[{"data":1,"prerenderedAt":2658},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":95,"navbar-about-highlight":155,"navbar-resource-highlight":211,"blog/push-plus-network-security":256,"use-case-page":1639},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8,59,76],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":14,"data":15,"variations":50,"lastUpdated":51,"firstPublished":52,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":54,"meta":55,"rev":58},1742213002749,"efff2a27faf4408e9f908eba4b5542fe","inductive-automation","1c6207a5f24948ab82d4a0b17f251193","published",[],{"testimonial":16,"description":43,"type":19,"link":44,"title":47,"testimonialLink":48,"image":49},{"@type":17,"id":18,"model":19,"value":20},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79","testimonial",{"query":21,"folders":22,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":26,"variations":30,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":35,"rev":42},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":27,"jobTitle":28,"quote":24,"image":29},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,1,"ST0tXQM8slWpFrmioqKHmENB2qe2",{"kind":36,"lastPreviewUrl":37,"breakpoints":38,"hasAutosaves":41},"data","",{"small":39,"medium":40},640,768,true,"3v32gocrrqz","Join the industry's top security minds as they break down the browser attack landscape.",{"url":45,"text":46},"https://pushsecurity.com/webinar/state-of-browser-security","Save Your Spot","State of Browser Attacks Series","/customer-stories/inductive-automation","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe94fca10aa7b46ac8052b7ea22de54cd",{},1776257019270,1742221533648,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2",[],{"breakpoints":56,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},320,"motto9r9yg",{"createdDate":60,"id":61,"name":62,"modelId":12,"published":13,"query":63,"data":64,"variations":69,"lastUpdated":70,"firstPublished":71,"testRatio":33,"createdBy":53,"lastUpdatedBy":72,"folders":73,"meta":74,"rev":58},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner",[],{"type":65,"url":66,"text":67,"link":68},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,"jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":36,"lastPreviewUrl":37,"breakpoints":75,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},{"createdDate":77,"id":78,"name":79,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":80,"data":81,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":92,"meta":93,"rev":58},1742208469288,"6763051b201f44a0838c6400c580ca67","Resource highlight",[],{"image":82,"type":83,"description":84,"link":85,"title":88},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9","resource","Learn about the latest techniques being used in the wild.",{"url":86,"text":87},"/resources/browser-attacks-report","Download now","Report: 2026 Browser Attack Techniques",{},1776255866789,1742208570400,[],{"kind":36,"lastPreviewUrl":37,"breakpoints":94,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},{"createdDate":96,"id":97,"name":98,"modelId":99,"published":13,"query":100,"data":101,"variations":145,"lastUpdated":146,"firstPublished":147,"testRatio":33,"createdBy":34,"lastUpdatedBy":148,"folders":149,"meta":150,"rev":154},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":102,"text":103,"url":37,"blocks":104,"state":141},"ewrererw","testrfesssssssssss",[105,129],{"@type":106,"@version":107,"id":108,"component":109,"responsiveStyles":119},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":110,"tag":110,"options":111,"isRSC":118},"TopBannerContent",{"text":112,"ctaText":46,"url":45,"mainText":113,"cta":116},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks",{"content":114,"fontSize":115},"\u003Cp>New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks\u003C/p>","text-base",{"content":117,"fontSize":115,"url":45},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">Save Your Spot\u003C/strong>\u003C/p>\n",null,{"large":120},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"marginTop":126,"marginBottom":126,"fontSize":127,"fontWeight":128},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":130,"@type":106,"tagName":131,"properties":132,"responsiveStyles":136},"builder-pixel-08zrjigffq5t","img",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":137},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},"block","hidden","none",{"deviceSize":142,"location":143},"large",{"path":37,"query":144},{},{},1775137295127,1774968080803,"ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"breakpoints":151,"hasLinks":6,"kind":152,"lastPreviewUrl":153,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","2lvuonnywj",[156,180],{"createdDate":157,"id":158,"name":159,"modelId":160,"published":13,"stageModifiedSincePublish":6,"query":161,"data":162,"variations":173,"lastUpdated":174,"firstPublished":175,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":176,"meta":177,"rev":179},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":163,"type":19,"testimonialLink":48,"testimonial":164},{},{"@type":17,"id":18,"model":19,"value":165},{"query":166,"folders":167,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":168,"variations":169,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":170,"rev":172},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":171,"hasAutosaves":41},{"small":39,"medium":40},"7t755zfvte3",{},1776247404986,1776247404973,[],{"breakpoints":178,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"4moh0qpywtr",{"createdDate":181,"id":182,"name":88,"modelId":160,"published":13,"meta":183,"stageModifiedSincePublish":6,"query":185,"data":186,"variations":207,"lastUpdated":208,"firstPublished":209,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":210,"rev":179},1776255761419,"05a9322735fc427db12e2740e4302300",{"breakpoints":184,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":187,"link":206,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":189},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":190,"folders":191,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":194,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":203,"rev":205},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":36,"lastPreviewUrl":37,"breakpoints":204,"hasAutosaves":41},{"small":39,"medium":40},"6s8ic0w0ao6",{"text":87,"url":86},{},1776255810913,1776255810900,[],[212,235],{"createdDate":213,"id":214,"name":88,"modelId":215,"published":13,"meta":216,"stageModifiedSincePublish":6,"query":218,"data":219,"variations":230,"lastUpdated":231,"firstPublished":232,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":233,"rev":234},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":217,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":220,"link":229,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":221},{"query":222,"folders":223,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":224,"variations":225,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":226,"rev":228},[],[],{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":227,"hasAutosaves":41},{"small":39,"medium":40},"r77qqueuo3j",{"text":87,"url":86},{},1776256937553,1776256937540,[],"q0jkez80wkg",{"createdDate":236,"id":237,"name":11,"modelId":215,"published":13,"stageModifiedSincePublish":6,"query":238,"data":239,"variations":250,"lastUpdated":251,"firstPublished":252,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":253,"meta":254,"rev":234},1776256949234,"ce043785b71b4ece98eac811ecf4ba10",[],{"link":240,"type":19,"testimonial":241,"testimonialLink":48},{},{"@type":17,"id":18,"model":19,"value":242},{"query":243,"folders":244,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":245,"variations":246,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":247,"rev":249},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":248,"hasAutosaves":41},{"small":39,"medium":40},"mnaneamy308",{},1776256974140,1776256974130,[],{"breakpoints":255,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},{"_path":257,"_dir":258,"_draft":6,"_partial":6,"_locale":37,"sys":259,"ogImage":118,"summary":262,"title":276,"subtitle":118,"metaTitle":277,"synopsis":278,"hashTags":118,"publishedDate":279,"slug":280,"tagsCollection":281,"relatedBlogPostsCollection":291,"authorsCollection":1110,"content":1114,"_id":1634,"_type":1635,"_source":1636,"_file":1637,"_stem":1638,"_extension":1635},"/blog/push-plus-network-security","blog",{"id":260,"publishedAt":261},"5caCcGCqMMPm5KlwUv0sbz","2026-02-06T16:45:39.763Z",{"json":263},{"data":264,"content":265,"nodeType":275},{},[266],{"data":267,"content":268,"nodeType":274},{},[269],{"data":270,"marks":271,"value":272,"nodeType":273},{},[],"One key question we get is \"we're already monitoring network and web traffic, so why do we need to be in the browser too?\". Here are the key differences.","text","paragraph","document","Push + Network Security: The gap between seeing the packet and securing the session","Push + Network Security: Seeing packets vs securing sessions","Why network and web traffic only gives you part of the picture when it comes to modern browser-based attacks. ","2026-01-30T00:00:00.000Z","push-plus-network-security",{"items":282},[283,287],{"sys":284,"name":286},{"id":285},"6A5RXS31ZQx3PwryGb1IMy","Browser-based attacks",{"sys":288,"name":290},{"id":289},"4ksQNCFeBf8H4QIORqpRLw","Detection & response",{"items":292},[293,718],{"__typename":294,"sys":295,"content":297,"title":701,"synopsis":702,"hashTags":118,"publishedDate":279,"slug":703,"tagsCollection":704,"authorsCollection":710},"BlogPosts",{"id":296},"6YWYKGESlyUKQxvhKmBzeH",{"json":298},{"data":299,"content":300,"nodeType":275},{},[301,311,318,325,337,350,359,366,373,380,389,393,401,408,415,427,434,441,449,456,506,522,529,537,544,572,579,587,635,642,689,695],{"data":302,"content":303,"nodeType":310},{},[304],{"data":305,"marks":306,"value":309,"nodeType":273},{},[307],{"type":308},"bold","EDR is still the best tool for attacks that touch the endpoint","heading-1",{"data":312,"content":313,"nodeType":274},{},[314],{"data":315,"marks":316,"value":317,"nodeType":273},{},[],"Endpoint Detection and Response (EDR) tooling is fundamental to modern security. It earned its place as a foundational control by moving defense away from static, known-bad indicators and toward deep, real-time detection, investigation, and response based on behavior observed in a live environment. ",{"data":319,"content":320,"nodeType":274},{},[321],{"data":322,"marks":323,"value":324,"nodeType":273},{},[],"By running an agent inside the operating system, EDR gave defenders something they never had before: visibility into what was actually happening on the host as it happened, and the ability to act on it.",{"data":326,"content":327,"nodeType":274},{},[328,332],{"data":329,"marks":330,"value":331,"nodeType":273},{},[],"That agent-level visibility is still incredibly powerful. File system changes, process execution, memory behavior, or registry modifications is the kind of telemetry that enables threat hunting, exposes fileless attacks, and allows teams to contain incidents by isolating a device or killing a malicious process. ",{"data":333,"marks":334,"value":336,"nodeType":273},{},[335],{"type":308},"For anything that touches the endpoint, EDR remains the right tool.",{"data":338,"content":339,"nodeType":274},{},[340,344],{"data":341,"marks":342,"value":343,"nodeType":273},{},[],"But that’s the key constraint: ",{"data":345,"marks":346,"value":349,"nodeType":273},{},[347],{"type":348},"italic","for anything that touches the endpoint.",{"data":351,"content":352,"nodeType":358},{},[353],{"data":354,"marks":355,"value":357,"nodeType":273},{},[356],{"type":308},"But modern attacks have moved beyond the endpoint","heading-2",{"data":360,"content":361,"nodeType":274},{},[362],{"data":363,"marks":364,"value":365,"nodeType":273},{},[],"The reality of how work gets done has shifted. Most applications are now SaaS-based and accessed entirely through a browser. Employees authenticate, move data, administer systems, and interact with customers inside a browser window. And attackers have followed them there.",{"data":367,"content":368,"nodeType":274},{},[369],{"data":370,"marks":371,"value":372,"nodeType":273},{},[],"When attacks play out in the browser, endpoint-level signals often never appear. From the operating system’s perspective, there’s just a browser process behaving normally. The EDR agent is doing exactly what it was designed to do, but the activity that matters is happening within the browser itself.",{"data":374,"content":375,"nodeType":274},{},[376],{"data":377,"marks":378,"value":379,"nodeType":273},{},[],"That’s the gap teams are running into. EDR protects the integrity of the host, but it has no visibility into the live application session inside the browser. And as attackers consciously avoid the endpoint entirely, that blind spot is becoming harder to ignore.",{"data":381,"content":387,"nodeType":388},{"target":382},{"sys":383},{"id":384,"type":385,"linkType":386},"7aVTgi4Btxl6PpzQl8kipW","Link","Entry",[],"embedded-entry-block",{"data":390,"content":391,"nodeType":392},{},[],"hr",{"data":394,"content":395,"nodeType":310},{},[396],{"data":397,"marks":398,"value":400,"nodeType":273},{},[399],{"type":308},"Attackers are consciously evading EDR",{"data":402,"content":403,"nodeType":274},{},[404],{"data":405,"marks":406,"value":407,"nodeType":273},{},[],"The gap endpoint teams are running into isn’t accidental. It’s the result of attackers adapting to where defenders are strongest (and weakest).",{"data":409,"content":410,"nodeType":274},{},[411],{"data":412,"marks":413,"value":414,"nodeType":273},{},[],"Modern EDR has made compromising the host operating system expensive and noisy. Deep telemetry and constant monitoring mean that even when an attacker manages to execute code on a device, that action is quickly under scrutiny. From there, progress is slow. After all, lateral movement and persistence take time, and all of it carries risk and generates signals defenders are good at catching.",{"data":416,"content":417,"nodeType":274},{},[418,423],{"data":419,"marks":420,"value":422,"nodeType":273},{},[421],{"type":308},"So attackers take a different route. ",{"data":424,"marks":425,"value":426,"nodeType":273},{},[],"Instead of targeting the OS, they operate inside the browser session, abusing legitimate access paths to cloud applications directly over the internet. The endpoint just sees a browser session, not the malicious activity that's happening inside it. ",{"data":428,"content":429,"nodeType":274},{},[430],{"data":431,"marks":432,"value":433,"nodeType":273},{},[],"EDR agents are extremely good at protecting the operating system, but their visibility largely stops at the browser boundary. They can see that a browser process is running. They can’t see what a user is actually interacting with inside a specific tab, or what code is executing within the browser.",{"data":435,"content":436,"nodeType":274},{},[437],{"data":438,"marks":439,"value":440,"nodeType":273},{},[],"This is the shift security teams are feeling. Attacks don’t trigger endpoint alerts because they aren’t endpoint attacks. They unfold inside the browser, over standard web sessions, using legitimate accounts. To EDR, the host is unaffected. To the business, the damage is already underway.",{"data":442,"content":443,"nodeType":358},{},[444],{"data":445,"marks":446,"value":448,"nodeType":273},{},[447],{"type":308},"How modern attacks circumvent EDR",{"data":450,"content":451,"nodeType":274},{},[452],{"data":453,"marks":454,"value":455,"nodeType":273},{},[],"Examples of modern attacks that are consciously evading EDR by staying off the endpoint include:",{"data":457,"content":458,"nodeType":505},{},[459,475,490],{"data":460,"content":461,"nodeType":474},{},[462],{"data":463,"content":464,"nodeType":274},{},[465,470],{"data":466,"marks":467,"value":469,"nodeType":273},{},[468],{"type":308},"AiTM phishing: ",{"data":471,"marks":472,"value":473,"nodeType":273},{},[],"Sophisticated attacker-in-the-middle phishing kits render convincing login pages directly in the browser and proxy authentication in real time, stealing credentials or MFA tokens as the user enters them. From the OS perspective, nothing appears unusual; EDR can’t see the page structure or scripts running inside the tab.","list-item",{"data":476,"content":477,"nodeType":474},{},[478],{"data":479,"content":480,"nodeType":274},{},[481,486],{"data":482,"marks":483,"value":485,"nodeType":273},{},[484],{"type":308},"Session hijacking:",{"data":487,"marks":488,"value":489,"nodeType":273},{},[]," When attackers obtain a valid session token, they gain persistent access to an account without needing a password at all. Once in use, the session typically blends into normal browser activity, generating no endpoint data. ",{"data":491,"content":492,"nodeType":474},{},[493],{"data":494,"content":495,"nodeType":274},{},[496,501],{"data":497,"marks":498,"value":500,"nodeType":273},{},[499],{"type":308},"Malicious browser extensions:",{"data":502,"marks":503,"value":504,"nodeType":273},{},[]," Malicious extensions (either made by attackers or hijacked by them) can read page content, intercept credentials, or siphon session tokens. Because extensions operate inside the browser’s execution model, their behavior is largely invisible to endpoint tooling focused on OS-level activity.","unordered-list",{"data":507,"content":508,"nodeType":274},{},[509,513,518],{"data":510,"marks":511,"value":512,"nodeType":273},{},[],"Even attacks that nominally involve the endpoint often stay outside EDR’s strongest visibility. ",{"data":514,"marks":515,"value":517,"nodeType":273},{},[516],{"type":308},"ClickFix-style social engineering",{"data":519,"marks":520,"value":521,"nodeType":273},{},[]," is a good example. Attackers manipulate users into taking risky actions that look legitimate, the most prominent example being executing malicious commands on the host that are deliberately obfuscated or broken into benign-looking steps. While EDR may catch the code execution (and any malware the execution attempts to install), these techniques are designed to stay ambiguous enough to avoid reliable detection.",{"data":523,"content":524,"nodeType":274},{},[525],{"data":526,"marks":527,"value":528,"nodeType":273},{},[],"All of these attacks succeed for the same reason: the activity unfolds inside the browser. And because EDR was never designed to observe or control what happens inside a live browser session, attackers can operate there with far less resistance.",{"data":530,"content":531,"nodeType":358},{},[532],{"data":533,"marks":534,"value":536,"nodeType":273},{},[535],{"type":308},"Extending detection and response to the browser",{"data":538,"content":539,"nodeType":274},{},[540],{"data":541,"marks":542,"value":543,"nodeType":273},{},[],"Defenders need to meet attackers where they actually operate. That means establishing real detection and response capabilities inside the browser itself.",{"data":545,"content":546,"nodeType":274},{},[547,551,556,560,569],{"data":548,"marks":549,"value":550,"nodeType":273},{},[],"When endpoint security evolved, it did so by putting an agent on the host to observe behavior, collect telemetry, and act at the source — ",{"data":552,"marks":553,"value":555,"nodeType":273},{},[554],{"type":308},"getting inside the data stream",{"data":557,"marks":558,"value":559,"nodeType":273},{},[],". The same logic applies here. If the browser is where credentials are entered, sessions are established, and attacks unfold, then it needs to be treated as a security surface in its own right. ",{"data":561,"content":563,"nodeType":568},{"uri":562},"https://pushsecurity.com/blog/push-plus-network-security",[564],{"data":565,"marks":566,"value":567,"nodeType":273},{},[],"That doesn't mean just looking at web traffic, but examining client-side browser processes and activity that are the best, earliest indicators of bad activity. ","hyperlink",{"data":570,"marks":571,"value":37,"nodeType":273},{},[],{"data":573,"content":574,"nodeType":274},{},[575],{"data":576,"marks":577,"value":578,"nodeType":273},{},[],"This doesn’t replace EDR. EDR secures the host. Identity tools govern authentication. But the browser, the layer that connects users to everything else, is a blind spot. Extending detection and response into that layer fills the gap while complementing the controls that already work.",{"data":580,"content":581,"nodeType":358},{},[582],{"data":583,"marks":584,"value":586,"nodeType":273},{},[585],{"type":308},"Your browser detection and response checklist",{"data":588,"content":589,"nodeType":505},{},[590,605,620],{"data":591,"content":592,"nodeType":474},{},[593],{"data":594,"content":595,"nodeType":274},{},[596,601],{"data":597,"marks":598,"value":600,"nodeType":273},{},[599],{"type":308},"Browser-native protection: ",{"data":602,"marks":603,"value":604,"nodeType":273},{},[],"Running inside the browser is the only way you can see what page a user is interacting with, what scripts are running, and how the session is behaving in real time. It’s also the only place you can reliably distinguish between normal user activity and attacker-driven manipulation.",{"data":606,"content":607,"nodeType":474},{},[608],{"data":609,"content":610,"nodeType":274},{},[611,616],{"data":612,"marks":613,"value":615,"nodeType":273},{},[614],{"type":308},"Behavioral detection:",{"data":617,"marks":618,"value":619,"nodeType":273},{},[]," Detection can’t rely on static indicators. It has to be based on behaviors — like how pages render, how credentials are submitted, and how sessions are established and abused. ",{"data":621,"content":622,"nodeType":474},{},[623],{"data":624,"content":625,"nodeType":274},{},[626,631],{"data":627,"marks":628,"value":630,"nodeType":273},{},[629],{"type":308},"Real-time interception:",{"data":632,"marks":633,"value":634,"nodeType":273},{},[]," Response has to be immediate. Blocking credential submission, interrupting a malicious action, capturing high-fidelity context, all of that needs to happen at the point of interaction — before an account is compromised.",{"data":636,"content":637,"nodeType":274},{},[638],{"data":639,"marks":640,"value":641,"nodeType":273},{},[],"This is what it means to extend detection and response to the browser: not another tool bolted onto the stack, but a necessary evolution in how modern attacks are actually stopped.",{"data":643,"content":644,"nodeType":688},{},[645],{"data":646,"content":647,"nodeType":274},{},[648,652,660,664,672,676,684],{"data":649,"marks":650,"value":651,"nodeType":273},{},[],"Want to learn more about Push? ",{"data":653,"content":655,"nodeType":568},{"uri":654},"https://pushsecurity.com/resources/product-brochure",[656],{"data":657,"marks":658,"value":659,"nodeType":273},{},[],"Check out our latest product overview",{"data":661,"marks":662,"value":663,"nodeType":273},{},[],", ",{"data":665,"content":667,"nodeType":568},{"uri":666},"https://pushsecurity.com/product-demo/",[668],{"data":669,"marks":670,"value":671,"nodeType":273},{},[],"visit our demo library",{"data":673,"marks":674,"value":675,"nodeType":273},{},[],", or ",{"data":677,"content":679,"nodeType":568},{"uri":678},"https://pushsecurity.com/demo",[680],{"data":681,"marks":682,"value":683,"nodeType":273},{},[],"book some time with one of our team for a live demo",{"data":685,"marks":686,"value":687,"nodeType":273},{},[],".","blockquote",{"data":690,"content":694,"nodeType":388},{"target":691},{"sys":692},{"id":693,"type":385,"linkType":386},"1doMkOu2ZuGqMp2VJgV5pb",[],{"data":696,"content":697,"nodeType":274},{},[698],{"data":699,"marks":700,"value":37,"nodeType":273},{},[],"Push + Endpoint Security: Extending detection and response to the browser","Why extending detection and response into the browser is crucial in the face of modern attacks that consciously evade the network and endpoint. ","push-plus-endpoint-security",{"items":705},[706,708],{"sys":707,"name":286},{"id":285},{"sys":709,"name":290},{"id":289},{"items":711},[712],{"fullName":713,"firstName":714,"jobTitle":715,"profilePicture":716},"Peyton Padfield","Peyton","Product Team",{"url":717},"https://images.ctfassets.net/y1cdw1ablpvd/1GU01HXElmc07nwi89qP3b/3188050420106c62e9df2ed4e4893b7f/1677005177901__1_.jpeg",{"__typename":294,"sys":719,"content":721,"title":1096,"synopsis":1097,"hashTags":118,"publishedDate":1098,"slug":1099,"tagsCollection":1100,"authorsCollection":1106},{"id":720},"2k2aDK5dyQKlQBrk66pMXE",{"json":722},{"nodeType":275,"data":723,"content":724},{},[725,733,740,747,754,761,768,776,783,790,797,800,808,815,822,829,836,857,865,872,879,886,889,897,913,929,936,944,951,958,965,972,978,985,1048,1051,1090],{"nodeType":310,"data":726,"content":727},{},[728],{"nodeType":273,"value":729,"marks":730,"data":732},"Cloud security tools ensure secure configurations",[731],{"type":308},{},{"nodeType":274,"data":734,"content":735},{},[736],{"nodeType":273,"value":737,"marks":738,"data":739},"If you’re a cloud security architect, you probably don’t think in terms of firewalls and perimeters anymore. You think in control planes. Your job isn’t protecting a box or a subnet; it’s governing a sprawling web of IAM roles, service principals, APIs, and permissions that exist mostly as configuration and code. In this world, the boundary isn’t physical or even networked, it’s defined entirely by how your environment is configured.",[],{},{"nodeType":274,"data":741,"content":742},{},[743],{"nodeType":273,"value":744,"marks":745,"data":746},"The way most teams approached that problem was pragmatic. As cloud environments scaled, it became impossible to secure it by inspection or tribal knowledge. Cloud Security Posture Management tools and, later, Cloud Native Application Protection Platforms emerged to solve a very real problem: visibility and control over cloud configuration at scale. They gave teams a way to continuously assess infrastructure, track misconfigurations, and understand risk across accounts, regions, and services without drowning in raw provider logs.",[],{},{"nodeType":274,"data":748,"content":749},{},[750],{"nodeType":273,"value":751,"marks":752,"data":753},"That capability is important. Without it, cloud security simply doesn’t function. ",[],{},{"nodeType":274,"data":755,"content":756},{},[757],{"nodeType":273,"value":758,"marks":759,"data":760},"CSPM and CNAPP answer the question of “is my cloud environment configured securely?”. They tell you whether an IAM role is too permissive, whether a resource is exposed, or whether a policy violates best practice. They tell you when a user or account is trying to do something they shouldn’t. ",[],{},{"nodeType":274,"data":762,"content":763},{},[764],{"nodeType":273,"value":765,"marks":766,"data":767},"What they don’t answer is a different, increasingly important question: “What happens when attacker behavior is indistinguishable from legitimate user behavior?”",[],{},{"nodeType":358,"data":769,"content":770},{},[771],{"nodeType":273,"value":772,"marks":773,"data":775},"But they can’t stop “legitimate” actions",[774],{"type":308},{},{"nodeType":274,"data":777,"content":778},{},[779],{"nodeType":273,"value":780,"marks":781,"data":782},"The gap (or lack of) between legitimate user behavior and malicious abuse is becoming more relevant as cloud breaches change shape. ",[],{},{"nodeType":274,"data":784,"content":785},{},[786],{"nodeType":273,"value":787,"marks":788,"data":789},"In many of today’s incidents, attackers aren’t exploiting misconfigurations or abusing the cloud control plane directly. They’re compromising users. Once an authentication has occurred through illegitimate means, whether phishing, session hijacking, or token theft, the attacker operates entirely within an approved session.",[],{},{"nodeType":274,"data":791,"content":792},{},[793],{"nodeType":273,"value":794,"marks":795,"data":796},"From the perspective of cloud security tooling, very little looks wrong. The identity is valid. The access patterns appear expected. The infrastructure remains correctly configured. As long as the attacker operates within the bounds of what looks “normal”, no alarms are triggered. Meanwhile, sensitive actions are carried out through the browser, using the same interfaces and workflows as a real user.",[],{},{"nodeType":392,"data":798,"content":799},{},[],{"nodeType":310,"data":801,"content":802},{},[803],{"nodeType":273,"value":804,"marks":805,"data":807},"The gap between the IdP and the final API call — the “missing middle” in your security stack",[806],{"type":308},{},{"nodeType":274,"data":809,"content":810},{},[811],{"nodeType":273,"value":812,"marks":813,"data":814},"The browser session sits outside the telemetry and control model of infrastructure-focused cloud security tools. We call this the \"missing middle.\" It’s the space between the IdP login and the final cloud API call. ",[],{},{"nodeType":274,"data":816,"content":817},{},[818],{"nodeType":273,"value":819,"marks":820,"data":821},"In theory, you could try to close the gap by stitching together logs from every SaaS application in your environment. In practice, anyone who’s attempted this knows how quickly it falls apart. ",[],{},{"nodeType":274,"data":823,"content":824},{},[825],{"nodeType":273,"value":826,"marks":827,"data":828},"Each integration is brittle and expensive to maintain, and many applications don’t expose the level of telemetry you actually need, even if you’re willing to fork out for the top Security++ product tier. When you’re dealing with hundreds of apps per enterprise, each with their own configuration complexity, there’s a good chance that your solution focused on “core” cloud apps doesn’t actually have visibility of the full attack surface.",[],{},{"nodeType":274,"data":830,"content":831},{},[832],{"nodeType":273,"value":833,"marks":834,"data":835},"When logs do exist, they rarely show what you actually need. To a CSPM or CNAPP, it looks like an authorized user doing authorized things. A file was accessed or a setting was changed. What those tools can’t see is that the browser session itself was being manipulated in real time.",[],{},{"nodeType":274,"data":837,"content":838},{},[839,843,853],{"nodeType":273,"value":840,"marks":841,"data":842},"For ",[],{},{"nodeType":568,"data":844,"content":846},{"uri":845},"https://pushsecurity.com/blog/scattered-lapsus-hunters/",[847],{"nodeType":273,"value":848,"marks":849,"data":852},"modern, cloud-native threat groups",[850],{"type":851},"underline",{},{"nodeType":273,"value":854,"marks":855,"data":856},", this lack of session-level visibility is their greatest advantage. They bypass the strong configuration and identity controls you’ve already implemented by simply stepping into the authorized stream. And by the time infrastructure-level signals suggest something is wrong, the attacker has already accomplished what they came for.",[],{},{"nodeType":358,"data":858,"content":859},{},[860],{"nodeType":273,"value":861,"marks":862,"data":864},"Secure everything, still lose",[863],{"type":308},{},{"nodeType":274,"data":866,"content":867},{},[868],{"nodeType":273,"value":869,"marks":870,"data":871},"At some point, this forces a hard realization: you can do everything “right” at the cloud and identity layers and still lose.",[],{},{"nodeType":274,"data":873,"content":874},{},[875],{"nodeType":273,"value":876,"marks":877,"data":878},"You can lock down infrastructure-as-code, tighten IAM policies, enforce conditional access, and pass every posture check you care about. But none of that changes where access actually happens. When users work in cloud services, they do it through a browser. And once a session is established, that browser session becomes the real control plane.",[],{},{"nodeType":274,"data":880,"content":881},{},[882],{"nodeType":273,"value":883,"marks":884,"data":885},"That’s the shift cloud security teams are running into. The problem isn’t that CSPM or CNAPP failed, it’s that they can’t see the full picture. Bridging the missing middle means treating the browser session itself as something you can inspect and defend.",[],{},{"nodeType":392,"data":887,"content":888},{},[],{"nodeType":310,"data":890,"content":891},{},[892],{"nodeType":273,"value":893,"marks":894,"data":896},"Why moving detection and response to the browser is the solution",[895],{"type":308},{},{"nodeType":274,"data":898,"content":899},{},[900,904,909],{"nodeType":273,"value":901,"marks":902,"data":903},"First, ",[],{},{"nodeType":273,"value":905,"marks":906,"data":908},"detection has to move into the browser",[907],{"type":308},{},{"nodeType":273,"value":910,"marks":911,"data":912},". Modern cloud attacks don’t announce themselves with known indicators or suspicious IPs; it’s all about behavior. A phishing kit rendering inside a login page. A session token being silently exfiltrated. A user interacting with a page that looks legitimate but isn’t. You only see those signals by inspecting the page, the scripts, and the user’s interaction, in real time, inside the tab, before any cloud API ever gets touched.",[],{},{"nodeType":274,"data":914,"content":915},{},[916,920,925],{"nodeType":273,"value":917,"marks":918,"data":919},"Second, ",[],{},{"nodeType":273,"value":921,"marks":922,"data":924},"posture can’t stop at the IdP or cloud configuration.",[923],{"type":308},{},{"nodeType":273,"value":926,"marks":927,"data":928}," It’s not enough to enforce MFA and SSO at a handful of centrally managed apps and assume the rest of the estate follows suit. Shadow SaaS breaks that assumption immediately. Local accounts, duplicate identities, and MFA gaps undermine cloud access controls, even when your AWS or Azure configuration is otherwise airtight. If a sensitive app allows password-only access, that weakness propagates straight back into your cloud environment.",[],{},{"nodeType":274,"data":930,"content":931},{},[932],{"nodeType":273,"value":933,"marks":934,"data":935},"Finally, when something does go wrong, teams need more than a login timestamp and an IP address. They need to know what the user actually saw and did. Click-by-click browser session data is what allows responders to understand intent, scope impact accurately, and determine whether a session was abused or simply used.",[],{},{"nodeType":358,"data":937,"content":938},{},[939],{"nodeType":273,"value":940,"marks":941,"data":943},"Visibility into the browser session holds the answers",[942],{"type":308},{},{"nodeType":274,"data":945,"content":946},{},[947],{"nodeType":273,"value":948,"marks":949,"data":950},"If the browser session is where cloud access actually happens, then treating it as a black box is no longer viable.",[],{},{"nodeType":274,"data":952,"content":953},{},[954],{"nodeType":273,"value":955,"marks":956,"data":957},"This is where Push Security fits. Push is designed to cover the missing middle, not by replacing your existing cloud security stack, but by extending it into the one place it can’t reach on its own: the live browser session.",[],{},{"nodeType":274,"data":959,"content":960},{},[961],{"nodeType":273,"value":962,"marks":963,"data":964},"CSPM and CNAPP remain the right tools for securing cloud configuration and infrastructure. They tell you whether IAM policies are sane, resources are exposed, and guardrails are in place. Push addresses a different problem. It focuses on what happens once access is granted, when identity moves from configuration into motion.",[],{},{"nodeType":274,"data":966,"content":967},{},[968],{"nodeType":273,"value":969,"marks":970,"data":971},"Push does this by deploying a browser-native agent, like EDR operates at the host level. That agent gives defenders direct visibility into the application session itself like the page structure being rendered, the user’s interaction with it, and the behaviors attackers rely on when they hijack sessions in real time.",[],{},{"nodeType":388,"data":973,"content":977},{"target":974},{"sys":975},{"id":976,"type":385,"linkType":386},"6qMaivxhJ3xT9DkwXGcCSJ",[],{"nodeType":274,"data":979,"content":980},{},[981],{"nodeType":273,"value":982,"marks":983,"data":984},"That visibility changes how cloud access can be defended.",[],{},{"nodeType":505,"data":986,"content":987},{},[988,1003,1018,1033],{"nodeType":474,"data":989,"content":990},{},[991],{"nodeType":274,"data":992,"content":993},{},[994,999],{"nodeType":273,"value":995,"marks":996,"data":998},"Real-time detection in the browser:",[997],{"type":308},{},{"nodeType":273,"value":1000,"marks":1001,"data":1002}," Detect in-browser attacker techniques as they happen, left of boom. Phishing kits rendering inside login flows, session tokens being intercepted, credential submission into lookalike pages — Push observes these behaviors directly and can block them before any cloud API is touched or a console is reached.",[],{},{"nodeType":474,"data":1004,"content":1005},{},[1006],{"nodeType":274,"data":1007,"content":1008},{},[1009,1014],{"nodeType":273,"value":1010,"marks":1011,"data":1013},"Complete visibility into cloud access paths:",[1012],{"type":308},{},{"nodeType":273,"value":1015,"marks":1016,"data":1017}," Build an accurate inventory of how users are actually accessing cloud services. Push surfaces every application in use, including shadow SaaS, and shows which accounts are local, duplicated, missing MFA, or bypassing SSO — crucial visibility that falls between the cracks of application and identity provider. ",[],{},{"nodeType":474,"data":1019,"content":1020},{},[1021],{"nodeType":274,"data":1022,"content":1023},{},[1024,1029],{"nodeType":273,"value":1025,"marks":1026,"data":1028},"Active hardening at the point of access:",[1027],{"type":308},{},{"nodeType":273,"value":1030,"marks":1031,"data":1032}," Enforce secure login behavior across the entire application surface, not just centrally managed apps. Push can steer users toward using MFA and SSO and block risky credentials on unmanaged tools, closing identity gaps before they’re exploited.",[],{},{"nodeType":474,"data":1034,"content":1035},{},[1036],{"nodeType":274,"data":1037,"content":1038},{},[1039,1044],{"nodeType":273,"value":1040,"marks":1041,"data":1043},"Session-level context for rapid response:",[1042],{"type":308},{},{"nodeType":273,"value":1045,"marks":1046,"data":1047}," When something does go wrong, Push provides the missing ground truth. Instead of stitching together partial logs or relying on brittle app-level integrations, responders can see exactly what the user saw and did in the browser (from context generated directly from the browser session itself) making it possible to understand intent, assess scope accurately, and contain a compromised session quickly.",[],{},{"nodeType":392,"data":1049,"content":1050},{},[],{"nodeType":688,"data":1052,"content":1053},{},[1054],{"nodeType":274,"data":1055,"content":1056},{},[1057,1060,1067,1070,1077,1080,1087],{"nodeType":273,"value":651,"marks":1058,"data":1059},[],{},{"nodeType":568,"data":1061,"content":1062},{"uri":654},[1063],{"nodeType":273,"value":659,"marks":1064,"data":1066},[1065],{"type":851},{},{"nodeType":273,"value":663,"marks":1068,"data":1069},[],{},{"nodeType":568,"data":1071,"content":1072},{"uri":666},[1073],{"nodeType":273,"value":671,"marks":1074,"data":1076},[1075],{"type":851},{},{"nodeType":273,"value":675,"marks":1078,"data":1079},[],{},{"nodeType":568,"data":1081,"content":1082},{"uri":678},[1083],{"nodeType":273,"value":683,"marks":1084,"data":1086},[1085],{"type":851},{},{"nodeType":273,"value":687,"marks":1088,"data":1089},[],{},{"nodeType":274,"data":1091,"content":1092},{},[1093],{"nodeType":273,"value":37,"marks":1094,"data":1095},[],{},"Push + Cloud Security: What do you do when bad looks normal?","Why cloud security tools only give you part of the picture when it comes to modern attacks. ","2026-02-06T00:00:00.000Z","push-plus-cloud-security",{"items":1101},[1102,1104],{"sys":1103,"name":286},{"id":285},{"sys":1105,"name":290},{"id":289},{"items":1107},[1108],{"fullName":713,"firstName":714,"jobTitle":715,"profilePicture":1109},{"url":717},{"items":1111},[1112],{"fullName":713,"firstName":714,"jobTitle":715,"profilePicture":1113},{"url":717},{"json":1115,"links":1607},{"data":1116,"content":1117,"nodeType":275},{},[1118,1126,1133,1140,1152,1160,1167,1174,1181,1189,1192,1200,1207,1214,1221,1240,1246,1253,1270,1278,1400,1403,1411,1418,1430,1437,1442,1449,1456,1464,1471,1479,1486,1493,1500,1548,1560,1596,1601],{"data":1119,"content":1120,"nodeType":310},{},[1121],{"data":1122,"marks":1123,"value":1125,"nodeType":273},{},[1124],{"type":308},"Defense used to start at the network perimeter",{"data":1127,"content":1128,"nodeType":274},{},[1129],{"data":1130,"marks":1131,"value":1132,"nodeType":273},{},[],"If you've been working in security for any length of time, you know where defense starts: the network. Long before cloud-first or SaaS-first became default, the perimeter was where defenders had leverage: visibility, enforcement, and control over traffic moving in and out of the organization.",{"data":1134,"content":1135,"nodeType":274},{},[1136],{"data":1137,"marks":1138,"value":1139,"nodeType":273},{},[],"That mental model hasn’t disappeared. Secure Web Gateways, Cloud Access Security Brokers, and the converged Security Service Edge architecture exist because the problem they solve is still real. Organizations generate an enormous volume of web traffic, and someone has to monitor it, filter it, and enforce policy at scale. These tools sit inline, log metadata, apply categorization, and block what’s already known to be dangerous. Without them, the environment quickly becomes unmanageable and extremely difficult to secure.",{"data":1141,"content":1142,"nodeType":274},{},[1143,1147],{"data":1144,"marks":1145,"value":1146,"nodeType":273},{},[],"They are very good at what they were designed to do: securing the wire. ",{"data":1148,"marks":1149,"value":1151,"nodeType":273},{},[1150],{"type":308},"But what happens over the wire is not the full picture. ",{"data":1153,"content":1154,"nodeType":358},{},[1155],{"data":1156,"marks":1157,"value":1159,"nodeType":273},{},[1158],{"type":308},"Traffic isn't the whole picture anymore",{"data":1161,"content":1162,"nodeType":274},{},[1163],{"data":1164,"marks":1165,"value":1166,"nodeType":273},{},[],"A significant amount of activity happens locally, inside the browser, beyond the visibility of network controls. Modern webpages are effectively complicated web apps that are rendered client-side via JavaScript — and not everything that happens on the page is traffic-generating. ",{"data":1168,"content":1169,"nodeType":274},{},[1170],{"data":1171,"marks":1172,"value":1173,"nodeType":273},{},[],"That distinction matters more than it used to. Authentication, data access, administrative actions, almost all of it now happens inside a browser tab. As a result, the browser has become a central point of both productivity and risk.",{"data":1175,"content":1176,"nodeType":274},{},[1177],{"data":1178,"marks":1179,"value":1180,"nodeType":273},{},[],"Network tools still see the pipeline of traffic moving back and forth. But attackers have adapted to operate within that pipeline rather than around it. They don’t need to break the connection or trigger obvious anomalies. They target the content rendered inside the browser and the user interacting with it.",{"data":1182,"content":1183,"nodeType":274},{},[1184],{"data":1185,"marks":1186,"value":1188,"nodeType":273},{},[1187],{"type":308},"That leaves security teams with noisy traffic visibility and very little insight into the actual attack unfolding inside the browser session.",{"data":1190,"content":1191,"nodeType":392},{},[],{"data":1193,"content":1194,"nodeType":310},{},[1195],{"data":1196,"marks":1197,"value":1199,"nodeType":273},{},[1198],{"type":308},"Traffic visibility vs. in-browser context",{"data":1201,"content":1202,"nodeType":274},{},[1203],{"data":1204,"marks":1205,"value":1206,"nodeType":273},{},[],"The modern attacker's playbook is built on a simple idea: stay inside the network’s line of sight without triggering detections or enforcement. Containing operations to the browser layer provides attackers with an easy bypass of many traditional network controls without ever needing to break or evade them outright.",{"data":1208,"content":1209,"nodeType":274},{},[1210],{"data":1211,"marks":1212,"value":1213,"nodeType":273},{},[],"They do this by staying ahead of known-bad detection models, constantly rotating domains and URLs, using anti-analysis techniques, and delivering phishing lures through channels that bypass traditional network ingress points like the email gateway (like social media or SMS). In many cases, the link is never evaluated by perimeter controls at all.",{"data":1215,"content":1216,"nodeType":274},{},[1217],{"data":1218,"marks":1219,"value":1220,"nodeType":273},{},[],"This creates a fundamental visibility gap. Network security tools can see a request going to a legitimate-looking destination, but they can’t observe what happens once the page executes client-side in the browser. Malicious scripts and phishing elements often don’t appear until after the page loads and a user interacts with it, leaving nothing obviously known-bad for network controls to detect.",{"data":1222,"content":1223,"nodeType":274},{},[1224,1228,1236],{"data":1225,"marks":1226,"value":1227,"nodeType":273},{},[],"Blocklists don’t help much here either. Domains rotate constantly, and the window between a phishing site going live and being categorized as malicious is more than enough time for an attacker to succeed. Until that happens, the traffic appears benign and the user is free to interact with the page. And to make matters worse, attackers are leveraging ",{"data":1229,"content":1231,"nodeType":568},{"uri":1230},"https://pushsecurity.com/blog/phishing-detection-evasion-launch/",[1232],{"data":1233,"marks":1234,"value":1235,"nodeType":273},{},[],"detection evasion techniques",{"data":1237,"marks":1238,"value":1239,"nodeType":273},{},[]," designed to frustrate these detections — meaning most bad pages aren't spotted until it's way too late. ",{"data":1241,"content":1245,"nodeType":388},{"target":1242},{"sys":1243},{"id":1244,"type":385,"linkType":386},"38X1De97xJ8B6GNXTHW6Y5",[],{"data":1247,"content":1248,"nodeType":274},{},[1249],{"data":1250,"marks":1251,"value":1252,"nodeType":273},{},[],"Consider attacker-in-the-middle phishing. From the proxy’s perspective, everything looks clean: user → reputable domain → “standard” web traffic. The phishing infrastructure is often hidden behind redirects or conditional logic designed to screen out proxies and scanners. Inside the browser session, however, credentials are intercepted, session tokens are harvested, and MFA is bypassed in real time.",{"data":1254,"content":1255,"nodeType":274},{},[1256,1259,1266],{"data":1257,"marks":1258,"value":840,"nodeType":273},{},[],{"data":1260,"content":1261,"nodeType":568},{"uri":845},[1262],{"data":1263,"marks":1264,"value":1265,"nodeType":273},{},[],"modern threat groups",{"data":1267,"marks":1268,"value":1269,"nodeType":273},{},[],", these obscured attack vectors lead directly to initial access and account takeover. The network is no longer the control point where the most consequential attacks can be reliably stopped.",{"data":1271,"content":1272,"nodeType":274},{},[1273],{"data":1274,"marks":1275,"value":1277,"nodeType":273},{},[1276],{"type":348},"Browser telemetry is key to detecting and blocking malicious content in real-time, rather than relying on blocklists using known-bad indicators like domains and IPs that go out of date as quickly as new entries appear.",{"data":1279,"content":1280,"nodeType":1399},{},[1281,1306,1330,1353,1376],{"data":1282,"content":1283,"nodeType":1305},{},[1284,1295],{"data":1285,"content":1286,"nodeType":1294},{},[1287],{"data":1288,"content":1289,"nodeType":274},{},[1290],{"data":1291,"marks":1292,"value":1293,"nodeType":273},{},[],"What you see with traffic analysis","table-header-cell",{"data":1296,"content":1297,"nodeType":1294},{},[1298],{"data":1299,"content":1300,"nodeType":274},{},[1301],{"data":1302,"marks":1303,"value":1304,"nodeType":273},{},[],"What you can see with browser telemetry","table-row",{"data":1307,"content":1308,"nodeType":1305},{},[1309,1320],{"data":1310,"content":1311,"nodeType":1319},{},[1312],{"data":1313,"content":1314,"nodeType":274},{},[1315],{"data":1316,"marks":1317,"value":1318,"nodeType":273},{},[],"HTTP request/response bodies ","table-cell",{"data":1321,"content":1322,"nodeType":1319},{},[1323],{"data":1324,"content":1325,"nodeType":274},{},[1326],{"data":1327,"marks":1328,"value":1329,"nodeType":273},{},[],"DOM structure fingerprints",{"data":1331,"content":1332,"nodeType":1305},{},[1333,1343],{"data":1334,"content":1335,"nodeType":1319},{},[1336],{"data":1337,"content":1338,"nodeType":274},{},[1339],{"data":1340,"marks":1341,"value":1342,"nodeType":273},{},[],"URLs and headers",{"data":1344,"content":1345,"nodeType":1319},{},[1346],{"data":1347,"content":1348,"nodeType":274},{},[1349],{"data":1350,"marks":1351,"value":1352,"nodeType":273},{},[],"User interaction metadata ",{"data":1354,"content":1355,"nodeType":1305},{},[1356,1366],{"data":1357,"content":1358,"nodeType":1319},{},[1359],{"data":1360,"content":1361,"nodeType":274},{},[1362],{"data":1363,"marks":1364,"value":1365,"nodeType":273},{},[],"Cookie values in transit",{"data":1367,"content":1368,"nodeType":1319},{},[1369],{"data":1370,"content":1371,"nodeType":274},{},[1372],{"data":1373,"marks":1374,"value":1375,"nodeType":273},{},[],"Cookie names and attributes",{"data":1377,"content":1378,"nodeType":1305},{},[1379,1389],{"data":1380,"content":1381,"nodeType":1319},{},[1382],{"data":1383,"content":1384,"nodeType":274},{},[1385],{"data":1386,"marks":1387,"value":1388,"nodeType":273},{},[],"Static JS code",{"data":1390,"content":1391,"nodeType":1319},{},[1392],{"data":1393,"content":1394,"nodeType":274},{},[1395],{"data":1396,"marks":1397,"value":1398,"nodeType":273},{},[],"Script execution patterns and dynamic JS analysis","table",{"data":1401,"content":1402,"nodeType":392},{},[],{"data":1404,"content":1405,"nodeType":310},{},[1406],{"data":1407,"marks":1408,"value":1410,"nodeType":273},{},[1409],{"type":308},"Securing the browser session is key to stopping modern threats",{"data":1412,"content":1413,"nodeType":274},{},[1414],{"data":1415,"marks":1416,"value":1417,"nodeType":273},{},[],"If the browser is where users actually work, and where attackers actually operate, then that’s the layer that defenders need to understand and control.",{"data":1419,"content":1420,"nodeType":274},{},[1421,1425],{"data":1422,"marks":1423,"value":1424,"nodeType":273},{},[],"Modern web-based attacks don’t succeed because traffic goes uninspected. They succeed because network inspection can’t follow the interaction far enough. Traffic shows where data went, not what the user actually saw or did, ",{"data":1426,"marks":1427,"value":1429,"nodeType":273},{},[1428],{"type":308},"and in today’s attacks, that distinction matters.",{"data":1431,"content":1432,"nodeType":274},{},[1433],{"data":1434,"marks":1435,"value":1436,"nodeType":273},{},[],"To stop these threats, you have to see what the user is actually interacting with. Things like what scripts are loading, how the DOM is being manipulated, or whether the login form a user is using is legitimate or being proxied. Those are page-level signals, and they only exist inside the browser tab.",{"data":1438,"content":1441,"nodeType":388},{"target":1439},{"sys":1440},{"id":976,"type":385,"linkType":386},[],{"data":1443,"content":1444,"nodeType":274},{},[1445],{"data":1446,"marks":1447,"value":1448,"nodeType":273},{},[],"That same shift applies to control. Destination-based blocking breaks down when the destination itself appears legitimate. Effective intervention requires decisions based on behavior as it unfolds so teams can stop risky or malicious activity that would compromise an account.",{"data":1450,"content":1451,"nodeType":274},{},[1452],{"data":1453,"marks":1454,"value":1455,"nodeType":273},{},[],"And visibility can’t stop at centrally managed applications. Shadow SaaS breaks any assumption that access patterns are uniform or fully governed by the IdP. Local accounts, duplicate identities, and password-only logins don’t show up clearly in network telemetry, but they materially expand the attack surface. Seeing every login, across every app, directly from the browser is the only way to build an accurate picture of who has access to what.",{"data":1457,"content":1458,"nodeType":358},{},[1459],{"data":1460,"marks":1461,"value":1463,"nodeType":273},{},[1462],{"type":308},"Push provides the missing context for network security",{"data":1465,"content":1466,"nodeType":274},{},[1467],{"data":1468,"marks":1469,"value":1470,"nodeType":273},{},[],"At this point, the gap should be clear. Network security gives you strong control over traffic, but very little insight into what actually happens once that traffic lands in a user’s browser.",{"data":1472,"content":1473,"nodeType":274},{},[1474],{"data":1475,"marks":1476,"value":1478,"nodeType":273},{},[1477],{"type":308},"This is where Push can help.",{"data":1480,"content":1481,"nodeType":274},{},[1482],{"data":1483,"marks":1484,"value":1485,"nodeType":273},{},[],"The Push browser agent extends monitoring into the browser itself, providing the visibility and control that perimeter-based tools can’t deliver. It doesn’t replace SSE, SWG, or CASB. Those tools remain the right way to manage traffic and enforce policy at the edge. Push complements them by operating in the one place they can’t: inside the live browser session.",{"data":1487,"content":1488,"nodeType":274},{},[1489],{"data":1490,"marks":1491,"value":1492,"nodeType":273},{},[],"Push does this by deploying a browser-native agent, similar in spirit to how EDR works at the host level. That agent gives defenders direct insight into what the network can’t see like the page being rendered, how the user is interacting with it, and the attack techniques that play out entirely within the tab.",{"data":1494,"content":1495,"nodeType":274},{},[1496],{"data":1497,"marks":1498,"value":1499,"nodeType":273},{},[],"With Push deployed, teams gain:",{"data":1501,"content":1502,"nodeType":505},{},[1503,1518,1533],{"data":1504,"content":1505,"nodeType":474},{},[1506],{"data":1507,"content":1508,"nodeType":274},{},[1509,1514],{"data":1510,"marks":1511,"value":1513,"nodeType":273},{},[1512],{"type":308},"Real-time, in-browser threat detection:",{"data":1515,"marks":1516,"value":1517,"nodeType":273},{},[]," Detect and stop attacks like AiTM phishing and session hijacking based on what’s actually happening in the browser. Instead of relying on blocklists or downstream signals, Push identifies attacker behavior as it unfolds and can intervene before credentials or session tokens are stolen.",{"data":1519,"content":1520,"nodeType":474},{},[1521],{"data":1522,"content":1523,"nodeType":274},{},[1524,1529],{"data":1525,"marks":1526,"value":1528,"nodeType":273},{},[1527],{"type":308},"Complete visibility into SaaS access: ",{"data":1530,"marks":1531,"value":1532,"nodeType":273},{},[],"Build a true inventory of user identities and authentication methods across every application in use, including shadow SaaS. Push fills the gaps left by network and IdP logs, giving teams a real picture of where access exists and how it’s being granted.",{"data":1534,"content":1535,"nodeType":474},{},[1536],{"data":1537,"content":1538,"nodeType":274},{},[1539,1544],{"data":1540,"marks":1541,"value":1543,"nodeType":273},{},[1542],{"type":308},"Streamlined hardening at the point of access:",{"data":1545,"marks":1546,"value":1547,"nodeType":273},{},[]," Use the browser as a control point to enforce secure login behavior everywhere it matters. Mandate MFA, steer users toward SSO, and block risky credentials on unmanaged apps, shifting from reactive cleanup to continuous, preventative hardening.",{"data":1549,"content":1550,"nodeType":274},{},[1551,1555],{"data":1552,"marks":1553,"value":1554,"nodeType":273},{},[],"The result is a unified model and real defense in depth. ",{"data":1556,"marks":1557,"value":1559,"nodeType":273},{},[1558],{"type":308},"Network tools secure the pipeline, and Push secures the user moving through it.",{"data":1561,"content":1562,"nodeType":688},{},[1563],{"data":1564,"content":1565,"nodeType":274},{},[1566,1569,1575,1578,1584,1587,1593],{"data":1567,"marks":1568,"value":651,"nodeType":273},{},[],{"data":1570,"content":1571,"nodeType":568},{"uri":654},[1572],{"data":1573,"marks":1574,"value":659,"nodeType":273},{},[],{"data":1576,"marks":1577,"value":663,"nodeType":273},{},[],{"data":1579,"content":1580,"nodeType":568},{"uri":666},[1581],{"data":1582,"marks":1583,"value":671,"nodeType":273},{},[],{"data":1585,"marks":1586,"value":675,"nodeType":273},{},[],{"data":1588,"content":1589,"nodeType":568},{"uri":678},[1590],{"data":1591,"marks":1592,"value":683,"nodeType":273},{},[],{"data":1594,"marks":1595,"value":687,"nodeType":273},{},[],{"data":1597,"content":1600,"nodeType":388},{"target":1598},{"sys":1599},{"id":693,"type":385,"linkType":386},[],{"data":1602,"content":1603,"nodeType":274},{},[1604],{"data":1605,"marks":1606,"value":37,"nodeType":273},{},[],{"entries":1608},{"hyperlink":1609,"inline":1610,"block":1611},[],[],[1612,1620,1626],{"sys":1613,"__typename":1614,"title":1615,"caption":118,"layoutMode":118,"file":1616},{"id":1244},"Image","Why known-bad detections are failing. ",{"url":1617,"width":1618,"height":1619},"https://images.ctfassets.net/y1cdw1ablpvd/6b63OwWsBBv4z7HAiaOKL8/defc65b40e27f1b14ad64cbf09d8c1d4/Screenshot_2026-01-30_at_16.57.54.png",3372,1800,{"sys":1621,"__typename":1614,"title":1622,"caption":1622,"layoutMode":118,"file":1623},{"id":976},"The browser sees the \"missing middle\" that is key to stopping modern attacks.",{"url":1624,"width":1618,"height":1625},"https://images.ctfassets.net/y1cdw1ablpvd/62kkmEzar8I24kELigqdoq/8e4c0476ba9bec03c418977bed5f40e6/Screenshot_2026-01-30_at_16.42.19.png",1560,{"sys":1627,"__typename":1628,"type":1629,"ctaText":1630,"buttonLabel":1631,"buttonColour":1632,"buttonUrl":1633},{"id":693},"CtaWidget","Custom","Stop browser-based attacks in real time. Book a demo today. ","Book a Demo","sunny orange","https://pushsecurity.com/demo/","content:blog:push-plus-network-security.json","json","content","blog/push-plus-network-security.json","blog/push-plus-network-security",[1640,1823,1942,2061,2179,2299,2419,2539],{"createdDate":1641,"id":1642,"name":1643,"modelId":1644,"published":13,"stageModifiedSincePublish":6,"query":1645,"data":1651,"variations":1811,"lastUpdated":1812,"firstPublished":1813,"testRatio":33,"screenshot":1814,"createdBy":34,"lastUpdatedBy":1815,"folders":1816,"meta":1817,"rev":1822},1744829487099,"387451215c314dd5bd654668cdc1a197","Zero-day phishing","cca4143377554c5a9163cc203a8ed2ba",[1646],{"@type":1647,"property":1648,"operator":1649,"value":1650},"@builder.io/core:Query","urlPath","is","/uc/zero-day-phishing-protection",{"inputs":1652,"customFonts":1653,"seoTitle":1700,"title":1700,"tsCode":37,"seoDescription":1701,"fontAwesomeIcon":1702,"jsCode":37,"blocks":1703,"url":1650,"state":1808},[],[1654],{"family":1655,"kind":1656,"version":1657,"lastModified":1658,"files":1659,"category":1678,"menu":1679,"subsets":1680,"variants":1683},"DM Sans","webfonts#webfont","v14","2023-07-13",{"100":1660,"200":1661,"300":1662,"500":1663,"600":1664,"700":1665,"800":1666,"900":1667,"800italic":1668,"900italic":1669,"700italic":1670,"100italic":1671,"italic":1672,"regular":1673,"200italic":1674,"500italic":1675,"300italic":1676,"600italic":1677},"https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAop1hTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwA_JxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAkJxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAfJthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwARZthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAC5thTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8gCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9uCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDG3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-7DW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat_XDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9XCm3zRmYJpso5.ttf","sans-serif","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRT23z.ttf",[1681,1682],"latin","latin-ext",[1684,1685,1686,1687,1688,1689,128,1690,1691,1692,1693,1694,348,1695,1696,1697,1698,1699],"100","200","300","regular","500","600","800","900","100italic","200italic","300italic","500italic","600italic","700italic","800italic","900italic","Zero-day phishing protection","Detect phishing TTPs directly in the browser and stop credential theft.","faFishingRod",[1704,1803],{"@type":106,"@version":107,"tagName":1705,"id":1706,"children":1707},"div","builder-76c6b8d1499346c7bc1fd56ae4e93638",[1708,1725,1733,1740,1752,1767,1778,1789,1795],{"@type":106,"@version":107,"layerName":1709,"id":1710,"component":1711,"responsiveStyles":1722},"UseCaseHero","builder-5228fe062bef4a40a91e43f1112832fa",{"name":1709,"options":1712,"isRSC":118},{"title":1700,"description":1713,"points":1714,"video":1721},"\u003Cp>Push detects phishing as it happens. Autonomous agents hunt for new phishing techniques, identify kit signatures, and deploy detections within minutes of a new attack being analyzed. From cloned login pages to AiTM credential harvesting, Push sees what traditional filters miss and stops threats before they escalate.\u003C/p>",[1715,1717,1719],{"item":1716},"Detect phishing that bypasses traditional filters, including AiTM, SSO password theft, and fake login pages",{"item":1718},"Stop never-before-seen attacks with AI-native behavioral and on-page analysis inside the browser",{"item":1720},"Investigate faster with unified browser, user, and page context","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F40433ceeb4f94b43a82e039a0f4fd411%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=40433ceeb4f94b43a82e039a0f4fd411&alt=media&optimized=true",{"large":1723},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1724},"transparent",{"@type":106,"@version":107,"id":1726,"component":1727,"responsiveStyles":1730},"builder-96634044407e491299e291ed64669e39",{"name":1728,"options":1729,"isRSC":118},"TrustedBy",{"AllPartners":41,"backgroundTransparent":6},{"large":1731},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1732},"#000",{"@type":106,"@version":107,"id":1734,"component":1735,"responsiveStyles":1738},"builder-2c3768f930534557bb8978e32b6a6a0f",{"name":1736,"options":1737,"isRSC":118},"Diagonal",{"darkMode":41},{"large":1739},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":1741,"id":1742,"component":1743,"responsiveStyles":1750},"TextImageBlockVertical","builder-7c3c1c2840424db2ad2ccbfaf382dd64",{"name":1741,"tag":1741,"options":1744,"isRSC":118},{"darkMode":6,"maxWidth":1745,"maxTextWidth":1746,"title":1747,"description":1748,"animatedTitle":37,"image":1749,"reverse":6,"descriptionPaddingHorizontal":118},1200,800,"\u003Ch2>Why stop at the inbox?\u003C/h2>","\u003Cp>Phishing attacks have evolved. Whether attackers lure users with QR codes, instant messages, or OAuth consent screens, the outcome is the same: it plays out in the browser. Push gives you real-time detection for in-browser threats, stopping phishing and consent-based attacks before they lead to compromise\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7fdcac241f0e4a049166d7076858adeb",{"large":1751},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1753,"component":1754,"responsiveStyles":1762},"builder-41c978b3669749cf947e622b4e79e4d7",{"name":1755,"options":1756,"isRSC":118},"TextImageBlockHorizontal",{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1758,"title":1759,"description":1760,"reverse":41,"image":1761},600,100,"\u003Cp>Detect phishing at the edge\u003C/p>","\u003Cp>Push uses industry-first telemetry to detect phishing based on behavior, not static indicators. Autonomous agents analyze how phishing pages behave and how users interact with them, uncovering fake logins, credential theft, and phishing kits the moment they load in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9df3d180c97b4e61af142af2ccd68721",{"large":1763},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":1764,"paddingTop":1765,"marginTop":1766},"DM Sans, sans-serif","20px","0px",{"@type":106,"@version":107,"id":1768,"component":1769,"responsiveStyles":1775},"builder-d2a7bc941feb43cdb898bc116b203cf9",{"name":1755,"options":1770,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1771,"title":1772,"description":1773,"reverse":6,"image":1774},120,"\u003Ch2>Go beyond blocklists and IOCs\u003C/h2>","\u003Cp>Push goes beyond URLs and easy-to-change indicators. It reads the full phishing playbook like script behavior, session hijacks, DOM changes, user inputs, then connects the dots in real time. This gives your team a complete picture of how the phishing attempt worked, not just an alert.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabfd58db169b433e96d3f1261797156e",{"large":1776},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1777},"36px",{"@type":106,"@version":107,"layerName":1755,"id":1779,"component":1780,"responsiveStyles":1786},"builder-42c32198083f4880acb37c5cb76934da",{"name":1755,"options":1781,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1782,"title":1783,"description":1784,"reverse":41,"image":1785},140,"\u003Ch2>Enhance your phishing response\u003C/h2>","\u003Cp>When phishing enters your environment, speed matters. Push gives you instant access to the telemetry that counts like session data, user behavior, and page activity, so you can investigate fast, trigger in-browser prompts, or forward alerts to your SIEM or SOAR for response. All in real time, right from the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbb195aec46904056b85e8688629e558e",{"large":1787},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1788},"47px",{"@type":106,"@version":107,"id":1790,"component":1791,"responsiveStyles":1793},"builder-9a95b9cbc4854421a92ef7b90f6c7adb",{"name":1736,"options":1792,"isRSC":118},{"darkMode":6},{"large":1794},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1796,"component":1797,"responsiveStyles":1801},"builder-0afa17a9f25c4661a90f314d5578aa18",{"name":1798,"tag":1798,"options":1799,"isRSC":118},"LatestResources",{"sectionHeading":37,"customClass":1800},"bg-black",{"large":1802},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1804,"@type":106,"tagName":131,"properties":1805,"responsiveStyles":1806},"builder-pixel-21yj6h3p4wh",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1807},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1809},{"path":37,"query":1810},{},{},1776275046831,1745499158657,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fff60c30a8442489c8ed7e0af9599d14f","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"lastPreviewUrl":1818,"winningTest":118,"breakpoints":1819,"kind":1820,"hasLinks":6,"originalContentId":1821,"hasAutosaves":6},"https://pushsecurity.com/uc/zero-day-phishing-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=387451215c314dd5bd654668cdc1a197&builder.overrides.387451215c314dd5bd654668cdc1a197=387451215c314dd5bd654668cdc1a197&builder.overrides.use-case-page:/uc/zero-day-phishing-protection=387451215c314dd5bd654668cdc1a197&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},"page","2daa5670b8504fc7ba4700633e8bd921","atvz4dp24b7",{"createdDate":1824,"id":1825,"name":1826,"modelId":1644,"published":13,"stageModifiedSincePublish":6,"query":1827,"data":1830,"variations":1934,"lastUpdated":1935,"firstPublished":1936,"testRatio":33,"screenshot":1937,"createdBy":34,"lastUpdatedBy":1815,"folders":1938,"meta":1939,"rev":1822},1756833377777,"54f8256648f54d439303734b1e69221b","Browser extension security",[1828],{"@type":1647,"property":1648,"operator":1649,"value":1829},"/uc/browser-extension-security",{"seoDescription":1831,"jsCode":37,"fontAwesomeIcon":1832,"tsCode":37,"title":1826,"seoTitle":1826,"customFonts":1833,"inputs":1838,"blocks":1839,"url":1829,"state":1931},"Shine a light on risky browser extensions.","faPuzzlePiece",[1834],{"kind":1656,"family":1655,"version":1657,"files":1835,"category":1678,"lastModified":1658,"subsets":1836,"variants":1837,"menu":1679},{"100":1660,"200":1661,"300":1662,"500":1663,"600":1664,"700":1665,"800":1666,"900":1667,"100italic":1671,"italic":1672,"regular":1673,"900italic":1669,"800italic":1668,"700italic":1670,"200italic":1674,"300italic":1676,"500italic":1675,"600italic":1677},[1681,1682],[1684,1685,1686,1687,1688,1689,128,1690,1691,1692,1693,1694,348,1695,1696,1697,1698,1699],[],[1840,1926],{"@type":106,"@version":107,"tagName":1705,"id":1841,"meta":1842,"children":1843},"builder-71d0648c1d2f4ede8d0d0b5b28b7b94c",{"previousId":1706},[1844,1860,1867,1874,1883,1893,1903,1913,1920],{"@type":106,"@version":107,"id":1845,"meta":1846,"component":1847,"responsiveStyles":1858},"builder-ff325b4b8fad4edea53f38865947e854",{"previousId":1710},{"name":1709,"options":1848,"isRSC":118},{"title":1826,"description":1849,"points":1850,"video":1857},"\u003Cp>Browser extensions introduce new code, new permissions, and new potential for risk. Many include AI features, and most go completely unnoticed. Push gives you full visibility into every extension used across your workforce, across major browsers, so you can uncover shadow IT, assess risky permissions, and block unsafe tools before they lead to compromise.\u003C/p>",[1851,1853,1855],{"item":1852},"Discover every browser extension in use",{"item":1854},"Spot risky or unsanctioned behavior",{"item":1856},"Make informed decisions on extension policy","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc538aad95d7f403aa3c3551af72f67c0?alt=media&token=1411fa6d-2eac-4e6c-94bf-ea117da12d67&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",{"large":1859},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1724},{"@type":106,"@version":107,"id":1861,"meta":1862,"component":1863,"responsiveStyles":1865},"builder-fb89d128c64e47cf9cbb11d90fc24523",{"previousId":1726},{"name":1728,"options":1864,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1866},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1732},{"@type":106,"@version":107,"id":1868,"meta":1869,"component":1870,"responsiveStyles":1872},"builder-54388d35126c4d0096eeebaf8c4448cd",{"previousId":1734},{"name":1736,"options":1871,"isRSC":118},{"darkMode":41},{"large":1873},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":1741,"id":1875,"component":1876,"responsiveStyles":1881},"builder-3c8fa6785dd6466abf52a2470d66d85a",{"name":1741,"tag":1741,"options":1877,"isRSC":118},{"darkMode":6,"maxWidth":1745,"maxTextWidth":1746,"title":1878,"description":1879,"image":1880,"reverse":6},"\u003Ch2>Take control of browser extensions\u003C/h2>","\u003Cp>Attackers are increasingly using malicious browser extensions to gain access to data processed and stored in the browser. And the problem is, most security teams have no visibility into what extensions are being used. Push changes that. With browser-native telemetry, the Push extension continuously inventories browser extensions across your environment, flags the risky ones, and gives you intelligence to act. \u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0a004f16a6874f4c8fdf14344acc9fec",{"large":1882},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1884,"meta":1885,"component":1886,"responsiveStyles":1891},"builder-93738f98109a4009affb349afd7bb182",{"previousId":1753},{"name":1755,"options":1887,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1758,"title":1888,"description":1889,"reverse":41,"image":1890},"\u003Ch2>Discover every extension in use\u003C/h2>","\u003Cp>Push gives you structured, searchable data about every extension in your environment, so you’re not just seeing what’s there, but also understanding how it got there, what it can do, and who it affects. It’s the kind of granular insight that’s nearly impossible to get from traditional tools, and it lays the groundwork for better policy decisions and faster investigations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0e5727ca99474f14b1b7916bf6bbb782",{"large":1892},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":1764,"paddingTop":1765,"marginTop":1766},{"@type":106,"@version":107,"id":1894,"meta":1895,"component":1896,"responsiveStyles":1901},"builder-83393acb12ee4fdd840839185b51edb4",{"previousId":1768},{"name":1755,"options":1897,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1771,"title":1898,"description":1899,"reverse":6,"image":1900},"\u003Ch2>Spot risky or malicious extensions\u003C/h2>","\u003Cp>Push highlights extensions with dangerous permissions, broad access, or poor reputations. This includes AI extensions that request access far beyond what their stated purpose requires. You can quickly detect sideloaded, manually installed, or development-mode extensions that bypass normal controls. And because Push shows you who’s using them and where, you can respond precisely and effectively.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa104d58c8da34fbb8901f738fb21453b",{"large":1902},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1777},{"@type":106,"@version":107,"layerName":1755,"id":1904,"meta":1905,"component":1906,"responsiveStyles":1911},"builder-da98e3de949646d89c53a0d1c2784664",{"previousId":1779},{"name":1755,"options":1907,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1782,"title":1908,"description":1909,"reverse":41,"image":1910},"\u003Ch2>Accelerate security reviews\u003C/h2>","\u003Cp>Most teams have extension policies, they just don’t have the data to enforce them. Push reveals how each extension entered your environment, whether it was installed manually, sideloaded, or deployed in dev mode. You’ll see which users are running what, and where, so you can surface violations, investigate quickly, and respond with confidence.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F229f355be6f243b180f410d237a75bb3",{"large":1912},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1788},{"@type":106,"@version":107,"id":1914,"meta":1915,"component":1916,"responsiveStyles":1918},"builder-1a689287d1a1418997d57db578a71105",{"previousId":1790},{"name":1736,"options":1917,"isRSC":118},{"darkMode":6},{"large":1919},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1921,"component":1922,"responsiveStyles":1924},"builder-feb4e75029f84c10b6498ef1f8f79128",{"name":1798,"tag":1798,"options":1923,"isRSC":118},{"sectionHeading":37,"customClass":1800},{"large":1925},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1927,"@type":106,"tagName":131,"properties":1928,"responsiveStyles":1929},"builder-pixel-0edn39avfcei",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1930},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1932},{"path":37,"query":1933},{},{},1776275365038,1757000441666,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8d496cf111644ee5afcc046b72d1ca5a",[],{"kind":1820,"winningTest":118,"breakpoints":1940,"lastPreviewUrl":1941,"hasLinks":6,"originalContentId":1642,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/browser-extension-security?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=54f8256648f54d439303734b1e69221b&builder.overrides.54f8256648f54d439303734b1e69221b=54f8256648f54d439303734b1e69221b&builder.overrides.use-case-page:/uc/browser-extension-security=54f8256648f54d439303734b1e69221b&builder.options.locale=Default",{"createdDate":1943,"id":1944,"name":1945,"modelId":1644,"published":13,"query":1946,"data":1949,"variations":2052,"lastUpdated":2053,"firstPublished":2054,"testRatio":33,"screenshot":2055,"createdBy":34,"lastUpdatedBy":2056,"folders":2057,"meta":2058,"rev":1822},1744923509705,"94bebb7bb99d48629ad157e80cf4d81d","Account takeover detection",[1947],{"@type":1647,"property":1648,"operator":1649,"value":1948},"/uc/account-takeover-detection",{"title":1945,"customFonts":1950,"jsCode":37,"seoTitle":1945,"seoDescription":1955,"fontAwesomeIcon":1956,"tsCode":37,"blocks":1957,"url":1948,"state":2049},[1951],{"kind":1656,"category":1678,"variants":1952,"menu":1679,"files":1953,"family":1655,"subsets":1954,"version":1657,"lastModified":1658},[1684,1685,1686,1687,1688,1689,128,1690,1691,1692,1693,1694,348,1695,1696,1697,1698,1699],{"100":1660,"200":1661,"300":1662,"500":1663,"600":1664,"700":1665,"800":1666,"900":1667,"300italic":1676,"500italic":1675,"800italic":1668,"700italic":1670,"italic":1672,"900italic":1669,"600italic":1677,"200italic":1674,"regular":1673,"100italic":1671},[1681,1682],"Stop ATO with stolen credential and compromised token detection.","faUserSecret",[1958,2044],{"@type":106,"@version":107,"tagName":1705,"id":1959,"meta":1960,"children":1961},"builder-e7913a774cae44c5a23d6081c5c30a52",{"previousId":1706},[1962,1978,1985,1992,2001,2011,2021,2031,2038],{"@type":106,"@version":107,"id":1963,"meta":1964,"component":1965,"responsiveStyles":1976},"builder-f1f1ab1601bc4c0f8c2a8aafd173675d",{"previousId":1710},{"name":1709,"options":1966,"isRSC":118},{"title":1945,"description":1967,"points":1968,"video":1975},"\u003Cp>Attackers don’t need to phish, they just need a password that works. Push monitors for signs of credential-based attacks in real time, directly in the browser, catching account takeover attempts before the damage spreads. From ghost logins to credential stuffing, Push cuts off the paths attackers use to quietly slip in the back door.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[1969,1971,1973],{"item":1970},"Identify credential-based ATO as it unfolds",{"item":1972},"Surface hijacked sessions and token misuse",{"item":1974},"Strengthen authentication where your IdP can’t","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb4dd9db24bc9495b8a686b1b4d492016%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=b4dd9db24bc9495b8a686b1b4d492016&alt=media&optimized=true",{"large":1977},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1724},{"@type":106,"@version":107,"id":1979,"meta":1980,"component":1981,"responsiveStyles":1983},"builder-0bc0d1c78ece4994993c3a6427a4d533",{"previousId":1726},{"name":1728,"options":1982,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1984},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1732},{"@type":106,"@version":107,"id":1986,"meta":1987,"component":1988,"responsiveStyles":1990},"builder-e45de8f3768c4f16938dbf78e4e87524",{"previousId":1734},{"name":1736,"options":1989,"isRSC":118},{"darkMode":41},{"large":1991},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1993,"component":1994,"responsiveStyles":1999},"builder-c98e8bfd341146c1b67c02d5698ff093",{"name":1741,"tag":1741,"options":1995,"isRSC":118},{"darkMode":6,"maxWidth":1745,"maxTextWidth":1746,"title":1996,"description":1997,"image":1998,"reverse":6},"\u003Ch2>Assume less. See more.\u003C/h2>","\u003Cp>Most account takeovers don’t start with a breach, they start with a login. Whether it’s a reused password, a local account, or an outdated login flow, Push shows you how accounts are actually accessed day to day, not just how policies say they should be. That means no more blind spots around ghost logins, bypassed SSO, or stale access paths that quietly persist.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F18630ad2746d4eb7b7fcc0428b11a8f0",{"large":2000},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2002,"meta":2003,"component":2004,"responsiveStyles":2009},"builder-55c1fc38ddc04fd1a0d6a8e2fb819e00",{"previousId":1753},{"name":1755,"options":2005,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1758,"title":2006,"description":2007,"reverse":41,"image":2008},"\u003Ch2>Catch stolen credential use in real time\u003C/h2>","\u003Cp>Push monitors login activity directly in the browser to detect signs of credential-based attacks like leaked password use or suspicious login flows. By analyzing attacker TTPs instead of relying on known indicators, Push spots credential stuffing and account takeover attempts the moment they begin, not after they’ve succeeded.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F52b0123cac2c4dfdb1dc0af6adf9d603",{"large":2010},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":1764,"paddingTop":1766,"marginTop":1766},{"@type":106,"@version":107,"id":2012,"meta":2013,"component":2014,"responsiveStyles":2019},"builder-dfb31737b30948c6b95323655d571a50",{"previousId":1768},{"name":1755,"options":2015,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1771,"title":2016,"description":2017,"reverse":6,"image":2018},"\u003Ch2>Detect session hijacks and stealth access\u003C/h2>","\u003Cp>Attackers don’t always need a login screen, they often sidestep it entirely using stolen session tokens. Push detects when valid sessions are reused in unexpected ways, identifying hijacked sessions and stealth access attempts that traditional tools miss. Because we monitor directly in the browser, you see what’s happening inside active sessions in real time.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F94a6859a99e04d309ffe5841f3dbdf5c",{"large":2020},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1777},{"@type":106,"@version":107,"layerName":1755,"id":2022,"meta":2023,"component":2024,"responsiveStyles":2029},"builder-f7585b90eb974d03a7dc7eae5b58d227",{"previousId":1779},{"name":1755,"options":2025,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1782,"title":2026,"description":2027,"reverse":41,"image":2028},"\u003Ch2>Harden accounts before they’re compromised\u003C/h2>","\u003Cp>Push goes beyond alerts. It identifies apps that still allow local logins, even when SSO is configured, so you can remove weak access paths. Push also flags users without MFA, reused work credentials, or weak passwords, and prompts users in-browser to fix risky behaviors before they’re exploited.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01c1b638f1b6497093a4f2b8ceddb5bb",{"large":2030},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1788},{"@type":106,"@version":107,"id":2032,"meta":2033,"component":2034,"responsiveStyles":2036},"builder-ad81d1e3afec49a791214194eae09bdc",{"previousId":1790},{"name":1736,"options":2035,"isRSC":118},{"darkMode":6},{"large":2037},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2039,"component":2040,"responsiveStyles":2042},"builder-8dac1aa4b9d148628d92252bd8eff822",{"name":1798,"tag":1798,"options":2041,"isRSC":118},{"sectionHeading":37,"customClass":1800},{"large":2043},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":2045,"@type":106,"tagName":131,"properties":2046,"responsiveStyles":2047},"builder-pixel-s5u3wmvz7jq",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":2048},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":2050},{"path":37,"query":2051},{},{},1770892814499,1745499162732,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F58b660fa94aa4b30b0faeb9b663ae41a","SfUPqW5tkibIPby49keNFMdHFTr1",[],{"lastPreviewUrl":2059,"hasLinks":6,"originalContentId":1642,"breakpoints":2060,"winningTest":118,"kind":1820,"hasAutosaves":41},"https://pushsecurity.com/uc/account-takeover-detection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.94bebb7bb99d48629ad157e80cf4d81d=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.use-case-page:/uc/account-takeover-detection=94bebb7bb99d48629ad157e80cf4d81d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":2062,"id":2063,"name":2064,"modelId":1644,"published":13,"query":2065,"data":2068,"variations":2171,"lastUpdated":2172,"firstPublished":2173,"testRatio":33,"screenshot":2174,"createdBy":34,"lastUpdatedBy":2056,"folders":2175,"meta":2176,"rev":1822},1745009370904,"23eb48fb56d3451cab77cb6ed140ee6d","Attack path hardening",[2066],{"@type":1647,"property":1648,"operator":1649,"value":2067},"/uc/attack-path-hardening",{"tsCode":37,"seoDescription":2069,"jsCode":37,"customFonts":2070,"fontAwesomeIcon":2075,"seoTitle":2064,"title":2064,"blocks":2076,"url":2067,"state":2168},"Harden access paths with visibility,  detection, and guardrails.",[2071],{"kind":1656,"files":2072,"version":1657,"lastModified":1658,"subsets":2073,"menu":1679,"category":1678,"variants":2074,"family":1655},{"100":1660,"200":1661,"300":1662,"500":1663,"600":1664,"700":1665,"800":1666,"900":1667,"regular":1673,"italic":1672,"800italic":1668,"500italic":1675,"600italic":1677,"200italic":1674,"900italic":1669,"700italic":1670,"100italic":1671,"300italic":1676},[1681,1682],[1684,1685,1686,1687,1688,1689,128,1690,1691,1692,1693,1694,348,1695,1696,1697,1698,1699],"faRadar",[2077,2163],{"@type":106,"@version":107,"tagName":1705,"id":2078,"meta":2079,"children":2080},"builder-1d8553eddcaa44d7bba9e2f4ca13af2a",{"previousId":1959},[2081,2097,2104,2111,2120,2130,2140,2150,2157],{"@type":106,"@version":107,"id":2082,"meta":2083,"component":2084,"responsiveStyles":2095},"builder-84fe3d7c85a743cf8cef649aa974f1ef",{"previousId":1963},{"name":1709,"options":2085,"isRSC":118},{"title":2064,"description":2086,"points":2087,"video":2094},"\u003Cp>Push continuously monitors your environment for exposed login paths, weak credentials, and missing protections like MFA. It detects the gaps attackers exploit and helps you close them before they’re used.\u003C/p>",[2088,2090,2092],{"item":2089},"Find weak spots like reused passwords, local logins, and missing MFA",{"item":2091},"Monitor how users actually log in across apps, flows, and tools",{"item":2093},"Enforce secure access with in-browser guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdbdcf52892034f1bbddded77f753a343%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=dbdcf52892034f1bbddded77f753a343&alt=media&optimized=true",{"large":2096},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1724},{"@type":106,"@version":107,"id":2098,"meta":2099,"component":2100,"responsiveStyles":2102},"builder-b3f66f5b08054cc78a06fecfc3ae2337",{"previousId":1979},{"name":1728,"options":2101,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":2103},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1732},{"@type":106,"@version":107,"id":2105,"meta":2106,"component":2107,"responsiveStyles":2109},"builder-4c73418b84be49ed85e6e13d2625c5a0",{"previousId":1986},{"name":1736,"options":2108,"isRSC":118},{"darkMode":41},{"large":2110},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2112,"component":2113,"responsiveStyles":2118},"builder-dec0246085e1485c803f7152b1922a81",{"name":1741,"tag":1741,"options":2114,"isRSC":118},{"darkMode":6,"maxWidth":1745,"maxTextWidth":1746,"title":2115,"description":2116,"image":2117,"reverse":6},"\u003Ch2>Find the gaps that lead to compromise\u003C/h2>","\u003Cp>Misconfigurations don’t show up in your config files, they show up in how users actually access apps. Push monitors real login behavior in the browser, surfacing risky patterns like local login access, duplicate accounts, or missing protections that leave doors wide open.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F309a59bba8d247a19476bb369397460e",{"large":2119},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2121,"meta":2122,"component":2123,"responsiveStyles":2128},"builder-ebf049a645604a249550996a88f8f3b6",{"previousId":2002},{"name":1755,"options":2124,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1758,"title":2125,"description":2126,"reverse":41,"image":2127},"\u003Ch2>See real login behavior\u003C/h2>","\u003Cp>Push watches authentication flows as they happen, giving you a live view of how users log in, which methods they choose, and where protections like MFA are missing. Plus, uncover every app and account in use, even shadow IT you didn’t know existed, without relying on stale config files or IdP assumptions. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb51f6b0357cc451b87a7a5016d984e5e",{"large":2129},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":1764,"paddingTop":1765,"marginTop":1766},{"@type":106,"@version":107,"id":2131,"meta":2132,"component":2133,"responsiveStyles":2138},"builder-431d175c59004669b0b2776b07d71737",{"previousId":2012},{"name":1755,"options":2134,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1771,"title":2135,"description":2136,"reverse":6,"image":2137},"\u003Ch2>Find and fix posture drift\u003C/h2>","\u003Cp>Security posture isn’t static. Push continuously monitors for issues like missing MFA or legacy login methods. When something falls out of policy, you know immediately with custom notifications so you can act before it turns into risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F324e39127dfc41e592b1183dfb39892d",{"large":2139},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1777},{"@type":106,"@version":107,"layerName":1755,"id":2141,"meta":2142,"component":2143,"responsiveStyles":2148},"builder-3dffdcbe0a484e2ca4c03f019b6d40ee",{"previousId":2022},{"name":1755,"options":2144,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1782,"title":2145,"description":2146,"reverse":41,"image":2147},"\u003Ch2>Guide users with in-browser guardrails\u003C/h2>","\u003Cp>Push doesn’t just surface problems, it helps you fix them. When users sign in without MFA, reuse a password, or use insecure credentials, Push prompts them directly in the browser to secure their access. It’s faster, more effective, and actually gets results.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fee8b75d13e45488aba55434a8b49ebb0",{"large":2149},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1788},{"@type":106,"@version":107,"id":2151,"meta":2152,"component":2153,"responsiveStyles":2155},"builder-976bc222cd7647ff905f1e01cfedc453",{"previousId":2032},{"name":1736,"options":2154,"isRSC":118},{"darkMode":6},{"large":2156},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2158,"component":2159,"responsiveStyles":2161},"builder-8c47ec2fd0f74382bb3e6c870555632c",{"name":1798,"tag":1798,"options":2160,"isRSC":118},{"sectionHeading":37,"customClass":1800},{"large":2162},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":2164,"@type":106,"tagName":131,"properties":2165,"responsiveStyles":2166},"builder-pixel-7akm7dayau8",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":2167},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":2169},{"path":37,"query":2170},{},{},1770892844854,1745499166112,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6ca12bf728a045f1a31d40c0beb3bfe5",[],{"kind":1820,"lastPreviewUrl":2177,"breakpoints":2178,"hasLinks":6,"originalContentId":1944,"winningTest":118,"hasAutosaves":6},"https://pushsecurity.com/uc/attack-path-hardening?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.23eb48fb56d3451cab77cb6ed140ee6d=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.use-case-page:/uc/attack-path-hardening=23eb48fb56d3451cab77cb6ed140ee6d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":2180,"id":2181,"name":2182,"modelId":1644,"published":13,"query":2183,"data":2186,"variations":2291,"lastUpdated":2292,"firstPublished":2293,"testRatio":33,"screenshot":2294,"createdBy":34,"lastUpdatedBy":2056,"folders":2295,"meta":2296,"rev":1822},1761675020232,"ea4f309d2ffe46c5aa97ebf0fda4e2e3","ClickFix Protection",[2184],{"@type":1647,"property":1648,"operator":1649,"value":2185},"/uc/clickfix-protection",{"seoDescription":2187,"fontAwesomeIcon":2188,"customFonts":2189,"seoTitle":2194,"jsCode":37,"tsCode":37,"title":2194,"blocks":2195,"url":2185,"state":2288},"Block attacks that trick users into running malicious code.","faLaptopCode",[2190],{"files":2191,"subsets":2192,"menu":1679,"version":1657,"kind":1656,"family":1655,"lastModified":1658,"variants":2193,"category":1678},{"100":1660,"200":1661,"300":1662,"500":1663,"600":1664,"700":1665,"800":1666,"900":1667,"200italic":1674,"800italic":1668,"700italic":1670,"600italic":1677,"100italic":1671,"italic":1672,"regular":1673,"300italic":1676,"500italic":1675,"900italic":1669},[1681,1682],[1684,1685,1686,1687,1688,1689,128,1690,1691,1692,1693,1694,348,1695,1696,1697,1698,1699],"ClickFix protection",[2196,2283],{"@type":106,"@version":107,"tagName":1705,"id":2197,"meta":2198,"children":2199},"builder-d7eefdde0f2a4b2b9de3dcb2978fd6cb",{"previousId":2078},[2200,2216,2223,2230,2240,2250,2260,2270,2277],{"@type":106,"@version":107,"id":2201,"meta":2202,"component":2203,"responsiveStyles":2214},"builder-56e2c54bcce040a4af8b92ae03706c12",{"previousId":2082},{"name":1709,"options":2204,"isRSC":118},{"title":2194,"description":2205,"points":2206,"image":2213},"\u003Cp>ClickFix attacks are one of the fastest-growing threats, tricking users into copying malicious code from a webpage and running it locally. This technique bypasses traditional EDR, email gateways, and network filters, leading directly to ransomware and data theft. Push stops this attack at the source, in the browser, by detecting and blocking the malicious behavior before the user can ever paste the code.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[2207,2209,2211],{"item":2208},"Detect ClickFix, FileFix, and fake CAPTCHA in the browser",{"item":2210},"Block malicious copy-and-paste actions before code is executed",{"item":2212},"See full telemetry into which users were targeted and what they saw","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b74af62889847ebb3927364485b0546",{"large":2215},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1724},{"@type":106,"@version":107,"id":2217,"meta":2218,"component":2219,"responsiveStyles":2221},"builder-05f9614d4e3e4dc88b3ee8658f54e10e",{"previousId":2098},{"name":1728,"options":2220,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":2222},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1732},{"@type":106,"@version":107,"id":2224,"meta":2225,"component":2226,"responsiveStyles":2228},"builder-c4fb5179366243c1b6c32d368675cf47",{"previousId":2105},{"name":1736,"options":2227,"isRSC":118},{"darkMode":41},{"large":2229},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2231,"meta":2232,"component":2233,"responsiveStyles":2238},"builder-261af50705fd445d8cca4a6ba20d5391",{"previousId":2112},{"name":1741,"tag":1741,"options":2234,"isRSC":118},{"darkMode":6,"maxWidth":1745,"maxTextWidth":1746,"title":2235,"description":2236,"reverse":6,"image":2237},"\u003Ch2>Stop ClickFix-style attacks before they become a breach\u003C/h2>","\u003Cp>Traditional security tools are blind to malicious copy and paste attacks because the attack exploits a gap between the browser and the endpoint. EDR only sees the payload after it runs, and network tools see only part of the picture.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F98b2f7e08dec4eafaf8e24937605b8cf",{"large":2239},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2241,"meta":2242,"component":2243,"responsiveStyles":2248},"builder-7d21b8aab8064c40b1e5dd23c4749309",{"previousId":2121},{"name":1755,"options":2244,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1758,"title":2245,"description":2246,"reverse":41,"image":2247},"\u003Ch2>Discover lures at the source\u003C/h2>","\u003Cp>Push inspects page behavior to identify ClickFix attacks as they happen. By inspecting the page, its structure, and how the user interacts with it, Push can detect and block these in-browser threats in real time. This deep, TTP-based inspection spots the trap even on novel pages that are built to bypass traditional web filters and blocklists.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F665bf47e01544c75bf9ddafd3917927b",{"large":2249},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":1764,"paddingTop":1765,"marginTop":1766},{"@type":106,"@version":107,"id":2251,"meta":2252,"component":2253,"responsiveStyles":2258},"builder-fb91943adf6149259ed9e1e6566c9afe",{"previousId":2131},{"name":1755,"options":2254,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1771,"title":2255,"description":2256,"reverse":6,"image":2257},"\u003Ch2>Block the malicious action\u003C/h2>","\u003Cp>When Push detects a malicious script, it intercepts the user's action and blocks the code from being copied to the clipboard. The user is protected, the attack is stopped, and no malicious code ever reaches the endpoint. Unlike broad DLP tools, this action is surgical, targeting only malicious behavior without disrupting normal work.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5ee68f81f1ac416685cbfe91298cf827",{"large":2259},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1777},{"@type":106,"@version":107,"layerName":1755,"id":2261,"meta":2262,"component":2263,"responsiveStyles":2268},"builder-bfac95fada864e5a8259b955b5b5f98b",{"previousId":2141},{"name":1755,"options":2264,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1782,"title":2265,"description":2266,"reverse":41,"image":2267},"\u003Ch2>Accelerate ClickFix investigations\u003C/h2>","\u003Cp>When an attack happens, knowing what the user saw or did is critical. Push provides rich browser session data for rapid investigation and containment. Security teams get detailed telemetry on which users were targeted, what lure they were served, and when the block occurred. This enables defenders to reconstruct what happened and respond quickly, even when other tools miss the activity entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6cdf2a8aeddc4e9a9023cbf974e40239",{"large":2269},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1788},{"@type":106,"@version":107,"id":2271,"meta":2272,"component":2273,"responsiveStyles":2275},"builder-136892e831684a6987f87d3be67c33d1",{"previousId":2151},{"name":1736,"options":2274,"isRSC":118},{"darkMode":6},{"large":2276},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2278,"component":2279,"responsiveStyles":2281},"builder-dec26b739f2f42beb5a73cfc6c675b60",{"name":1798,"tag":1798,"options":2280,"isRSC":118},{"sectionHeading":37,"customClass":1800},{"large":2282},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":2284,"@type":106,"tagName":131,"properties":2285,"responsiveStyles":2286},"builder-pixel-zzjpxxgrc2l",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":2287},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":2289},{"path":37,"query":2290},{},{},1770892881888,1761847585203,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F375467b8bef34ed1a8a1cc5b8b67d75f",[],{"lastPreviewUrl":2297,"originalContentId":2063,"winningTest":118,"hasLinks":6,"kind":1820,"breakpoints":2298,"hasAutosaves":6},"https://pushsecurity.com/uc/clickfix-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.ea4f309d2ffe46c5aa97ebf0fda4e2e3=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.use-case-page:/uc/clickfix-protection=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":2300,"id":2301,"name":2302,"modelId":1644,"published":13,"query":2303,"data":2306,"variations":2411,"lastUpdated":2412,"firstPublished":2413,"testRatio":33,"screenshot":2414,"createdBy":34,"lastUpdatedBy":2056,"folders":2415,"meta":2416,"rev":1822},1745009743870,"a9d5556e77f84a37b5bd52310a7110c1","Incident response",[2304],{"@type":1647,"property":1648,"operator":1649,"value":2305},"/uc/incident-response",{"seoDescription":2307,"customFonts":2308,"title":2302,"jsCode":37,"fontAwesomeIcon":2313,"seoTitle":2314,"tsCode":37,"blocks":2315,"url":2305,"state":2408},"Investigate and respond faster with unique browser telemetry.",[2309],{"kind":1656,"subsets":2310,"menu":1679,"variants":2311,"category":1678,"family":1655,"version":1657,"lastModified":1658,"files":2312},[1681,1682],[1684,1685,1686,1687,1688,1689,128,1690,1691,1692,1693,1694,348,1695,1696,1697,1698,1699],{"100":1660,"200":1661,"300":1662,"500":1663,"600":1664,"700":1665,"800":1666,"900":1667,"900italic":1669,"600italic":1677,"200italic":1674,"300italic":1676,"100italic":1671,"700italic":1670,"800italic":1668,"regular":1673,"italic":1672,"500italic":1675},"faSatelliteDish","Browser based incident response",[2316,2403],{"@type":106,"@version":107,"tagName":1705,"id":2317,"meta":2318,"children":2319},"builder-653c4aed737b4def88dc4cd2d695660a",{"previousId":2078},[2320,2337,2344,2351,2360,2370,2380,2390,2397],{"@type":106,"@version":107,"id":2321,"meta":2322,"component":2323,"responsiveStyles":2335},"builder-18190bd36518467d9154d27d7e945b9b",{"previousId":2082},{"name":1709,"options":2324,"isRSC":118},{"title":2325,"description":2326,"points":2327,"video":2334},"Browser-based incident response","\u003Cp>Push gives you real-time visibility into what actually happened during a breach, right in the browser where the attack played out. From credential theft to session hijacking, Push captures high-fidelity telemetry so you can investigate quickly, contain confidently, and shut it down before it spreads.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[2328,2330,2332],{"item":2329},"Reconstruct what happened with real browser session context",{"item":2331},"Investigate faster with real-world session context",{"item":2333},"Trigger response actions automatically through your SIEM or SOAR","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd00e39d3b6e346c296261d875cf55652%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=d00e39d3b6e346c296261d875cf55652&alt=media&optimized=true",{"large":2336},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1724},{"@type":106,"@version":107,"id":2338,"meta":2339,"component":2340,"responsiveStyles":2342},"builder-8a0a8ea63f5d48dd8a6726f2d49cf0ca",{"previousId":2098},{"name":1728,"options":2341,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":2343},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1732},{"@type":106,"@version":107,"id":2345,"meta":2346,"component":2347,"responsiveStyles":2349},"builder-2df65c3f54334df2b26e7cb744886cdc",{"previousId":2105},{"name":1736,"options":2348,"isRSC":118},{"darkMode":41},{"large":2350},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2352,"component":2353,"responsiveStyles":2358},"builder-2c32c869efc2423ab69ef06b150e9f97",{"name":1741,"tag":1741,"options":2354,"isRSC":118},{"darkMode":6,"maxWidth":1745,"maxTextWidth":1746,"title":2355,"description":2356,"image":2357,"reverse":6},"\u003Ch2>See attacks unfold, not just their aftermath\u003C/h2>","\u003Cp>Attacks happen in the browser, not in logs. Push captures what traditional tools miss: what users clicked, what loaded, what was entered, and how attackers moved. That gives you real-world evidence, not just assumptions, when every second matters.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F36fc719bd1de4a38b916f4d25c81a26d",{"large":2359},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2361,"meta":2362,"component":2363,"responsiveStyles":2368},"builder-370e53c6016e432db01e9193a2ce90f6",{"previousId":2121},{"name":1755,"options":2364,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1758,"title":2365,"description":2366,"reverse":41,"image":2367},"\u003Ch2>Investigate faster with high-fidelity data\u003C/h2>","\u003Cp>Reconstructing an incident shouldn’t feel like guesswork. Push records detailed telemetry from inside the browser: page loads, credential inputs, DOM changes, session activity, user behavior. It’s structured, exportable, and ready to plug into your investigation workflows, so you can move fast without digging through proxy logs or relying on user reports.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa6adda040e684e67a8d68a55c5ce5f6d",{"large":2369},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":1764,"paddingTop":1766,"marginTop":1766},{"@type":106,"@version":107,"id":2371,"meta":2372,"component":2373,"responsiveStyles":2378},"builder-a7f3767a8d184bd08fb24520bf210e95",{"previousId":2131},{"name":1755,"options":2374,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1771,"title":2375,"description":2376,"reverse":6,"image":2377},"\u003Ch2>Contain and respond in real time\u003C/h2>","\u003Cp>When something looks off, Push doesn’t just alert you, it gives you options. Guide users with in-browser prompts. Terminate sessions. Trigger SOAR workflows. Enrich SIEM alerts. Push gives you the context and control to stop spread before it starts.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb3dedeed5aba4847a2c2d22e10d0ec12",{"large":2379},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1777},{"@type":106,"@version":107,"layerName":1755,"id":2381,"meta":2382,"component":2383,"responsiveStyles":2388},"builder-b92036ee0ece4b32acdbdcc7c377366b",{"previousId":2141},{"name":1755,"options":2384,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1782,"title":2385,"description":2386,"reverse":41,"image":2387},"\u003Ch2>Prevent the next one\u003C/h2>","\u003Cp>Push helps you respond fast, but it also helps you fix what went wrong. It surfaces misconfigurations and risky behaviors that made the attack possible in the first place, then guides users in-browser to remediate. One tool. Full loop. No loose ends.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc1ecc2d5d3814b62b072fac01827ff96",{"large":2389},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1788},{"@type":106,"@version":107,"id":2391,"meta":2392,"component":2393,"responsiveStyles":2395},"builder-5e8ae39655274de89da32ab573a2525a",{"previousId":2151},{"name":1736,"options":2394,"isRSC":118},{"darkMode":6},{"large":2396},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2398,"component":2399,"responsiveStyles":2401},"builder-dfd6850cfb4741d2b8a0c16c2780f00a",{"name":1798,"tag":1798,"options":2400,"isRSC":118},{"sectionHeading":37,"customClass":1800},{"large":2402},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":2404,"@type":106,"tagName":131,"properties":2405,"responsiveStyles":2406},"builder-pixel-z197gdgcmu",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":2407},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":2409},{"path":37,"query":2410},{},{},1770892908052,1745427419274,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb07017bfd318431690a5bb35bda35b99",[],{"kind":1820,"breakpoints":2417,"originalContentId":2063,"winningTest":118,"lastPreviewUrl":2418,"hasLinks":6,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/incident-response?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.a9d5556e77f84a37b5bd52310a7110c1=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.use-case-page:/uc/incident-response=a9d5556e77f84a37b5bd52310a7110c1&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"createdDate":2420,"id":2421,"name":2422,"modelId":1644,"published":13,"query":2423,"data":2426,"variations":2531,"lastUpdated":2532,"firstPublished":2533,"testRatio":33,"screenshot":2534,"createdBy":34,"lastUpdatedBy":2056,"folders":2535,"meta":2536,"rev":1822},1746122471259,"5f118e24433d46ceb79f5099987156d7","Shadow SaaS",[2424],{"@type":1647,"property":1648,"operator":1649,"value":2425},"/uc/shadow-saas",{"seoTitle":2427,"seoDescription":2428,"customFonts":2429,"fontAwesomeIcon":2434,"title":2435,"jsCode":37,"tsCode":37,"blocks":2436,"url":2425,"state":2528},"Find and secure shadow SaaS","See and control shadow SaaS in the browser.",[2430],{"kind":1656,"variants":2431,"files":2432,"family":1655,"version":1657,"subsets":2433,"lastModified":1658,"category":1678,"menu":1679},[1684,1685,1686,1687,1688,1689,128,1690,1691,1692,1693,1694,348,1695,1696,1697,1698,1699],{"100":1660,"200":1661,"300":1662,"500":1663,"600":1664,"700":1665,"800":1666,"900":1667,"300italic":1676,"500italic":1675,"regular":1673,"900italic":1669,"italic":1672,"100italic":1671,"200italic":1674,"600italic":1677,"700italic":1670,"800italic":1668},[1681,1682],"faShieldCheck","Secure shadow SaaS",[2437,2523],{"@type":106,"@version":107,"tagName":1705,"id":2438,"meta":2439,"children":2440},"builder-04da805c4cd34652a2db452fcda52e1d",{"previousId":2317},[2441,2457,2464,2471,2480,2490,2500,2510,2517],{"@type":106,"@version":107,"id":2442,"meta":2443,"component":2444,"responsiveStyles":2455},"builder-830d414faeaf41439142f9157e8288c8",{"previousId":2321},{"name":1709,"options":2445,"isRSC":118},{"title":2427,"description":2446,"points":2447,"video":2454},"\u003Cp>SaaS sprawl is one of today’s fastest-growing security blind spots because most tools monitor around the edges. Push sees it at the source, in the browser, revealing every app users access, flagging risky tools, and helping you shut down exposure before it leads to a breach. No guesswork. No nasty surprises. Just real-time visibility and control.\u003C/p>",[2448,2450,2452],{"item":2449},"Discover every SaaS app users access, managed or not",{"item":2451},"Spot accounts with weak security postures like missing MFA, unmanaged access, and no SSO",{"item":2453},"Control usage with in-browser prompts, blocks, and security guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e4eece318d04d6586e691d59d0741cf%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=3e4eece318d04d6586e691d59d0741cf&alt=media&optimized=true",{"large":2456},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1724},{"@type":106,"@version":107,"id":2458,"meta":2459,"component":2460,"responsiveStyles":2462},"builder-cd7833f966cb4c7e8adf0d6c979414a6",{"previousId":2338},{"name":1728,"options":2461,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":2463},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1732},{"@type":106,"@version":107,"id":2465,"meta":2466,"component":2467,"responsiveStyles":2469},"builder-49d720b45430454e8b08c526f267c19f",{"previousId":2345},{"name":1736,"options":2468,"isRSC":118},{"darkMode":41},{"large":2470},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2472,"component":2473,"responsiveStyles":2478},"builder-3dde0bf6c8544e5e9ab41b18a9d68034",{"name":1741,"tag":1741,"options":2474,"isRSC":118},{"darkMode":6,"maxWidth":1745,"maxTextWidth":1746,"title":2475,"description":2476,"image":2477,"reverse":6},"\u003Ch2>Use your browser to curb Saas Sprawl\u003C/h2>","\u003Cp>Shadow SaaS isn’t hiding in your network, it’s in your browser. From AI tools to unsanctioned file-sharing sites, security risks live in the apps your users sign into every day. Push maps your organization's true SaaS footprint in real time, exposing apps and accounts with unmanaged access, poor authentication, or no security oversight.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb6811a214c7949b6bbe0b9a3bca62efd",{"large":2479},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2481,"meta":2482,"component":2483,"responsiveStyles":2488},"builder-e2420451ccdc4f088d0a4904cff45935",{"previousId":2361},{"name":1755,"options":2484,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1758,"title":2485,"description":2486,"reverse":41,"image":2487},"\u003Ch2>Discover hidden SaaS usage\u003C/h2>","\u003Cp>Push captures live browser telemetry across every tab and session. Whether a user signs into a sanctioned app with a personal account or tries a new AI plugin, you’ll see it in real time, with no integrations or manual tagging.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe16e301f9af94665b95d98232a863d8a",{"large":2489},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":1764,"paddingTop":1766,"marginTop":1766},{"@type":106,"@version":107,"id":2491,"meta":2492,"component":2493,"responsiveStyles":2498},"builder-b36de7fce7994beea9e58d94662e7166",{"previousId":2371},{"name":1755,"options":2494,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1771,"title":2495,"description":2496,"reverse":6,"image":2497},"\u003Ch2>Spot risky access and unsafe usage\u003C/h2>","\u003Cp>Discovery is just the beginning. Push flags apps with risky traits, no MFA, no SSO, known vulnerabilities, or broad access scopes. You’ll know which tools introduce real risk, and which users are exposed so you can act with precision.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6585f3c242da4d70ae3cb7d02f481bef",{"large":2499},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1777},{"@type":106,"@version":107,"layerName":1755,"id":2501,"meta":2502,"component":2503,"responsiveStyles":2508},"builder-dc366b5134684fe7a508edf8913103ea",{"previousId":2381},{"name":1755,"options":2504,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1782,"title":2505,"description":2506,"reverse":41,"image":2507},"\u003Ch2>Close gaps before they grow\u003C/h2>","\u003Cp>Push turns insight into action. When risky SaaS use is detected, guide users to enable MFA, block high-risk apps, or apply in-browser guardrails automatically. All without deploying new infrastructure or managing dozens of integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe6d60b6d91414819bc6258a318f00557",{"large":2509},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1788},{"@type":106,"@version":107,"id":2511,"meta":2512,"component":2513,"responsiveStyles":2515},"builder-8708f6f0d8da4b3f9e17bf16cda70219",{"previousId":2391},{"name":1736,"options":2514,"isRSC":118},{"darkMode":6},{"large":2516},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2518,"component":2519,"responsiveStyles":2521},"builder-8ff4b38d60534cf28cb523ab0f754875",{"name":1798,"tag":1798,"options":2520,"isRSC":118},{"sectionHeading":37,"customClass":1800},{"large":2522},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":2524,"@type":106,"tagName":131,"properties":2525,"responsiveStyles":2526},"builder-pixel-d1ul2kmxbed",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":2527},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":2529},{"path":37,"query":2530},{},{},1770892936802,1746714967208,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01bfb2304521412fbd2e1a1180904d40",[],{"originalContentId":2301,"winningTest":118,"lastPreviewUrl":2537,"breakpoints":2538,"kind":1820,"hasLinks":6,"hasAutosaves":6},"https://pushsecurity.com/uc/shadow-saas?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=5f118e24433d46ceb79f5099987156d7&builder.overrides.5f118e24433d46ceb79f5099987156d7=5f118e24433d46ceb79f5099987156d7&builder.overrides.use-case-page:/uc/shadow-saas=5f118e24433d46ceb79f5099987156d7&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":2540,"id":2541,"name":2542,"modelId":1644,"published":13,"query":2543,"data":2546,"variations":2650,"lastUpdated":2651,"firstPublished":2652,"testRatio":33,"screenshot":2653,"createdBy":34,"lastUpdatedBy":2056,"folders":2654,"meta":2655,"rev":1822},1764707470172,"b62629ce2f3741158d961cd10fe74b31","Shadow AI",[2544],{"@type":1647,"property":1648,"operator":1649,"value":2545},"/uc/shadow-ai",{"fontAwesomeIcon":2547,"seoTitle":2548,"jsCode":37,"customFonts":2549,"title":2554,"tsCode":37,"seoDescription":2555,"blocks":2556,"url":2545,"state":2647},"faBrainCircuit","Secure AI native and AI enhanced apps. ",[2550],{"variants":2551,"category":1678,"files":2552,"subsets":2553,"family":1655,"kind":1656,"menu":1679,"lastModified":1658,"version":1657},[1684,1685,1686,1687,1688,1689,128,1690,1691,1692,1693,1694,348,1695,1696,1697,1698,1699],{"100":1660,"200":1661,"300":1662,"500":1663,"600":1664,"700":1665,"800":1666,"900":1667,"800italic":1668,"regular":1673,"700italic":1670,"200italic":1674,"italic":1672,"500italic":1675,"600italic":1677,"300italic":1676,"100italic":1671,"900italic":1669},[1681,1682],"Secure shadow AI","See and control shadow AI apps in the browser.",[2557,2642],{"@type":106,"@version":107,"tagName":1705,"id":2558,"meta":2559,"children":2560},"builder-a6e5717a2c914d5695058e4ee201a05d",{"previousId":2438},[2561,2577,2584,2591,2601,2610,2619,2629,2636],{"@type":106,"@version":107,"id":2562,"meta":2563,"component":2564,"responsiveStyles":2575},"builder-3e0ed678683f4a0eb7aa00253cf263b2",{"previousId":2442},{"name":1709,"options":2565,"isRSC":118},{"title":2554,"description":2566,"points":2567,"image":2574},"\u003Cp>Your employees are adopting AI faster than you can track it. From native features in corporate apps to unapproved shadow tools, it’s all happening in the browser. Push detects every AI interaction in real time, letting you categorize apps and enforce acceptable use policies in the browser.\u003C/p>",[2568,2570,2572],{"item":2569},"Map every AI tool used across your workforce",{"item":2571},"Review and classify apps by sensitivity, purpose, and policy status",{"item":2573},"Enforce AI usage rules directly in the browser","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33cf153d920f4e389f3650253577cff7",{"large":2576},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1724},{"@type":106,"@version":107,"id":2578,"meta":2579,"component":2580,"responsiveStyles":2582},"builder-76968f8471d14893b8189d75b08fb426",{"previousId":2458},{"name":1728,"options":2581,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":2583},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":1732},{"@type":106,"@version":107,"id":2585,"meta":2586,"component":2587,"responsiveStyles":2589},"builder-b55b9d4bc5a649d8839ce7f6c2043d95",{"previousId":2465},{"name":1736,"options":2588,"isRSC":118},{"darkMode":41},{"large":2590},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2592,"meta":2593,"component":2594,"responsiveStyles":2599},"builder-c3f38ef4d75d4989a29b5903175ed8a1",{"previousId":2472},{"name":1741,"tag":1741,"options":2595,"isRSC":118},{"darkMode":6,"maxWidth":1745,"maxTextWidth":1746,"title":2596,"description":2597,"image":2598,"reverse":6},"\u003Ch2>Use your browser to govern AI \u003C/h2>","\u003Cp>The AI footprint inside your company is bigger than you think. From text generators to meeting assistants and design copilots, employees test, adopt, and connect new tools constantly. Push shows you those tools and which users are accessing them, without relying on network scans or API integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F30b43bda6f1644c19478fb1efa20050c",{"large":2600},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2602,"meta":2603,"component":2604,"responsiveStyles":2608},"builder-90ee9cb9afc44e7f885523715bf51a53",{"previousId":2481},{"name":1755,"options":2605,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1758,"title":2606,"description":2607,"reverse":41,"image":2497},"\u003Ch2>Discover every AI tool users touch\u003C/h2>","\u003Cp>Push captures live telemetry from the browser, identifying every AI-native and AI-enhanced application users access. You’ll know which corporate identities are connected, how data flows, and what new AI apps appear across your environment. \u003C/p>",{"large":2609},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":1764,"paddingTop":1766,"marginTop":1766},{"@type":106,"@version":107,"id":2611,"meta":2612,"component":2613,"responsiveStyles":2617},"builder-9e44539fa53c4d8e87406036c921fc46",{"previousId":2491},{"name":1755,"options":2614,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1771,"title":2615,"description":2616,"reverse":6,"image":2507},"\u003Ch2>Classify and manage AI risk\u003C/h2>","\u003Cp>For apps you choose to allow, Push lets you apply custom in-browser banners. You can bulk-select categories of AI tools and require users to read and acknowledge your acceptable use policy before they proceed. This creates an auditable trail and moves policy from an easy to forget document to an active, in-workflow control.\u003C/p>",{"large":2618},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1777},{"@type":106,"@version":107,"layerName":1755,"id":2620,"meta":2621,"component":2622,"responsiveStyles":2627},"builder-44c1a891926f4bdeaaa37e90721fe6ac",{"previousId":2501},{"name":1755,"options":2623,"isRSC":118},{"darkMode":6,"maxWidth":1745,"imageMaxWidth":1757,"textPaddingTop":1782,"title":2624,"description":2625,"reverse":41,"image":2626},"\u003Ch2>Enforce your AI policy in the browser\u003C/h2>","\u003Cp>When an AI tool is deemed non-compliant or too risky, Push blocks it at the source. The block happens directly in the browser, preventing the user from accessing the site or submitting data. This gives you an immediate, powerful lever to stop data exfiltration and enforce a hard line on unacceptable risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa359ac1805af4e15a8a7f84632b9bb55",{"large":2628},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":1788},{"@type":106,"@version":107,"id":2630,"meta":2631,"component":2632,"responsiveStyles":2634},"builder-dcc906f9cbe54dc68b3c672668e7a38f",{"previousId":2511},{"name":1736,"options":2633,"isRSC":118},{"darkMode":6},{"large":2635},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":2637,"component":2638,"responsiveStyles":2640},"builder-d2d64780c31b4349bc75805b23a07e38",{"name":1798,"tag":1798,"options":2639,"isRSC":118},{"sectionHeading":37,"customClass":1800},{"large":2641},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":2643,"@type":106,"tagName":131,"properties":2644,"responsiveStyles":2645},"builder-pixel-wxx9tk70r9p",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":2646},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":2648},{"path":37,"query":2649},{},{},1770892957225,1764950077593,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe558b8b069884037a8e6904f7ecc029c",[],{"winningTest":118,"breakpoints":2656,"originalContentId":2421,"kind":1820,"lastPreviewUrl":2657,"hasLinks":6,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/shadow-ai?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=b62629ce2f3741158d961cd10fe74b31&builder.overrides.b62629ce2f3741158d961cd10fe74b31=b62629ce2f3741158d961cd10fe74b31&builder.overrides.use-case-page:/uc/shadow-ai=b62629ce2f3741158d961cd10fe74b31&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",1776359981956]