293,"value":3580,"marks":3581,"data":3582},"the permissions they've been granted using the Sensitivity level field",[],{},{"nodeType":1294,"data":3584,"content":3585},{},[3586],{"nodeType":1293,"value":3587,"marks":3588,"data":3589},"Then use the Approval status option to capture your decision about an app. ",[],{},{"nodeType":1454,"data":3591,"content":3595},{"target":3592},{"sys":3593},{"id":3594,"type":1459,"linkType":1460},"5rACOqYdUseU5rJqTSkaK5",[],{"nodeType":1294,"data":3597,"content":3598},{},[3599,3603,3614],{"nodeType":1293,"value":3600,"marks":3601,"data":3602},"This helps your team suss out the risk so you can make the right choice, without having to have discussions in side channels. ",[],{},{"nodeType":2226,"data":3604,"content":3608},{"target":3605},{"sys":3606},{"id":3607,"type":1459,"linkType":1460},"1BuDaKpiwwntLe4goObvgb",[3609],{"nodeType":1293,"value":3610,"marks":3611,"data":3613},"Read more about how this works",[3612],{"type":1373},{},{"nodeType":1293,"value":3107,"marks":3615,"data":3616},[],{},{"entries":3618},{"inline":3619,"hyperlink":3620,"block":3647},[],[3621,3623,3627,3631,3635,3639,3641],{"sys":3622,"__typename":1314,"title":1946,"slug":1949},{"id":1316},{"sys":3624,"__typename":1314,"title":3625,"slug":3626},{"id":2230},"How to roll-your-own SaaS discovery","rolling-your-own-saas-discovery",{"sys":3628,"__typename":1314,"title":3629,"slug":3630},{"id":3070},"The no-jargon guide to solving shadow SaaS ","protect-your-data-across-all-your-apps-even-the-ones-employees-use-without",{"sys":3632,"__typename":1314,"title":3633,"slug":3634},{"id":3100},"Should I let my employees login with their work Google account?","should-i-let-my-employees-login-with-their-work-google-account",{"sys":3636,"__typename":1314,"title":3637,"slug":3638},{"id":3137},"Multi-Factor Authentication is the top security control for most small and medium-sized businesses","multi-factor-authentication-is-the-top-security-control-for-most-small-and",{"sys":3640,"__typename":1314,"title":2732,"slug":2735},{"id":1968},{"sys":3642,"__typename":3643,"title":3644,"slug":3645,"articleId":3646},{"id":3607},"HelpArticle","Guide to reviewing and classifying SaaS apps","guide-to-reviewing-and-classifying-saas-apps",10094,[3648,3657,3665,3672,3680,3688,3695],{"sys":3649,"__typename":3650,"title":3651,"caption":3651,"layoutMode":3652,"file":3653},{"id":2125},"Image","SaaS sprawl","Centre aligned",{"url":3654,"width":3655,"height":3656},"https://images.ctfassets.net/y1cdw1ablpvd/1KIj9P7eQ7UfOWgnUmTWUU/5f9d7369dd1ce148227db632aa1fabc7/image1.png",1731,658,{"sys":3658,"__typename":3650,"title":3659,"caption":3660,"layoutMode":3652,"file":3661},{"id":2890},"Shared responsibility model NCSC","Source: https://www.ncsc.gov.uk/collection/cloud/understanding-cloud-services/cloud-security-shared-responsibility-model",{"url":3662,"width":3663,"height":3664},"https://images.ctfassets.net/y1cdw1ablpvd/2QR4exoDHiiI32zLx7MBOL/d169ba9438f1782aba60c5c35413706d/image7.png",1662,992,{"sys":3666,"__typename":3650,"title":3667,"caption":118,"layoutMode":3652,"file":3668},{"id":2937},"Customer responsibility for SaaS apps PLG",{"url":3669,"width":3670,"height":3671},"https://images.ctfassets.net/y1cdw1ablpvd/6jaP9nk2U89Y1TidafgXLB/9c3af2cd634ea0621b3e2ac05739582d/image7.png",1980,1214,{"sys":3673,"__typename":3650,"title":3674,"caption":3675,"layoutMode":118,"file":3676},{"id":3057},"SSO wall of shame","SSO.tax Wall of Shame",{"url":3677,"width":3678,"height":3679},"https://images.ctfassets.net/y1cdw1ablpvd/3V6zIEftBcNhvLnRHCZEb0/320db8a02da82df16a77371f8636174f/Screenshot_2023-07-12_at_12.59.37_PM.png",1916,1544,{"sys":3681,"__typename":3650,"title":3682,"caption":3683,"layoutMode":3652,"file":3684},{"id":3469},"Risk assessment timeline PLG","When security can make the most impact on assessing employee-adopted SaaS apps",{"url":3685,"width":3686,"height":3687},"https://images.ctfassets.net/y1cdw1ablpvd/5Vxv5h3OpO3DXpsil5GBUa/d1ca5df575cb5e9cfc612b8b757411ff/image15.png",2000,1118,{"sys":3689,"__typename":3650,"title":3690,"caption":118,"layoutMode":118,"file":3691},{"id":3530},"MFA Enabled",{"url":3692,"width":3693,"height":3694},"https://images.ctfassets.net/y1cdw1ablpvd/19qsMqEzIfT7c10xHlpXuS/c8372c9218ad6c55fac3901c0712786f/Image_block_5__3_.png",1388,1163,{"sys":3696,"__typename":3650,"title":3697,"caption":118,"layoutMode":118,"file":3698},{"id":3594},"App classification gif - release notes - July 2023",{"url":3699,"width":364,"height":3700},"https://images.ctfassets.net/y1cdw1ablpvd/2luen73d2HKKnInShkTQHk/0410498d5b5a7bd7541426a2f46f817f/app_classification_demo_new.gif",509,"content:blog:focus-on-account-security-to-reduce-saas-risks.json","json","content","blog/focus-on-account-security-to-reduce-saas-risks.json","blog/focus-on-account-security-to-reduce-saas-risks",1776359991339]