[{"data":1,"prerenderedAt":2925},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":95,"navbar-about-highlight":155,"navbar-resource-highlight":211,"use-case-page":256,"blog/understanding-shadow-it":1276},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8,59,76],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":14,"data":15,"variations":50,"lastUpdated":51,"firstPublished":52,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":54,"meta":55,"rev":58},1742213002749,"efff2a27faf4408e9f908eba4b5542fe","inductive-automation","1c6207a5f24948ab82d4a0b17f251193","published",[],{"testimonial":16,"description":43,"type":19,"link":44,"title":47,"testimonialLink":48,"image":49},{"@type":17,"id":18,"model":19,"value":20},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79","testimonial",{"query":21,"folders":22,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":26,"variations":30,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":35,"rev":42},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":27,"jobTitle":28,"quote":24,"image":29},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,1,"ST0tXQM8slWpFrmioqKHmENB2qe2",{"kind":36,"lastPreviewUrl":37,"breakpoints":38,"hasAutosaves":41},"data","",{"small":39,"medium":40},640,768,true,"3v32gocrrqz","Join the industry's top security minds as they break down the browser attack landscape.",{"url":45,"text":46},"https://pushsecurity.com/webinar/state-of-browser-security","Save Your Spot","State of Browser Attacks Series","/customer-stories/inductive-automation","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe94fca10aa7b46ac8052b7ea22de54cd",{},1776257019270,1742221533648,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2",[],{"breakpoints":56,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},320,"motto9r9yg",{"createdDate":60,"id":61,"name":62,"modelId":12,"published":13,"query":63,"data":64,"variations":69,"lastUpdated":70,"firstPublished":71,"testRatio":33,"createdBy":53,"lastUpdatedBy":72,"folders":73,"meta":74,"rev":58},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner",[],{"type":65,"url":66,"text":67,"link":68},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,"jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":36,"lastPreviewUrl":37,"breakpoints":75,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},{"createdDate":77,"id":78,"name":79,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":80,"data":81,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":92,"meta":93,"rev":58},1742208469288,"6763051b201f44a0838c6400c580ca67","Resource highlight",[],{"image":82,"type":83,"description":84,"link":85,"title":88},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9","resource","Learn about the latest techniques being used in the wild.",{"url":86,"text":87},"/resources/browser-attacks-report","Download now","Report: 2026 Browser Attack Techniques",{},1776255866789,1742208570400,[],{"kind":36,"lastPreviewUrl":37,"breakpoints":94,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},{"createdDate":96,"id":97,"name":98,"modelId":99,"published":13,"query":100,"data":101,"variations":145,"lastUpdated":146,"firstPublished":147,"testRatio":33,"createdBy":34,"lastUpdatedBy":148,"folders":149,"meta":150,"rev":154},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":102,"text":103,"url":37,"blocks":104,"state":141},"ewrererw","testrfesssssssssss",[105,129],{"@type":106,"@version":107,"id":108,"component":109,"responsiveStyles":119},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":110,"tag":110,"options":111,"isRSC":118},"TopBannerContent",{"text":112,"ctaText":46,"url":45,"mainText":113,"cta":116},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks",{"content":114,"fontSize":115},"\u003Cp>New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks\u003C/p>","text-base",{"content":117,"fontSize":115,"url":45},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">Save Your Spot\u003C/strong>\u003C/p>\n",null,{"large":120},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"marginTop":126,"marginBottom":126,"fontSize":127,"fontWeight":128},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":130,"@type":106,"tagName":131,"properties":132,"responsiveStyles":136},"builder-pixel-08zrjigffq5t","img",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":137},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},"block","hidden","none",{"deviceSize":142,"location":143},"large",{"path":37,"query":144},{},{},1775137295127,1774968080803,"ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"breakpoints":151,"hasLinks":6,"kind":152,"lastPreviewUrl":153,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","2lvuonnywj",[156,180],{"createdDate":157,"id":158,"name":159,"modelId":160,"published":13,"stageModifiedSincePublish":6,"query":161,"data":162,"variations":173,"lastUpdated":174,"firstPublished":175,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":176,"meta":177,"rev":179},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":163,"type":19,"testimonialLink":48,"testimonial":164},{},{"@type":17,"id":18,"model":19,"value":165},{"query":166,"folders":167,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":168,"variations":169,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":170,"rev":172},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":171,"hasAutosaves":41},{"small":39,"medium":40},"7t755zfvte3",{},1776247404986,1776247404973,[],{"breakpoints":178,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"4moh0qpywtr",{"createdDate":181,"id":182,"name":88,"modelId":160,"published":13,"meta":183,"stageModifiedSincePublish":6,"query":185,"data":186,"variations":207,"lastUpdated":208,"firstPublished":209,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":210,"rev":179},1776255761419,"05a9322735fc427db12e2740e4302300",{"breakpoints":184,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":187,"link":206,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":189},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":190,"folders":191,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":194,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":203,"rev":205},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":36,"lastPreviewUrl":37,"breakpoints":204,"hasAutosaves":41},{"small":39,"medium":40},"6s8ic0w0ao6",{"text":87,"url":86},{},1776255810913,1776255810900,[],[212,235],{"createdDate":213,"id":214,"name":88,"modelId":215,"published":13,"meta":216,"stageModifiedSincePublish":6,"query":218,"data":219,"variations":230,"lastUpdated":231,"firstPublished":232,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":233,"rev":234},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":217,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":220,"link":229,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":221},{"query":222,"folders":223,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":224,"variations":225,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":226,"rev":228},[],[],{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":227,"hasAutosaves":41},{"small":39,"medium":40},"r77qqueuo3j",{"text":87,"url":86},{},1776256937553,1776256937540,[],"q0jkez80wkg",{"createdDate":236,"id":237,"name":11,"modelId":215,"published":13,"stageModifiedSincePublish":6,"query":238,"data":239,"variations":250,"lastUpdated":251,"firstPublished":252,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":253,"meta":254,"rev":234},1776256949234,"ce043785b71b4ece98eac811ecf4ba10",[],{"link":240,"type":19,"testimonial":241,"testimonialLink":48},{},{"@type":17,"id":18,"model":19,"value":242},{"query":243,"folders":244,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":245,"variations":246,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":247,"rev":249},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":248,"hasAutosaves":41},{"small":39,"medium":40},"mnaneamy308",{},1776256974140,1776256974130,[],{"breakpoints":255,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[257,441,560,679,797,917,1037,1157],{"createdDate":258,"id":259,"name":260,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":262,"data":268,"variations":429,"lastUpdated":430,"firstPublished":431,"testRatio":33,"screenshot":432,"createdBy":34,"lastUpdatedBy":433,"folders":434,"meta":435,"rev":440},1744829487099,"387451215c314dd5bd654668cdc1a197","Zero-day phishing","cca4143377554c5a9163cc203a8ed2ba",[263],{"@type":264,"property":265,"operator":266,"value":267},"@builder.io/core:Query","urlPath","is","/uc/zero-day-phishing-protection",{"inputs":269,"customFonts":270,"seoTitle":318,"title":318,"tsCode":37,"seoDescription":319,"fontAwesomeIcon":320,"jsCode":37,"blocks":321,"url":267,"state":426},[],[271],{"family":272,"kind":273,"version":274,"lastModified":275,"files":276,"category":295,"menu":296,"subsets":297,"variants":300},"DM Sans","webfonts#webfont","v14","2023-07-13",{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"900italic":286,"700italic":287,"100italic":288,"italic":289,"regular":290,"200italic":291,"500italic":292,"300italic":293,"600italic":294},"https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAop1hTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwA_JxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAkJxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAfJthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwARZthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAC5thTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8gCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9uCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDG3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-7DW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat_XDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9XCm3zRmYJpso5.ttf","sans-serif","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRT23z.ttf",[298,299],"latin","latin-ext",[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"100","200","300","regular","500","600","800","900","100italic","200italic","300italic","italic","500italic","600italic","700italic","800italic","900italic","Zero-day phishing protection","Detect phishing TTPs directly in the browser and stop credential theft.","faFishingRod",[322,421],{"@type":106,"@version":107,"tagName":323,"id":324,"children":325},"div","builder-76c6b8d1499346c7bc1fd56ae4e93638",[326,343,351,358,370,385,396,407,413],{"@type":106,"@version":107,"layerName":327,"id":328,"component":329,"responsiveStyles":340},"UseCaseHero","builder-5228fe062bef4a40a91e43f1112832fa",{"name":327,"options":330,"isRSC":118},{"title":318,"description":331,"points":332,"video":339},"\u003Cp>Push detects phishing as it happens. Autonomous agents hunt for new phishing techniques, identify kit signatures, and deploy detections within minutes of a new attack being analyzed. From cloned login pages to AiTM credential harvesting, Push sees what traditional filters miss and stops threats before they escalate.\u003C/p>",[333,335,337],{"item":334},"Detect phishing that bypasses traditional filters, including AiTM, SSO password theft, and fake login pages",{"item":336},"Stop never-before-seen attacks with AI-native behavioral and on-page analysis inside the browser",{"item":338},"Investigate faster with unified browser, user, and page context","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F40433ceeb4f94b43a82e039a0f4fd411%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=40433ceeb4f94b43a82e039a0f4fd411&alt=media&optimized=true",{"large":341},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},"transparent",{"@type":106,"@version":107,"id":344,"component":345,"responsiveStyles":348},"builder-96634044407e491299e291ed64669e39",{"name":346,"options":347,"isRSC":118},"TrustedBy",{"AllPartners":41,"backgroundTransparent":6},{"large":349},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},"#000",{"@type":106,"@version":107,"id":352,"component":353,"responsiveStyles":356},"builder-2c3768f930534557bb8978e32b6a6a0f",{"name":354,"options":355,"isRSC":118},"Diagonal",{"darkMode":41},{"large":357},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":360,"component":361,"responsiveStyles":368},"TextImageBlockVertical","builder-7c3c1c2840424db2ad2ccbfaf382dd64",{"name":359,"tag":359,"options":362,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":365,"description":366,"animatedTitle":37,"image":367,"reverse":6,"descriptionPaddingHorizontal":118},1200,800,"\u003Ch2>Why stop at the inbox?\u003C/h2>","\u003Cp>Phishing attacks have evolved. Whether attackers lure users with QR codes, instant messages, or OAuth consent screens, the outcome is the same: it plays out in the browser. Push gives you real-time detection for in-browser threats, stopping phishing and consent-based attacks before they lead to compromise\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7fdcac241f0e4a049166d7076858adeb",{"large":369},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":371,"component":372,"responsiveStyles":380},"builder-41c978b3669749cf947e622b4e79e4d7",{"name":373,"options":374,"isRSC":118},"TextImageBlockHorizontal",{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":377,"description":378,"reverse":41,"image":379},600,100,"\u003Cp>Detect phishing at the edge\u003C/p>","\u003Cp>Push uses industry-first telemetry to detect phishing based on behavior, not static indicators. Autonomous agents analyze how phishing pages behave and how users interact with them, uncovering fake logins, credential theft, and phishing kits the moment they load in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9df3d180c97b4e61af142af2ccd68721",{"large":381},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},"DM Sans, sans-serif","20px","0px",{"@type":106,"@version":107,"id":386,"component":387,"responsiveStyles":393},"builder-d2a7bc941feb43cdb898bc116b203cf9",{"name":373,"options":388,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":390,"description":391,"reverse":6,"image":392},120,"\u003Ch2>Go beyond blocklists and IOCs\u003C/h2>","\u003Cp>Push goes beyond URLs and easy-to-change indicators. It reads the full phishing playbook like script behavior, session hijacks, DOM changes, user inputs, then connects the dots in real time. This gives your team a complete picture of how the phishing attempt worked, not just an alert.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabfd58db169b433e96d3f1261797156e",{"large":394},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},"36px",{"@type":106,"@version":107,"layerName":373,"id":397,"component":398,"responsiveStyles":404},"builder-42c32198083f4880acb37c5cb76934da",{"name":373,"options":399,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":401,"description":402,"reverse":41,"image":403},140,"\u003Ch2>Enhance your phishing response\u003C/h2>","\u003Cp>When phishing enters your environment, speed matters. Push gives you instant access to the telemetry that counts like session data, user behavior, and page activity, so you can investigate fast, trigger in-browser prompts, or forward alerts to your SIEM or SOAR for response. All in real time, right from the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbb195aec46904056b85e8688629e558e",{"large":405},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},"47px",{"@type":106,"@version":107,"id":408,"component":409,"responsiveStyles":411},"builder-9a95b9cbc4854421a92ef7b90f6c7adb",{"name":354,"options":410,"isRSC":118},{"darkMode":6},{"large":412},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":414,"component":415,"responsiveStyles":419},"builder-0afa17a9f25c4661a90f314d5578aa18",{"name":416,"tag":416,"options":417,"isRSC":118},"LatestResources",{"sectionHeading":37,"customClass":418},"bg-black",{"large":420},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":422,"@type":106,"tagName":131,"properties":423,"responsiveStyles":424},"builder-pixel-21yj6h3p4wh",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":425},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":427},{"path":37,"query":428},{},{},1776275046831,1745499158657,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fff60c30a8442489c8ed7e0af9599d14f","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"lastPreviewUrl":436,"winningTest":118,"breakpoints":437,"kind":438,"hasLinks":6,"originalContentId":439,"hasAutosaves":6},"https://pushsecurity.com/uc/zero-day-phishing-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=387451215c314dd5bd654668cdc1a197&builder.overrides.387451215c314dd5bd654668cdc1a197=387451215c314dd5bd654668cdc1a197&builder.overrides.use-case-page:/uc/zero-day-phishing-protection=387451215c314dd5bd654668cdc1a197&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},"page","2daa5670b8504fc7ba4700633e8bd921","atvz4dp24b7",{"createdDate":442,"id":443,"name":444,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":445,"data":448,"variations":552,"lastUpdated":553,"firstPublished":554,"testRatio":33,"screenshot":555,"createdBy":34,"lastUpdatedBy":433,"folders":556,"meta":557,"rev":440},1756833377777,"54f8256648f54d439303734b1e69221b","Browser extension security",[446],{"@type":264,"property":265,"operator":266,"value":447},"/uc/browser-extension-security",{"seoDescription":449,"jsCode":37,"fontAwesomeIcon":450,"tsCode":37,"title":444,"seoTitle":444,"customFonts":451,"inputs":456,"blocks":457,"url":447,"state":549},"Shine a light on risky browser extensions.","faPuzzlePiece",[452],{"kind":273,"family":272,"version":274,"files":453,"category":295,"lastModified":275,"subsets":454,"variants":455,"menu":296},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"100italic":288,"italic":289,"regular":290,"900italic":286,"800italic":285,"700italic":287,"200italic":291,"300italic":293,"500italic":292,"600italic":294},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],[],[458,544],{"@type":106,"@version":107,"tagName":323,"id":459,"meta":460,"children":461},"builder-71d0648c1d2f4ede8d0d0b5b28b7b94c",{"previousId":324},[462,478,485,492,501,511,521,531,538],{"@type":106,"@version":107,"id":463,"meta":464,"component":465,"responsiveStyles":476},"builder-ff325b4b8fad4edea53f38865947e854",{"previousId":328},{"name":327,"options":466,"isRSC":118},{"title":444,"description":467,"points":468,"video":475},"\u003Cp>Browser extensions introduce new code, new permissions, and new potential for risk. Many include AI features, and most go completely unnoticed. Push gives you full visibility into every extension used across your workforce, across major browsers, so you can uncover shadow IT, assess risky permissions, and block unsafe tools before they lead to compromise.\u003C/p>",[469,471,473],{"item":470},"Discover every browser extension in use",{"item":472},"Spot risky or unsanctioned behavior",{"item":474},"Make informed decisions on extension policy","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc538aad95d7f403aa3c3551af72f67c0?alt=media&token=1411fa6d-2eac-4e6c-94bf-ea117da12d67&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",{"large":477},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":479,"meta":480,"component":481,"responsiveStyles":483},"builder-fb89d128c64e47cf9cbb11d90fc24523",{"previousId":344},{"name":346,"options":482,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":484},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":486,"meta":487,"component":488,"responsiveStyles":490},"builder-54388d35126c4d0096eeebaf8c4448cd",{"previousId":352},{"name":354,"options":489,"isRSC":118},{"darkMode":41},{"large":491},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":493,"component":494,"responsiveStyles":499},"builder-3c8fa6785dd6466abf52a2470d66d85a",{"name":359,"tag":359,"options":495,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":496,"description":497,"image":498,"reverse":6},"\u003Ch2>Take control of browser extensions\u003C/h2>","\u003Cp>Attackers are increasingly using malicious browser extensions to gain access to data processed and stored in the browser. And the problem is, most security teams have no visibility into what extensions are being used. Push changes that. With browser-native telemetry, the Push extension continuously inventories browser extensions across your environment, flags the risky ones, and gives you intelligence to act. \u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0a004f16a6874f4c8fdf14344acc9fec",{"large":500},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":502,"meta":503,"component":504,"responsiveStyles":509},"builder-93738f98109a4009affb349afd7bb182",{"previousId":371},{"name":373,"options":505,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":506,"description":507,"reverse":41,"image":508},"\u003Ch2>Discover every extension in use\u003C/h2>","\u003Cp>Push gives you structured, searchable data about every extension in your environment, so you’re not just seeing what’s there, but also understanding how it got there, what it can do, and who it affects. It’s the kind of granular insight that’s nearly impossible to get from traditional tools, and it lays the groundwork for better policy decisions and faster investigations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0e5727ca99474f14b1b7916bf6bbb782",{"large":510},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":512,"meta":513,"component":514,"responsiveStyles":519},"builder-83393acb12ee4fdd840839185b51edb4",{"previousId":386},{"name":373,"options":515,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":516,"description":517,"reverse":6,"image":518},"\u003Ch2>Spot risky or malicious extensions\u003C/h2>","\u003Cp>Push highlights extensions with dangerous permissions, broad access, or poor reputations. This includes AI extensions that request access far beyond what their stated purpose requires. You can quickly detect sideloaded, manually installed, or development-mode extensions that bypass normal controls. And because Push shows you who’s using them and where, you can respond precisely and effectively.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa104d58c8da34fbb8901f738fb21453b",{"large":520},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":522,"meta":523,"component":524,"responsiveStyles":529},"builder-da98e3de949646d89c53a0d1c2784664",{"previousId":397},{"name":373,"options":525,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":526,"description":527,"reverse":41,"image":528},"\u003Ch2>Accelerate security reviews\u003C/h2>","\u003Cp>Most teams have extension policies, they just don’t have the data to enforce them. Push reveals how each extension entered your environment, whether it was installed manually, sideloaded, or deployed in dev mode. You’ll see which users are running what, and where, so you can surface violations, investigate quickly, and respond with confidence.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F229f355be6f243b180f410d237a75bb3",{"large":530},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":532,"meta":533,"component":534,"responsiveStyles":536},"builder-1a689287d1a1418997d57db578a71105",{"previousId":408},{"name":354,"options":535,"isRSC":118},{"darkMode":6},{"large":537},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":539,"component":540,"responsiveStyles":542},"builder-feb4e75029f84c10b6498ef1f8f79128",{"name":416,"tag":416,"options":541,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":543},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":545,"@type":106,"tagName":131,"properties":546,"responsiveStyles":547},"builder-pixel-0edn39avfcei",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":548},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":550},{"path":37,"query":551},{},{},1776275365038,1757000441666,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8d496cf111644ee5afcc046b72d1ca5a",[],{"kind":438,"winningTest":118,"breakpoints":558,"lastPreviewUrl":559,"hasLinks":6,"originalContentId":259,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/browser-extension-security?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=54f8256648f54d439303734b1e69221b&builder.overrides.54f8256648f54d439303734b1e69221b=54f8256648f54d439303734b1e69221b&builder.overrides.use-case-page:/uc/browser-extension-security=54f8256648f54d439303734b1e69221b&builder.options.locale=Default",{"createdDate":561,"id":562,"name":563,"modelId":261,"published":13,"query":564,"data":567,"variations":670,"lastUpdated":671,"firstPublished":672,"testRatio":33,"screenshot":673,"createdBy":34,"lastUpdatedBy":674,"folders":675,"meta":676,"rev":440},1744923509705,"94bebb7bb99d48629ad157e80cf4d81d","Account takeover detection",[565],{"@type":264,"property":265,"operator":266,"value":566},"/uc/account-takeover-detection",{"title":563,"customFonts":568,"jsCode":37,"seoTitle":563,"seoDescription":573,"fontAwesomeIcon":574,"tsCode":37,"blocks":575,"url":566,"state":667},[569],{"kind":273,"category":295,"variants":570,"menu":296,"files":571,"family":272,"subsets":572,"version":274,"lastModified":275},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"800italic":285,"700italic":287,"italic":289,"900italic":286,"600italic":294,"200italic":291,"regular":290,"100italic":288},[298,299],"Stop ATO with stolen credential and compromised token detection.","faUserSecret",[576,662],{"@type":106,"@version":107,"tagName":323,"id":577,"meta":578,"children":579},"builder-e7913a774cae44c5a23d6081c5c30a52",{"previousId":324},[580,596,603,610,619,629,639,649,656],{"@type":106,"@version":107,"id":581,"meta":582,"component":583,"responsiveStyles":594},"builder-f1f1ab1601bc4c0f8c2a8aafd173675d",{"previousId":328},{"name":327,"options":584,"isRSC":118},{"title":563,"description":585,"points":586,"video":593},"\u003Cp>Attackers don’t need to phish, they just need a password that works. Push monitors for signs of credential-based attacks in real time, directly in the browser, catching account takeover attempts before the damage spreads. From ghost logins to credential stuffing, Push cuts off the paths attackers use to quietly slip in the back door.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[587,589,591],{"item":588},"Identify credential-based ATO as it unfolds",{"item":590},"Surface hijacked sessions and token misuse",{"item":592},"Strengthen authentication where your IdP can’t","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb4dd9db24bc9495b8a686b1b4d492016%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=b4dd9db24bc9495b8a686b1b4d492016&alt=media&optimized=true",{"large":595},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":597,"meta":598,"component":599,"responsiveStyles":601},"builder-0bc0d1c78ece4994993c3a6427a4d533",{"previousId":344},{"name":346,"options":600,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":602},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":604,"meta":605,"component":606,"responsiveStyles":608},"builder-e45de8f3768c4f16938dbf78e4e87524",{"previousId":352},{"name":354,"options":607,"isRSC":118},{"darkMode":41},{"large":609},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":611,"component":612,"responsiveStyles":617},"builder-c98e8bfd341146c1b67c02d5698ff093",{"name":359,"tag":359,"options":613,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":614,"description":615,"image":616,"reverse":6},"\u003Ch2>Assume less. See more.\u003C/h2>","\u003Cp>Most account takeovers don’t start with a breach, they start with a login. Whether it’s a reused password, a local account, or an outdated login flow, Push shows you how accounts are actually accessed day to day, not just how policies say they should be. That means no more blind spots around ghost logins, bypassed SSO, or stale access paths that quietly persist.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F18630ad2746d4eb7b7fcc0428b11a8f0",{"large":618},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":620,"meta":621,"component":622,"responsiveStyles":627},"builder-55c1fc38ddc04fd1a0d6a8e2fb819e00",{"previousId":371},{"name":373,"options":623,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":624,"description":625,"reverse":41,"image":626},"\u003Ch2>Catch stolen credential use in real time\u003C/h2>","\u003Cp>Push monitors login activity directly in the browser to detect signs of credential-based attacks like leaked password use or suspicious login flows. By analyzing attacker TTPs instead of relying on known indicators, Push spots credential stuffing and account takeover attempts the moment they begin, not after they’ve succeeded.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F52b0123cac2c4dfdb1dc0af6adf9d603",{"large":628},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":630,"meta":631,"component":632,"responsiveStyles":637},"builder-dfb31737b30948c6b95323655d571a50",{"previousId":386},{"name":373,"options":633,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":634,"description":635,"reverse":6,"image":636},"\u003Ch2>Detect session hijacks and stealth access\u003C/h2>","\u003Cp>Attackers don’t always need a login screen, they often sidestep it entirely using stolen session tokens. Push detects when valid sessions are reused in unexpected ways, identifying hijacked sessions and stealth access attempts that traditional tools miss. Because we monitor directly in the browser, you see what’s happening inside active sessions in real time.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F94a6859a99e04d309ffe5841f3dbdf5c",{"large":638},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":640,"meta":641,"component":642,"responsiveStyles":647},"builder-f7585b90eb974d03a7dc7eae5b58d227",{"previousId":397},{"name":373,"options":643,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":644,"description":645,"reverse":41,"image":646},"\u003Ch2>Harden accounts before they’re compromised\u003C/h2>","\u003Cp>Push goes beyond alerts. It identifies apps that still allow local logins, even when SSO is configured, so you can remove weak access paths. Push also flags users without MFA, reused work credentials, or weak passwords, and prompts users in-browser to fix risky behaviors before they’re exploited.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01c1b638f1b6497093a4f2b8ceddb5bb",{"large":648},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":650,"meta":651,"component":652,"responsiveStyles":654},"builder-ad81d1e3afec49a791214194eae09bdc",{"previousId":408},{"name":354,"options":653,"isRSC":118},{"darkMode":6},{"large":655},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":657,"component":658,"responsiveStyles":660},"builder-8dac1aa4b9d148628d92252bd8eff822",{"name":416,"tag":416,"options":659,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":661},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":663,"@type":106,"tagName":131,"properties":664,"responsiveStyles":665},"builder-pixel-s5u3wmvz7jq",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":666},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":668},{"path":37,"query":669},{},{},1770892814499,1745499162732,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F58b660fa94aa4b30b0faeb9b663ae41a","SfUPqW5tkibIPby49keNFMdHFTr1",[],{"lastPreviewUrl":677,"hasLinks":6,"originalContentId":259,"breakpoints":678,"winningTest":118,"kind":438,"hasAutosaves":41},"https://pushsecurity.com/uc/account-takeover-detection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.94bebb7bb99d48629ad157e80cf4d81d=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.use-case-page:/uc/account-takeover-detection=94bebb7bb99d48629ad157e80cf4d81d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":680,"id":681,"name":682,"modelId":261,"published":13,"query":683,"data":686,"variations":789,"lastUpdated":790,"firstPublished":791,"testRatio":33,"screenshot":792,"createdBy":34,"lastUpdatedBy":674,"folders":793,"meta":794,"rev":440},1745009370904,"23eb48fb56d3451cab77cb6ed140ee6d","Attack path hardening",[684],{"@type":264,"property":265,"operator":266,"value":685},"/uc/attack-path-hardening",{"tsCode":37,"seoDescription":687,"jsCode":37,"customFonts":688,"fontAwesomeIcon":693,"seoTitle":682,"title":682,"blocks":694,"url":685,"state":786},"Harden access paths with visibility,  detection, and guardrails.",[689],{"kind":273,"files":690,"version":274,"lastModified":275,"subsets":691,"menu":296,"category":295,"variants":692,"family":272},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"regular":290,"italic":289,"800italic":285,"500italic":292,"600italic":294,"200italic":291,"900italic":286,"700italic":287,"100italic":288,"300italic":293},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"faRadar",[695,781],{"@type":106,"@version":107,"tagName":323,"id":696,"meta":697,"children":698},"builder-1d8553eddcaa44d7bba9e2f4ca13af2a",{"previousId":577},[699,715,722,729,738,748,758,768,775],{"@type":106,"@version":107,"id":700,"meta":701,"component":702,"responsiveStyles":713},"builder-84fe3d7c85a743cf8cef649aa974f1ef",{"previousId":581},{"name":327,"options":703,"isRSC":118},{"title":682,"description":704,"points":705,"video":712},"\u003Cp>Push continuously monitors your environment for exposed login paths, weak credentials, and missing protections like MFA. It detects the gaps attackers exploit and helps you close them before they’re used.\u003C/p>",[706,708,710],{"item":707},"Find weak spots like reused passwords, local logins, and missing MFA",{"item":709},"Monitor how users actually log in across apps, flows, and tools",{"item":711},"Enforce secure access with in-browser guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdbdcf52892034f1bbddded77f753a343%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=dbdcf52892034f1bbddded77f753a343&alt=media&optimized=true",{"large":714},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":716,"meta":717,"component":718,"responsiveStyles":720},"builder-b3f66f5b08054cc78a06fecfc3ae2337",{"previousId":597},{"name":346,"options":719,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":721},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":723,"meta":724,"component":725,"responsiveStyles":727},"builder-4c73418b84be49ed85e6e13d2625c5a0",{"previousId":604},{"name":354,"options":726,"isRSC":118},{"darkMode":41},{"large":728},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":730,"component":731,"responsiveStyles":736},"builder-dec0246085e1485c803f7152b1922a81",{"name":359,"tag":359,"options":732,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":733,"description":734,"image":735,"reverse":6},"\u003Ch2>Find the gaps that lead to compromise\u003C/h2>","\u003Cp>Misconfigurations don’t show up in your config files, they show up in how users actually access apps. Push monitors real login behavior in the browser, surfacing risky patterns like local login access, duplicate accounts, or missing protections that leave doors wide open.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F309a59bba8d247a19476bb369397460e",{"large":737},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":739,"meta":740,"component":741,"responsiveStyles":746},"builder-ebf049a645604a249550996a88f8f3b6",{"previousId":620},{"name":373,"options":742,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":743,"description":744,"reverse":41,"image":745},"\u003Ch2>See real login behavior\u003C/h2>","\u003Cp>Push watches authentication flows as they happen, giving you a live view of how users log in, which methods they choose, and where protections like MFA are missing. Plus, uncover every app and account in use, even shadow IT you didn’t know existed, without relying on stale config files or IdP assumptions. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb51f6b0357cc451b87a7a5016d984e5e",{"large":747},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":749,"meta":750,"component":751,"responsiveStyles":756},"builder-431d175c59004669b0b2776b07d71737",{"previousId":630},{"name":373,"options":752,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":753,"description":754,"reverse":6,"image":755},"\u003Ch2>Find and fix posture drift\u003C/h2>","\u003Cp>Security posture isn’t static. Push continuously monitors for issues like missing MFA or legacy login methods. When something falls out of policy, you know immediately with custom notifications so you can act before it turns into risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F324e39127dfc41e592b1183dfb39892d",{"large":757},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":759,"meta":760,"component":761,"responsiveStyles":766},"builder-3dffdcbe0a484e2ca4c03f019b6d40ee",{"previousId":640},{"name":373,"options":762,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":763,"description":764,"reverse":41,"image":765},"\u003Ch2>Guide users with in-browser guardrails\u003C/h2>","\u003Cp>Push doesn’t just surface problems, it helps you fix them. When users sign in without MFA, reuse a password, or use insecure credentials, Push prompts them directly in the browser to secure their access. It’s faster, more effective, and actually gets results.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fee8b75d13e45488aba55434a8b49ebb0",{"large":767},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":769,"meta":770,"component":771,"responsiveStyles":773},"builder-976bc222cd7647ff905f1e01cfedc453",{"previousId":650},{"name":354,"options":772,"isRSC":118},{"darkMode":6},{"large":774},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":776,"component":777,"responsiveStyles":779},"builder-8c47ec2fd0f74382bb3e6c870555632c",{"name":416,"tag":416,"options":778,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":780},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":782,"@type":106,"tagName":131,"properties":783,"responsiveStyles":784},"builder-pixel-7akm7dayau8",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":785},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":787},{"path":37,"query":788},{},{},1770892844854,1745499166112,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6ca12bf728a045f1a31d40c0beb3bfe5",[],{"kind":438,"lastPreviewUrl":795,"breakpoints":796,"hasLinks":6,"originalContentId":562,"winningTest":118,"hasAutosaves":6},"https://pushsecurity.com/uc/attack-path-hardening?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.23eb48fb56d3451cab77cb6ed140ee6d=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.use-case-page:/uc/attack-path-hardening=23eb48fb56d3451cab77cb6ed140ee6d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":798,"id":799,"name":800,"modelId":261,"published":13,"query":801,"data":804,"variations":909,"lastUpdated":910,"firstPublished":911,"testRatio":33,"screenshot":912,"createdBy":34,"lastUpdatedBy":674,"folders":913,"meta":914,"rev":440},1761675020232,"ea4f309d2ffe46c5aa97ebf0fda4e2e3","ClickFix Protection",[802],{"@type":264,"property":265,"operator":266,"value":803},"/uc/clickfix-protection",{"seoDescription":805,"fontAwesomeIcon":806,"customFonts":807,"seoTitle":812,"jsCode":37,"tsCode":37,"title":812,"blocks":813,"url":803,"state":906},"Block attacks that trick users into running malicious code.","faLaptopCode",[808],{"files":809,"subsets":810,"menu":296,"version":274,"kind":273,"family":272,"lastModified":275,"variants":811,"category":295},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"200italic":291,"800italic":285,"700italic":287,"600italic":294,"100italic":288,"italic":289,"regular":290,"300italic":293,"500italic":292,"900italic":286},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"ClickFix protection",[814,901],{"@type":106,"@version":107,"tagName":323,"id":815,"meta":816,"children":817},"builder-d7eefdde0f2a4b2b9de3dcb2978fd6cb",{"previousId":696},[818,834,841,848,858,868,878,888,895],{"@type":106,"@version":107,"id":819,"meta":820,"component":821,"responsiveStyles":832},"builder-56e2c54bcce040a4af8b92ae03706c12",{"previousId":700},{"name":327,"options":822,"isRSC":118},{"title":812,"description":823,"points":824,"image":831},"\u003Cp>ClickFix attacks are one of the fastest-growing threats, tricking users into copying malicious code from a webpage and running it locally. This technique bypasses traditional EDR, email gateways, and network filters, leading directly to ransomware and data theft. Push stops this attack at the source, in the browser, by detecting and blocking the malicious behavior before the user can ever paste the code.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[825,827,829],{"item":826},"Detect ClickFix, FileFix, and fake CAPTCHA in the browser",{"item":828},"Block malicious copy-and-paste actions before code is executed",{"item":830},"See full telemetry into which users were targeted and what they saw","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b74af62889847ebb3927364485b0546",{"large":833},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":835,"meta":836,"component":837,"responsiveStyles":839},"builder-05f9614d4e3e4dc88b3ee8658f54e10e",{"previousId":716},{"name":346,"options":838,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":840},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":842,"meta":843,"component":844,"responsiveStyles":846},"builder-c4fb5179366243c1b6c32d368675cf47",{"previousId":723},{"name":354,"options":845,"isRSC":118},{"darkMode":41},{"large":847},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":849,"meta":850,"component":851,"responsiveStyles":856},"builder-261af50705fd445d8cca4a6ba20d5391",{"previousId":730},{"name":359,"tag":359,"options":852,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":853,"description":854,"reverse":6,"image":855},"\u003Ch2>Stop ClickFix-style attacks before they become a breach\u003C/h2>","\u003Cp>Traditional security tools are blind to malicious copy and paste attacks because the attack exploits a gap between the browser and the endpoint. EDR only sees the payload after it runs, and network tools see only part of the picture.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F98b2f7e08dec4eafaf8e24937605b8cf",{"large":857},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":859,"meta":860,"component":861,"responsiveStyles":866},"builder-7d21b8aab8064c40b1e5dd23c4749309",{"previousId":739},{"name":373,"options":862,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":863,"description":864,"reverse":41,"image":865},"\u003Ch2>Discover lures at the source\u003C/h2>","\u003Cp>Push inspects page behavior to identify ClickFix attacks as they happen. By inspecting the page, its structure, and how the user interacts with it, Push can detect and block these in-browser threats in real time. This deep, TTP-based inspection spots the trap even on novel pages that are built to bypass traditional web filters and blocklists.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F665bf47e01544c75bf9ddafd3917927b",{"large":867},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":869,"meta":870,"component":871,"responsiveStyles":876},"builder-fb91943adf6149259ed9e1e6566c9afe",{"previousId":749},{"name":373,"options":872,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":873,"description":874,"reverse":6,"image":875},"\u003Ch2>Block the malicious action\u003C/h2>","\u003Cp>When Push detects a malicious script, it intercepts the user's action and blocks the code from being copied to the clipboard. The user is protected, the attack is stopped, and no malicious code ever reaches the endpoint. Unlike broad DLP tools, this action is surgical, targeting only malicious behavior without disrupting normal work.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5ee68f81f1ac416685cbfe91298cf827",{"large":877},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":879,"meta":880,"component":881,"responsiveStyles":886},"builder-bfac95fada864e5a8259b955b5b5f98b",{"previousId":759},{"name":373,"options":882,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":883,"description":884,"reverse":41,"image":885},"\u003Ch2>Accelerate ClickFix investigations\u003C/h2>","\u003Cp>When an attack happens, knowing what the user saw or did is critical. Push provides rich browser session data for rapid investigation and containment. Security teams get detailed telemetry on which users were targeted, what lure they were served, and when the block occurred. This enables defenders to reconstruct what happened and respond quickly, even when other tools miss the activity entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6cdf2a8aeddc4e9a9023cbf974e40239",{"large":887},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":889,"meta":890,"component":891,"responsiveStyles":893},"builder-136892e831684a6987f87d3be67c33d1",{"previousId":769},{"name":354,"options":892,"isRSC":118},{"darkMode":6},{"large":894},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":896,"component":897,"responsiveStyles":899},"builder-dec26b739f2f42beb5a73cfc6c675b60",{"name":416,"tag":416,"options":898,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":900},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":902,"@type":106,"tagName":131,"properties":903,"responsiveStyles":904},"builder-pixel-zzjpxxgrc2l",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":905},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":907},{"path":37,"query":908},{},{},1770892881888,1761847585203,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F375467b8bef34ed1a8a1cc5b8b67d75f",[],{"lastPreviewUrl":915,"originalContentId":681,"winningTest":118,"hasLinks":6,"kind":438,"breakpoints":916,"hasAutosaves":6},"https://pushsecurity.com/uc/clickfix-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.ea4f309d2ffe46c5aa97ebf0fda4e2e3=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.use-case-page:/uc/clickfix-protection=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":918,"id":919,"name":920,"modelId":261,"published":13,"query":921,"data":924,"variations":1029,"lastUpdated":1030,"firstPublished":1031,"testRatio":33,"screenshot":1032,"createdBy":34,"lastUpdatedBy":674,"folders":1033,"meta":1034,"rev":440},1745009743870,"a9d5556e77f84a37b5bd52310a7110c1","Incident response",[922],{"@type":264,"property":265,"operator":266,"value":923},"/uc/incident-response",{"seoDescription":925,"customFonts":926,"title":920,"jsCode":37,"fontAwesomeIcon":931,"seoTitle":932,"tsCode":37,"blocks":933,"url":923,"state":1026},"Investigate and respond faster with unique browser telemetry.",[927],{"kind":273,"subsets":928,"menu":296,"variants":929,"category":295,"family":272,"version":274,"lastModified":275,"files":930},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"900italic":286,"600italic":294,"200italic":291,"300italic":293,"100italic":288,"700italic":287,"800italic":285,"regular":290,"italic":289,"500italic":292},"faSatelliteDish","Browser based incident response",[934,1021],{"@type":106,"@version":107,"tagName":323,"id":935,"meta":936,"children":937},"builder-653c4aed737b4def88dc4cd2d695660a",{"previousId":696},[938,955,962,969,978,988,998,1008,1015],{"@type":106,"@version":107,"id":939,"meta":940,"component":941,"responsiveStyles":953},"builder-18190bd36518467d9154d27d7e945b9b",{"previousId":700},{"name":327,"options":942,"isRSC":118},{"title":943,"description":944,"points":945,"video":952},"Browser-based incident response","\u003Cp>Push gives you real-time visibility into what actually happened during a breach, right in the browser where the attack played out. From credential theft to session hijacking, Push captures high-fidelity telemetry so you can investigate quickly, contain confidently, and shut it down before it spreads.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[946,948,950],{"item":947},"Reconstruct what happened with real browser session context",{"item":949},"Investigate faster with real-world session context",{"item":951},"Trigger response actions automatically through your SIEM or SOAR","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd00e39d3b6e346c296261d875cf55652%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=d00e39d3b6e346c296261d875cf55652&alt=media&optimized=true",{"large":954},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":956,"meta":957,"component":958,"responsiveStyles":960},"builder-8a0a8ea63f5d48dd8a6726f2d49cf0ca",{"previousId":716},{"name":346,"options":959,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":961},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":963,"meta":964,"component":965,"responsiveStyles":967},"builder-2df65c3f54334df2b26e7cb744886cdc",{"previousId":723},{"name":354,"options":966,"isRSC":118},{"darkMode":41},{"large":968},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":970,"component":971,"responsiveStyles":976},"builder-2c32c869efc2423ab69ef06b150e9f97",{"name":359,"tag":359,"options":972,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":973,"description":974,"image":975,"reverse":6},"\u003Ch2>See attacks unfold, not just their aftermath\u003C/h2>","\u003Cp>Attacks happen in the browser, not in logs. Push captures what traditional tools miss: what users clicked, what loaded, what was entered, and how attackers moved. That gives you real-world evidence, not just assumptions, when every second matters.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F36fc719bd1de4a38b916f4d25c81a26d",{"large":977},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":979,"meta":980,"component":981,"responsiveStyles":986},"builder-370e53c6016e432db01e9193a2ce90f6",{"previousId":739},{"name":373,"options":982,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":983,"description":984,"reverse":41,"image":985},"\u003Ch2>Investigate faster with high-fidelity data\u003C/h2>","\u003Cp>Reconstructing an incident shouldn’t feel like guesswork. Push records detailed telemetry from inside the browser: page loads, credential inputs, DOM changes, session activity, user behavior. It’s structured, exportable, and ready to plug into your investigation workflows, so you can move fast without digging through proxy logs or relying on user reports.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa6adda040e684e67a8d68a55c5ce5f6d",{"large":987},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":989,"meta":990,"component":991,"responsiveStyles":996},"builder-a7f3767a8d184bd08fb24520bf210e95",{"previousId":749},{"name":373,"options":992,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":993,"description":994,"reverse":6,"image":995},"\u003Ch2>Contain and respond in real time\u003C/h2>","\u003Cp>When something looks off, Push doesn’t just alert you, it gives you options. Guide users with in-browser prompts. Terminate sessions. Trigger SOAR workflows. Enrich SIEM alerts. Push gives you the context and control to stop spread before it starts.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb3dedeed5aba4847a2c2d22e10d0ec12",{"large":997},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":999,"meta":1000,"component":1001,"responsiveStyles":1006},"builder-b92036ee0ece4b32acdbdcc7c377366b",{"previousId":759},{"name":373,"options":1002,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1003,"description":1004,"reverse":41,"image":1005},"\u003Ch2>Prevent the next one\u003C/h2>","\u003Cp>Push helps you respond fast, but it also helps you fix what went wrong. It surfaces misconfigurations and risky behaviors that made the attack possible in the first place, then guides users in-browser to remediate. One tool. Full loop. No loose ends.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc1ecc2d5d3814b62b072fac01827ff96",{"large":1007},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1009,"meta":1010,"component":1011,"responsiveStyles":1013},"builder-5e8ae39655274de89da32ab573a2525a",{"previousId":769},{"name":354,"options":1012,"isRSC":118},{"darkMode":6},{"large":1014},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1016,"component":1017,"responsiveStyles":1019},"builder-dfd6850cfb4741d2b8a0c16c2780f00a",{"name":416,"tag":416,"options":1018,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1020},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1022,"@type":106,"tagName":131,"properties":1023,"responsiveStyles":1024},"builder-pixel-z197gdgcmu",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1025},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1027},{"path":37,"query":1028},{},{},1770892908052,1745427419274,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb07017bfd318431690a5bb35bda35b99",[],{"kind":438,"breakpoints":1035,"originalContentId":681,"winningTest":118,"lastPreviewUrl":1036,"hasLinks":6,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/incident-response?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.a9d5556e77f84a37b5bd52310a7110c1=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.use-case-page:/uc/incident-response=a9d5556e77f84a37b5bd52310a7110c1&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"createdDate":1038,"id":1039,"name":1040,"modelId":261,"published":13,"query":1041,"data":1044,"variations":1149,"lastUpdated":1150,"firstPublished":1151,"testRatio":33,"screenshot":1152,"createdBy":34,"lastUpdatedBy":674,"folders":1153,"meta":1154,"rev":440},1746122471259,"5f118e24433d46ceb79f5099987156d7","Shadow SaaS",[1042],{"@type":264,"property":265,"operator":266,"value":1043},"/uc/shadow-saas",{"seoTitle":1045,"seoDescription":1046,"customFonts":1047,"fontAwesomeIcon":1052,"title":1053,"jsCode":37,"tsCode":37,"blocks":1054,"url":1043,"state":1146},"Find and secure shadow SaaS","See and control shadow SaaS in the browser.",[1048],{"kind":273,"variants":1049,"files":1050,"family":272,"version":274,"subsets":1051,"lastModified":275,"category":295,"menu":296},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"regular":290,"900italic":286,"italic":289,"100italic":288,"200italic":291,"600italic":294,"700italic":287,"800italic":285},[298,299],"faShieldCheck","Secure shadow SaaS",[1055,1141],{"@type":106,"@version":107,"tagName":323,"id":1056,"meta":1057,"children":1058},"builder-04da805c4cd34652a2db452fcda52e1d",{"previousId":935},[1059,1075,1082,1089,1098,1108,1118,1128,1135],{"@type":106,"@version":107,"id":1060,"meta":1061,"component":1062,"responsiveStyles":1073},"builder-830d414faeaf41439142f9157e8288c8",{"previousId":939},{"name":327,"options":1063,"isRSC":118},{"title":1045,"description":1064,"points":1065,"video":1072},"\u003Cp>SaaS sprawl is one of today’s fastest-growing security blind spots because most tools monitor around the edges. Push sees it at the source, in the browser, revealing every app users access, flagging risky tools, and helping you shut down exposure before it leads to a breach. No guesswork. No nasty surprises. Just real-time visibility and control.\u003C/p>",[1066,1068,1070],{"item":1067},"Discover every SaaS app users access, managed or not",{"item":1069},"Spot accounts with weak security postures like missing MFA, unmanaged access, and no SSO",{"item":1071},"Control usage with in-browser prompts, blocks, and security guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e4eece318d04d6586e691d59d0741cf%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=3e4eece318d04d6586e691d59d0741cf&alt=media&optimized=true",{"large":1074},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1076,"meta":1077,"component":1078,"responsiveStyles":1080},"builder-cd7833f966cb4c7e8adf0d6c979414a6",{"previousId":956},{"name":346,"options":1079,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1081},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1083,"meta":1084,"component":1085,"responsiveStyles":1087},"builder-49d720b45430454e8b08c526f267c19f",{"previousId":963},{"name":354,"options":1086,"isRSC":118},{"darkMode":41},{"large":1088},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1090,"component":1091,"responsiveStyles":1096},"builder-3dde0bf6c8544e5e9ab41b18a9d68034",{"name":359,"tag":359,"options":1092,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1093,"description":1094,"image":1095,"reverse":6},"\u003Ch2>Use your browser to curb Saas Sprawl\u003C/h2>","\u003Cp>Shadow SaaS isn’t hiding in your network, it’s in your browser. From AI tools to unsanctioned file-sharing sites, security risks live in the apps your users sign into every day. Push maps your organization's true SaaS footprint in real time, exposing apps and accounts with unmanaged access, poor authentication, or no security oversight.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb6811a214c7949b6bbe0b9a3bca62efd",{"large":1097},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1099,"meta":1100,"component":1101,"responsiveStyles":1106},"builder-e2420451ccdc4f088d0a4904cff45935",{"previousId":979},{"name":373,"options":1102,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1103,"description":1104,"reverse":41,"image":1105},"\u003Ch2>Discover hidden SaaS usage\u003C/h2>","\u003Cp>Push captures live browser telemetry across every tab and session. Whether a user signs into a sanctioned app with a personal account or tries a new AI plugin, you’ll see it in real time, with no integrations or manual tagging.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe16e301f9af94665b95d98232a863d8a",{"large":1107},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1109,"meta":1110,"component":1111,"responsiveStyles":1116},"builder-b36de7fce7994beea9e58d94662e7166",{"previousId":989},{"name":373,"options":1112,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1113,"description":1114,"reverse":6,"image":1115},"\u003Ch2>Spot risky access and unsafe usage\u003C/h2>","\u003Cp>Discovery is just the beginning. Push flags apps with risky traits, no MFA, no SSO, known vulnerabilities, or broad access scopes. You’ll know which tools introduce real risk, and which users are exposed so you can act with precision.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6585f3c242da4d70ae3cb7d02f481bef",{"large":1117},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1119,"meta":1120,"component":1121,"responsiveStyles":1126},"builder-dc366b5134684fe7a508edf8913103ea",{"previousId":999},{"name":373,"options":1122,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1123,"description":1124,"reverse":41,"image":1125},"\u003Ch2>Close gaps before they grow\u003C/h2>","\u003Cp>Push turns insight into action. When risky SaaS use is detected, guide users to enable MFA, block high-risk apps, or apply in-browser guardrails automatically. All without deploying new infrastructure or managing dozens of integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe6d60b6d91414819bc6258a318f00557",{"large":1127},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1129,"meta":1130,"component":1131,"responsiveStyles":1133},"builder-8708f6f0d8da4b3f9e17bf16cda70219",{"previousId":1009},{"name":354,"options":1132,"isRSC":118},{"darkMode":6},{"large":1134},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1136,"component":1137,"responsiveStyles":1139},"builder-8ff4b38d60534cf28cb523ab0f754875",{"name":416,"tag":416,"options":1138,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1140},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1142,"@type":106,"tagName":131,"properties":1143,"responsiveStyles":1144},"builder-pixel-d1ul2kmxbed",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1145},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1147},{"path":37,"query":1148},{},{},1770892936802,1746714967208,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01bfb2304521412fbd2e1a1180904d40",[],{"originalContentId":919,"winningTest":118,"lastPreviewUrl":1155,"breakpoints":1156,"kind":438,"hasLinks":6,"hasAutosaves":6},"https://pushsecurity.com/uc/shadow-saas?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=5f118e24433d46ceb79f5099987156d7&builder.overrides.5f118e24433d46ceb79f5099987156d7=5f118e24433d46ceb79f5099987156d7&builder.overrides.use-case-page:/uc/shadow-saas=5f118e24433d46ceb79f5099987156d7&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":1158,"id":1159,"name":1160,"modelId":261,"published":13,"query":1161,"data":1164,"variations":1268,"lastUpdated":1269,"firstPublished":1270,"testRatio":33,"screenshot":1271,"createdBy":34,"lastUpdatedBy":674,"folders":1272,"meta":1273,"rev":440},1764707470172,"b62629ce2f3741158d961cd10fe74b31","Shadow AI",[1162],{"@type":264,"property":265,"operator":266,"value":1163},"/uc/shadow-ai",{"fontAwesomeIcon":1165,"seoTitle":1166,"jsCode":37,"customFonts":1167,"title":1172,"tsCode":37,"seoDescription":1173,"blocks":1174,"url":1163,"state":1265},"faBrainCircuit","Secure AI native and AI enhanced apps. ",[1168],{"variants":1169,"category":295,"files":1170,"subsets":1171,"family":272,"kind":273,"menu":296,"lastModified":275,"version":274},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"regular":290,"700italic":287,"200italic":291,"italic":289,"500italic":292,"600italic":294,"300italic":293,"100italic":288,"900italic":286},[298,299],"Secure shadow AI","See and control shadow AI apps in the browser.",[1175,1260],{"@type":106,"@version":107,"tagName":323,"id":1176,"meta":1177,"children":1178},"builder-a6e5717a2c914d5695058e4ee201a05d",{"previousId":1056},[1179,1195,1202,1209,1219,1228,1237,1247,1254],{"@type":106,"@version":107,"id":1180,"meta":1181,"component":1182,"responsiveStyles":1193},"builder-3e0ed678683f4a0eb7aa00253cf263b2",{"previousId":1060},{"name":327,"options":1183,"isRSC":118},{"title":1172,"description":1184,"points":1185,"image":1192},"\u003Cp>Your employees are adopting AI faster than you can track it. From native features in corporate apps to unapproved shadow tools, it’s all happening in the browser. Push detects every AI interaction in real time, letting you categorize apps and enforce acceptable use policies in the browser.\u003C/p>",[1186,1188,1190],{"item":1187},"Map every AI tool used across your workforce",{"item":1189},"Review and classify apps by sensitivity, purpose, and policy status",{"item":1191},"Enforce AI usage rules directly in the browser","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33cf153d920f4e389f3650253577cff7",{"large":1194},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1196,"meta":1197,"component":1198,"responsiveStyles":1200},"builder-76968f8471d14893b8189d75b08fb426",{"previousId":1076},{"name":346,"options":1199,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1201},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1203,"meta":1204,"component":1205,"responsiveStyles":1207},"builder-b55b9d4bc5a649d8839ce7f6c2043d95",{"previousId":1083},{"name":354,"options":1206,"isRSC":118},{"darkMode":41},{"large":1208},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1210,"meta":1211,"component":1212,"responsiveStyles":1217},"builder-c3f38ef4d75d4989a29b5903175ed8a1",{"previousId":1090},{"name":359,"tag":359,"options":1213,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1214,"description":1215,"image":1216,"reverse":6},"\u003Ch2>Use your browser to govern AI \u003C/h2>","\u003Cp>The AI footprint inside your company is bigger than you think. From text generators to meeting assistants and design copilots, employees test, adopt, and connect new tools constantly. Push shows you those tools and which users are accessing them, without relying on network scans or API integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F30b43bda6f1644c19478fb1efa20050c",{"large":1218},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1220,"meta":1221,"component":1222,"responsiveStyles":1226},"builder-90ee9cb9afc44e7f885523715bf51a53",{"previousId":1099},{"name":373,"options":1223,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1224,"description":1225,"reverse":41,"image":1115},"\u003Ch2>Discover every AI tool users touch\u003C/h2>","\u003Cp>Push captures live telemetry from the browser, identifying every AI-native and AI-enhanced application users access. You’ll know which corporate identities are connected, how data flows, and what new AI apps appear across your environment. \u003C/p>",{"large":1227},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1229,"meta":1230,"component":1231,"responsiveStyles":1235},"builder-9e44539fa53c4d8e87406036c921fc46",{"previousId":1109},{"name":373,"options":1232,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1233,"description":1234,"reverse":6,"image":1125},"\u003Ch2>Classify and manage AI risk\u003C/h2>","\u003Cp>For apps you choose to allow, Push lets you apply custom in-browser banners. You can bulk-select categories of AI tools and require users to read and acknowledge your acceptable use policy before they proceed. This creates an auditable trail and moves policy from an easy to forget document to an active, in-workflow control.\u003C/p>",{"large":1236},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1238,"meta":1239,"component":1240,"responsiveStyles":1245},"builder-44c1a891926f4bdeaaa37e90721fe6ac",{"previousId":1119},{"name":373,"options":1241,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1242,"description":1243,"reverse":41,"image":1244},"\u003Ch2>Enforce your AI policy in the browser\u003C/h2>","\u003Cp>When an AI tool is deemed non-compliant or too risky, Push blocks it at the source. The block happens directly in the browser, preventing the user from accessing the site or submitting data. This gives you an immediate, powerful lever to stop data exfiltration and enforce a hard line on unacceptable risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa359ac1805af4e15a8a7f84632b9bb55",{"large":1246},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1248,"meta":1249,"component":1250,"responsiveStyles":1252},"builder-dcc906f9cbe54dc68b3c672668e7a38f",{"previousId":1129},{"name":354,"options":1251,"isRSC":118},{"darkMode":6},{"large":1253},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1255,"component":1256,"responsiveStyles":1258},"builder-d2d64780c31b4349bc75805b23a07e38",{"name":416,"tag":416,"options":1257,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1259},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1261,"@type":106,"tagName":131,"properties":1262,"responsiveStyles":1263},"builder-pixel-wxx9tk70r9p",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1264},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1266},{"path":37,"query":1267},{},{},1770892957225,1764950077593,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe558b8b069884037a8e6904f7ecc029c",[],{"winningTest":118,"breakpoints":1274,"originalContentId":1039,"kind":438,"lastPreviewUrl":1275,"hasLinks":6,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/shadow-ai?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=b62629ce2f3741158d961cd10fe74b31&builder.overrides.b62629ce2f3741158d961cd10fe74b31=b62629ce2f3741158d961cd10fe74b31&builder.overrides.use-case-page:/uc/shadow-ai=b62629ce2f3741158d961cd10fe74b31&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"_path":1277,"_dir":1278,"_draft":6,"_partial":6,"_locale":37,"sys":1279,"ogImage":118,"summary":1282,"title":1303,"subtitle":118,"metaTitle":1304,"synopsis":1305,"hashTags":118,"publishedDate":1306,"slug":1307,"tagsCollection":1308,"relatedBlogPostsCollection":1318,"authorsCollection":2461,"content":2469,"_id":2920,"_type":2921,"_source":2922,"_file":2923,"_stem":2924,"_extension":2921},"/blog/understanding-shadow-it","blog",{"id":1280,"publishedAt":1281},"PFohPDnjNsdWymehsCvV6","2025-01-15T14:34:58.825Z",{"json":1283},{"data":1284,"content":1285,"nodeType":1302},{},[1286,1295],{"data":1287,"content":1288,"nodeType":1294},{},[1289],{"data":1290,"marks":1291,"value":1292,"nodeType":1293},{},[],"In this article, we’ll define shadow IT and shadow SaaS, talk through the serious security risks associated with them and give actionable guidance on how to manage the risks.","text","paragraph",{"data":1296,"content":1297,"nodeType":1294},{},[1298],{"data":1299,"marks":1300,"value":1301,"nodeType":1293},{},[],"\n","document","Understanding Shadow IT and Shadow SaaS: Definition, security risks, and how to manage it","Understanding Shadow IT and Shadow SaaS","We’ll define shadow IT, talk through the security risks associated with it and give some actionable guidance on how to manage it.\n","2023-08-30T00:00:00.000Z","understanding-shadow-it",{"items":1309},[1310,1314],{"sys":1311,"name":1313},{"id":1312},"3SA5H01UkKauuiTdt0KC6q","Shadow IT",{"sys":1315,"name":1317},{"id":1316},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"items":1319},[1320,2112],{"__typename":1321,"sys":1322,"content":1324,"title":2096,"synopsis":2097,"hashTags":118,"publishedDate":2098,"slug":2099,"tagsCollection":2100,"authorsCollection":2106},"BlogPosts",{"id":1323},"6ppEa7WXiKcgLQ9yGn7q3k",{"json":1325},{"nodeType":1302,"data":1326,"content":1327},{},[1328,1335,1342,1349,1359,1366,1375,1382,1388,1395,1403,1410,1417,1424,1432,1439,1445,1452,1468,1475,1482,1488,1495,1502,1518,1537,1544,1551,1558,1565,1572,1579,1603,1610,1617,1624,1631,1638,1645,1652,1659,1675,1710,1719,1726,1733,1740,1747,1770,1777,1784,1791,1798,1805,1812,1819,1826,1832,1839,1846,1853,1865,1872,1879,1886,1892,1899,1906,1913,1936,1943,1950,1957,1973,1980,1987,1994,2057,2063,2070,2077,2084,2090],{"nodeType":1294,"data":1329,"content":1330},{},[1331],{"nodeType":1293,"value":1332,"marks":1333,"data":1334},"Employees using a new work SaaS application used to be the final step of the software-onboarding process. ",[],{},{"nodeType":1294,"data":1336,"content":1337},{},[1338],{"nodeType":1293,"value":1339,"marks":1340,"data":1341},"Now it's the first. ",[],{},{"nodeType":1294,"data":1343,"content":1344},{},[1345],{"nodeType":1293,"value":1346,"marks":1347,"data":1348},"SaaS providers bypass IT and security and hook employees with free apps and trials. This has led to sensitive data on shadow SaaS applications that’s accessible via unmanaged cloud accounts – all those accounts that aren’t protected by SSO or logged into via social login accounts. This leads to security threats because attackers know SaaS is a blind spot for most organizations.",[],{},{"nodeType":1294,"data":1350,"content":1351},{},[1352],{"nodeType":1293,"value":1353,"marks":1354,"data":1358},"Attackers exploit this unmonitored attack surface with new takes on old techniques that are going undetected.",[1355,1357],{"type":1356},"bold",{"type":312},{},{"nodeType":1294,"data":1360,"content":1361},{},[1362],{"nodeType":1293,"value":1363,"marks":1364,"data":1365},"We’ve gone from this:",[],{},{"nodeType":1367,"data":1368,"content":1374},"embedded-entry-block",{"target":1369},{"sys":1370},{"id":1371,"type":1372,"linkType":1373},"1Dw4V0Fd0wI8yB6juzyWjg","Link","Entry",[],{"nodeType":1294,"data":1376,"content":1377},{},[1378],{"nodeType":1293,"value":1379,"marks":1380,"data":1381},"To this: ",[],{},{"nodeType":1367,"data":1383,"content":1387},{"target":1384},{"sys":1385},{"id":1386,"type":1372,"linkType":1373},"61Oj6GzX4amLxEJ5fPDJCq",[],{"nodeType":1294,"data":1389,"content":1390},{},[1391],{"nodeType":1293,"value":1392,"marks":1393,"data":1394},"Security is now coming in at the end of their old software procurement process and needs to figure out how to regain control of their data. ",[],{},{"nodeType":1396,"data":1397,"content":1398},"heading-1",{},[1399],{"nodeType":1293,"value":1400,"marks":1401,"data":1402},"You don’t want to stop employees from adopting SaaS apps… ",[],{},{"nodeType":1294,"data":1404,"content":1405},{},[1406],{"nodeType":1293,"value":1407,"marks":1408,"data":1409},"Employees self-adopting SaaS platforms might sound like a security nightmare, but it doesn’t have to be. This actually enables employees to be more productive and your business to be more competitive. ",[],{},{"nodeType":1294,"data":1411,"content":1412},{},[1413],{"nodeType":1293,"value":1414,"marks":1415,"data":1416},"This new landscape has fundamentally changed how software is brought into the business. The days of security acting as a gatekeeper that all apps must pass through before they can touch live data are over. The market forces driving self-service apps aren’t stopping, so the security industry needs to adapt.",[],{},{"nodeType":1396,"data":1418,"content":1419},{},[1420],{"nodeType":1293,"value":1421,"marks":1422,"data":1423},"What’s the impact of self-adoption on security?",[],{},{"nodeType":1425,"data":1426,"content":1427},"heading-2",{},[1428],{"nodeType":1293,"value":1429,"marks":1430,"data":1431},"Loss of visibility",[],{},{"nodeType":1294,"data":1433,"content":1434},{},[1435],{"nodeType":1293,"value":1436,"marks":1437,"data":1438},"Most SaaS providers have moved to the product-led growth (PLG) model as the fastest and easiest way to get users for their apps. They want employees to start using SaaS without going through IT and security teams’ lengthy approval processes. This SaaS vendor sales model has had a massive impact on security and introduced SaaS security risks, but most security teams are unaware of the scale and scope of the problem because they can’t get necessary visibility into all the tools and apps their employees are using.",[],{},{"nodeType":1425,"data":1440,"content":1441},{},[1442],{"nodeType":1293,"value":1040,"marks":1443,"data":1444},[],{},{"nodeType":1294,"data":1446,"content":1447},{},[1448],{"nodeType":1293,"value":1449,"marks":1450,"data":1451},"This problem is often called “Shadow SaaS” and it’s also the first problem to solve -  the old adage “you can’t secure what you don’t know about” is as true in the SaaS world as it is in any other security domain.",[],{},{"nodeType":1294,"data":1453,"content":1454},{},[1455,1459,1464],{"nodeType":1293,"value":1456,"marks":1457,"data":1458},"The lack of visibility means many IT and security teams missed the explosion of SaaS apps, plugins, extensions, and integrations that make up the modern IT stack. More crucially,",[],{},{"nodeType":1293,"value":1460,"marks":1461,"data":1463}," they’ve missed the movement of company data into these apps.",[1462],{"type":312},{},{"nodeType":1293,"value":1465,"marks":1466,"data":1467}," ",[],{},{"nodeType":1425,"data":1469,"content":1470},{},[1471],{"nodeType":1293,"value":1472,"marks":1473,"data":1474},"SaaS Sprawl",[],{},{"nodeType":1294,"data":1476,"content":1477},{},[1478],{"nodeType":1293,"value":1479,"marks":1480,"data":1481},"Complicating matters further, many of these apps are duplicate, abandoned or unmanaged - an issue often called “SaaS sprawl.”",[],{},{"nodeType":1367,"data":1483,"content":1487},{"target":1484},{"sys":1485},{"id":1486,"type":1372,"linkType":1373},"5NfrrDeIPs7TE213UYly7E",[],{"nodeType":1425,"data":1489,"content":1490},{},[1491],{"nodeType":1293,"value":1492,"marks":1493,"data":1494},"Increasing incidents and impacts",[],{},{"nodeType":1294,"data":1496,"content":1497},{},[1498],{"nodeType":1293,"value":1499,"marks":1500,"data":1501},"Though security teams have lost direct visibility, they’ve not lost complete visibility and many are finding out about at least a fraction of these apps - typically by working with finance teams once employees want apps to go from free-tier to licensed plans. And all too often, security teams find out about shadow SaaS apps in the worst way possible - when something has already gone wrong and security is asked to respond to an incident on a SaaS platform.",[],{},{"nodeType":1294,"data":1503,"content":1504},{},[1505,1509,1514],{"nodeType":1293,"value":1506,"marks":1507,"data":1508},"In both cases, ",[],{},{"nodeType":1293,"value":1510,"marks":1511,"data":1513},"Security is getting visibility too late to be of much value",[1512],{"type":312},{},{"nodeType":1293,"value":1515,"marks":1516,"data":1517},". Once a team has been using an app (even on a free tier) for a year, there’s not much Security can do that will convince employees/teams to move to a more secure app. ",[],{},{"nodeType":1294,"data":1519,"content":1520},{},[1521,1527,1532],{"nodeType":1293,"value":1522,"marks":1523,"data":1526},"To change that, Security needs to intervene and get involved very early in the app adoption process ",[1524,1525],{"type":1356},{"type":312},{},{"nodeType":1293,"value":1528,"marks":1529,"data":1531},"- long before finance is involved.",[1530],{"type":312},{},{"nodeType":1293,"value":1465,"marks":1533,"data":1536},[1534,1535],{"type":1356},{"type":312},{},{"nodeType":1294,"data":1538,"content":1539},{},[1540],{"nodeType":1293,"value":1541,"marks":1542,"data":1543},"Incident Response is necessary, of course, when a SaaS account is breached, but can’t recover the lost data after attackers have had access to it. ",[],{},{"nodeType":1425,"data":1545,"content":1546},{},[1547],{"nodeType":1293,"value":1548,"marks":1549,"data":1550},"Holy S*it - there are so many apps!",[],{},{"nodeType":1294,"data":1552,"content":1553},{},[1554],{"nodeType":1293,"value":1555,"marks":1556,"data":1557},"Once teams get visibility into the scope of the Shadow SaaS and sprawl problem, they’re usually surprised by the sheer volume of apps employees have adopted. \n\nThen they realize they need to do risk assessments on dozens of apps a month instead of the dozen a year that were going through IT in the old, managed and controlled process. To deal with this massive influx of new apps, security teams feel they must either radically increase the headcount, cut corners or drastically increase acceptable risk levels for data security. Neither of these are great options.",[],{},{"nodeType":1425,"data":1559,"content":1560},{},[1561],{"nodeType":1293,"value":1562,"marks":1563,"data":1564},"This is why SSPMs and CASBs exist, right?",[],{},{"nodeType":1294,"data":1566,"content":1567},{},[1568],{"nodeType":1293,"value":1569,"marks":1570,"data":1571},"SaaS Security Posture Management (SSPMs) and Cloud Access Security Brokers (CASBs) are the most common categories of solutions meant to attack this visibility blindspot issue, but none of these tools are getting the full picture of the problem. ",[],{},{"nodeType":1294,"data":1573,"content":1574},{},[1575],{"nodeType":1293,"value":1576,"marks":1577,"data":1578},"At best, they simply chip away at the problem and make security feel like they’ve got a handle on employee-adopted SaaS. At worst, they give a false sense of security while only actually covering a small portion of the SaaS apps where business data actually lives. ",[],{},{"nodeType":1294,"data":1580,"content":1581},{},[1582,1586,1599],{"nodeType":1293,"value":1583,"marks":1584,"data":1585},"The key thing to consider about any of these solutions is what data sources they’re using to collect (typically network data, financial records, email data, application or endpoint data). We won’t dig into the full list of pros and cons of these types of tools, but we encourage you to read about them more ",[],{},{"nodeType":1587,"data":1588,"content":1592},"entry-hyperlink",{"target":1589},{"sys":1590},{"id":1591,"type":1372,"linkType":1373},"45iZ69EdPF4629gZ6yf7p5",[1593],{"nodeType":1293,"value":1594,"marks":1595,"data":1598},"here",[1596],{"type":1597},"underline",{},{"nodeType":1293,"value":1600,"marks":1601,"data":1602},". ",[],{},{"nodeType":1294,"data":1604,"content":1605},{},[1606],{"nodeType":1293,"value":1607,"marks":1608,"data":1609},"SSPM tools typically don’t do SaaS discovery - they don’t find apps employees log into, but they do tackle the application hardening and monitoring problem because they focus on policy enforcement and log-monitoring through APIs. ",[],{},{"nodeType":1294,"data":1611,"content":1612},{},[1613],{"nodeType":1293,"value":1614,"marks":1615,"data":1616},"Both SSPMs and CASBs make sense logically as a way to regain control of the situation. But we’d like to challenge the thinking that regaining control has to mean enforcing rigid security policies and restricting app access. ",[],{},{"nodeType":1396,"data":1618,"content":1619},{},[1620],{"nodeType":1293,"value":1621,"marks":1622,"data":1623},"Adjust your thinking to secure SaaS",[],{},{"nodeType":1425,"data":1625,"content":1626},{},[1627],{"nodeType":1293,"value":1628,"marks":1629,"data":1630},"Resist the temptation to revert to the old ways ",[],{},{"nodeType":1294,"data":1632,"content":1633},{},[1634],{"nodeType":1293,"value":1635,"marks":1636,"data":1637},"When the idea of the options above proves daunting or impossible, Security often tries to revert to the old process - putting security measures in place to regain the ability to set the pace of adoption by re-establishing the gate. ",[],{},{"nodeType":1294,"data":1639,"content":1640},{},[1641],{"nodeType":1293,"value":1642,"marks":1643,"data":1644},"Practically, this means that you’re deploying technical controls to try block all SaaS apps until they are approved (and marked as allowed) by IT or Security. Technically, this makes total sense. But the unforeseen consequence is that it positions Security as blockers (aka the “Department of No”) and puts them at odds with the rest of the business, rather than working towards a shared goal. ",[],{},{"nodeType":1425,"data":1646,"content":1647},{},[1648],{"nodeType":1293,"value":1649,"marks":1650,"data":1651},"Why being the “Department of No” doesn’t work ",[],{},{"nodeType":1294,"data":1653,"content":1654},{},[1655],{"nodeType":1293,"value":1656,"marks":1657,"data":1658},"This block-everything-until-security-approves-it position requires incredible executive support to maintain. For all but the most risk-sensitive organizations (read .gov), this position also normalizes employee behavior to bypass Security in favor of working quickly and effectively. ",[],{},{"nodeType":1294,"data":1660,"content":1661},{},[1662,1666,1671],{"nodeType":1293,"value":1663,"marks":1664,"data":1665},"In the end, Security actually ",[],{},{"nodeType":1293,"value":1667,"marks":1668,"data":1670},"loses visibility",[1669],{"type":312},{},{"nodeType":1293,"value":1672,"marks":1673,"data":1674}," into employee SaaS use and effectively loses control, rather than locking it down. On behalf of all the employees out there, I want to make a point to say employees aren’t trying to break rules Security put in place, they’re just trying to get their jobs done, and might try and find ways around things they see as unreasonably slowing them down or preventing them from reaching their targets. Seen in this light, it’s no surprise that:",[],{},{"nodeType":1676,"data":1677,"content":1678},"unordered-list",{},[1679,1690,1700],{"nodeType":1680,"data":1681,"content":1682},"list-item",{},[1683],{"nodeType":1294,"data":1684,"content":1685},{},[1686],{"nodeType":1293,"value":1687,"marks":1688,"data":1689},"If you block websites, employees bypass network controls, ",[],{},{"nodeType":1680,"data":1691,"content":1692},{},[1693],{"nodeType":1294,"data":1694,"content":1695},{},[1696],{"nodeType":1293,"value":1697,"marks":1698,"data":1699},"if you block social logins, employees use passwords, ",[],{},{"nodeType":1680,"data":1701,"content":1702},{},[1703],{"nodeType":1294,"data":1704,"content":1705},{},[1706],{"nodeType":1293,"value":1707,"marks":1708,"data":1709},"if you stop them using work devices to sign up to apps, they use personal devices.",[],{},{"nodeType":1294,"data":1711,"content":1712},{},[1713],{"nodeType":1293,"value":1714,"marks":1715,"data":1718},"Each blocking action leads to a worse security outcome and blinds the security team further - losing control rather than regaining it.",[1716,1717],{"type":1356},{"type":312},{},{"nodeType":1294,"data":1720,"content":1721},{},[1722],{"nodeType":1293,"value":1723,"marks":1724,"data":1725},"You can attempt to delay this process by blocking, or you can adapt.",[],{},{"nodeType":1425,"data":1727,"content":1728},{},[1729],{"nodeType":1293,"value":1730,"marks":1731,"data":1732},"Don’t worry, there’s a better way, but you must adapt your thinking",[],{},{"nodeType":1294,"data":1734,"content":1735},{},[1736],{"nodeType":1293,"value":1737,"marks":1738,"data":1739},"The first thing we need to do as an industry is agree that we don’t want to be the blockers. We don’t want to stop employees from self-adopting apps. We understand they are best placed to find and select the tools that are going to allow them to be more productive and help your company succeed. ",[],{},{"nodeType":1294,"data":1741,"content":1742},{},[1743],{"nodeType":1293,"value":1744,"marks":1745,"data":1746},"We need to:",[],{},{"nodeType":1676,"data":1748,"content":1749},{},[1750,1760],{"nodeType":1680,"data":1751,"content":1752},{},[1753],{"nodeType":1294,"data":1754,"content":1755},{},[1756],{"nodeType":1293,"value":1757,"marks":1758,"data":1759},"embrace SaaS app self-adoption, and ",[],{},{"nodeType":1680,"data":1761,"content":1762},{},[1763],{"nodeType":1294,"data":1764,"content":1765},{},[1766],{"nodeType":1293,"value":1767,"marks":1768,"data":1769},"stop asking employees to adapt to fit our legacy processes. ",[],{},{"nodeType":1294,"data":1771,"content":1772},{},[1773],{"nodeType":1293,"value":1774,"marks":1775,"data":1776},"Security can no longer be a gate with a default stance of “No, until.” Instead Security needs to be a partner that says “Yes, unless.”",[],{},{"nodeType":1425,"data":1778,"content":1779},{},[1780],{"nodeType":1293,"value":1781,"marks":1782,"data":1783},"From the “Department of No” to the “Department of Yes, Unless?”",[],{},{"nodeType":1294,"data":1785,"content":1786},{},[1787],{"nodeType":1293,"value":1788,"marks":1789,"data":1790},"To adapt to this new SaaS-first world, security must move from saying “No, until we’ve had time to fully vet and onboard this app officially” to “Yes! You can use that app, unless we quickly identify security risks that outweigh the value of the tool.”",[],{},{"nodeType":1294,"data":1792,"content":1793},{},[1794],{"nodeType":1293,"value":1795,"marks":1796,"data":1797},"We know this is deeply uncomfortable for many security practitioners, but it will lead to a better long-term outcome.",[],{},{"nodeType":1396,"data":1799,"content":1800},{},[1801],{"nodeType":1293,"value":1802,"marks":1803,"data":1804},"How to regain control of the SaaS explosion",[],{},{"nodeType":1425,"data":1806,"content":1807},{},[1808],{"nodeType":1293,"value":1809,"marks":1810,"data":1811},"Step 1: Understand how employees typically test drive and eventually adopt SaaS",[],{},{"nodeType":1294,"data":1813,"content":1814},{},[1815],{"nodeType":1293,"value":1816,"marks":1817,"data":1818},"Obviously, self-adoption of SaaS is fundamentally different to IT/Security adopted and managed from a risk perspective. With SaaS, there’s no giant commitment upfront. Apps don’t (usually) just go from unknown and unused to adopted in a day. Just like adopting software was a process for Security and IT back in the day, employees follow a (less rigid) process with SaaS - from testing > to using > to finding value > to inviting teammates, etc. ",[],{},{"nodeType":1294,"data":1820,"content":1821},{},[1822],{"nodeType":1293,"value":1823,"marks":1824,"data":1825},"The risk grows as we proceed through the adoption process as employees add more data into the app and integrate it with other apps. The workflow below outlines a fairly typical SaaS testing and adopting process for employees:",[],{},{"nodeType":1367,"data":1827,"content":1831},{"target":1828},{"sys":1829},{"id":1830,"type":1372,"linkType":1373},"2nzyuXDxjBGZN0YMvskGak",[],{"nodeType":1425,"data":1833,"content":1834},{},[1835],{"nodeType":1293,"value":1836,"marks":1837,"data":1838},"Step 2: Get involved early to have a real security impact",[],{},{"nodeType":1294,"data":1840,"content":1841},{},[1842],{"nodeType":1293,"value":1843,"marks":1844,"data":1845},"The upside for Security is that because SaaS adoption is a process over time, we can use that time to assess the risk of the app before it’s fully adopted, as long as we know about the app from the start. ",[],{},{"nodeType":1294,"data":1847,"content":1848},{},[1849],{"nodeType":1293,"value":1850,"marks":1851,"data":1852},"The goal is to catch those apps that are high risk, either because the data going into them (or that will be) is high risk or because the app can perform some high-risk action (like managing your inventory or sending emails to customers or your behalf). Security can focus their efforts on these high-risk vendors and apps to make sure they can be trusted with their data. ",[],{},{"nodeType":1294,"data":1854,"content":1855},{},[1856,1860],{"nodeType":1293,"value":1857,"marks":1858,"data":1859},"But this is key: ",[],{},{"nodeType":1293,"value":1861,"marks":1862,"data":1864},"Security needs to get involved early in the adoption process. ",[1863],{"type":312},{},{"nodeType":1425,"data":1866,"content":1867},{},[1868],{"nodeType":1293,"value":1869,"marks":1870,"data":1871},"Step 3: Get real-time visibility into SaaS apps and risks as employees sign up for them",[],{},{"nodeType":1294,"data":1873,"content":1874},{},[1875],{"nodeType":1293,"value":1876,"marks":1877,"data":1878},"You guessed it - Push can help!",[],{},{"nodeType":1294,"data":1880,"content":1881},{},[1882],{"nodeType":1293,"value":1883,"marks":1884,"data":1885},"We detect employees signing up to new apps and integrating third-party apps to your core work platforms in real-time. That allows you to step in at the earliest opportunity to vet the app for critical issues and guide the employee through the appropriate app onboarding steps. This allows you to focus on the new stuff and buy yourself time. ",[],{},{"nodeType":1367,"data":1887,"content":1891},{"target":1888},{"sys":1889},{"id":1890,"type":1372,"linkType":1373},"1hqMZl60NhvhHIfnO7FttV",[],{"nodeType":1425,"data":1893,"content":1894},{},[1895],{"nodeType":1293,"value":1896,"marks":1897,"data":1898},"Step 4: Avoid wasting time on false-positives",[],{},{"nodeType":1294,"data":1900,"content":1901},{},[1902],{"nodeType":1293,"value":1903,"marks":1904,"data":1905},"You need to trust your data if you want to take action based on the visibility you have of what apps employees are using and how they’re using them. Doing risk assessments or chasing employees about apps they’re not using wastes time and burns goodwill. ",[],{},{"nodeType":1294,"data":1907,"content":1908},{},[1909],{"nodeType":1293,"value":1910,"marks":1911,"data":1912},"Good data allows you to:",[],{},{"nodeType":1676,"data":1914,"content":1915},{},[1916,1926],{"nodeType":1680,"data":1917,"content":1918},{},[1919],{"nodeType":1294,"data":1920,"content":1921},{},[1922],{"nodeType":1293,"value":1923,"marks":1924,"data":1925},"Quickly and accurately identify new SaaS apps and integrations as employees adopt them. ",[],{},{"nodeType":1680,"data":1927,"content":1928},{},[1929],{"nodeType":1294,"data":1930,"content":1931},{},[1932],{"nodeType":1293,"value":1933,"marks":1934,"data":1935},"Identify the security issues that attackers can exploit to compromise your data through common attacks like Credential Stuffing. ",[],{},{"nodeType":1425,"data":1937,"content":1938},{},[1939],{"nodeType":1293,"value":1940,"marks":1941,"data":1942},"Step 5: Use Browser extension data to get the most accurate and useful data for SaaS visibility and risk ",[],{},{"nodeType":1294,"data":1944,"content":1945},{},[1946],{"nodeType":1293,"value":1947,"marks":1948,"data":1949},"Push collects data directly from the app using a browser extension, rather than guessing possible use from other sources like network traffic or email. ",[],{},{"nodeType":1294,"data":1951,"content":1952},{},[1953],{"nodeType":1293,"value":1954,"marks":1955,"data":1956},"That makes Push the only SaaS security solution that can directly observe all SaaS use and the only solution that can identify account security issues across hundreds of apps - completely automatically. ",[],{},{"nodeType":1294,"data":1958,"content":1959},{},[1960,1964,1969],{"nodeType":1293,"value":1961,"marks":1962,"data":1963},"No need for API support, no need for an admin account. It just works. For ",[],{},{"nodeType":1293,"value":1965,"marks":1966,"data":1968},"all",[1967],{"type":1356},{},{"nodeType":1293,"value":1970,"marks":1971,"data":1972}," your SaaS.",[],{},{"nodeType":1425,"data":1974,"content":1975},{},[1976],{"nodeType":1293,"value":1977,"marks":1978,"data":1979},"Step 6: Identify account security risks and discover shadow SaaS at the same time",[],{},{"nodeType":1294,"data":1981,"content":1982},{},[1983],{"nodeType":1293,"value":1984,"marks":1985,"data":1986},"Of course you need to start by discovering SaaS and getting a reliable inventory - but this on its own won’t stop accounts on those apps from getting breached. The most common way SaaS accounts are breached is through attacks like credential stuffing that target weak, breached or shared passwords on accounts that don’t have MFA enabled. ",[],{},{"nodeType":1294,"data":1988,"content":1989},{},[1990],{"nodeType":1293,"value":1991,"marks":1992,"data":1993},"Push can identify account security issues to prevent these common attacks. These include:",[],{},{"nodeType":1676,"data":1995,"content":1996},{},[1997,2007,2017,2027,2037,2047],{"nodeType":1680,"data":1998,"content":1999},{},[2000],{"nodeType":1294,"data":2001,"content":2002},{},[2003],{"nodeType":1293,"value":2004,"marks":2005,"data":2006},"Compromised passwords",[],{},{"nodeType":1680,"data":2008,"content":2009},{},[2010],{"nodeType":1294,"data":2011,"content":2012},{},[2013],{"nodeType":1293,"value":2014,"marks":2015,"data":2016},"Guessable passwords",[],{},{"nodeType":1680,"data":2018,"content":2019},{},[2020],{"nodeType":1294,"data":2021,"content":2022},{},[2023],{"nodeType":1293,"value":2024,"marks":2025,"data":2026},"Account-sharing between multiple employees",[],{},{"nodeType":1680,"data":2028,"content":2029},{},[2030],{"nodeType":1294,"data":2031,"content":2032},{},[2033],{"nodeType":1293,"value":2034,"marks":2035,"data":2036},"Sharing passwords across multiple accounts",[],{},{"nodeType":1680,"data":2038,"content":2039},{},[2040],{"nodeType":1294,"data":2041,"content":2042},{},[2043],{"nodeType":1293,"value":2044,"marks":2045,"data":2046},"Missing MFA",[],{},{"nodeType":1680,"data":2048,"content":2049},{},[2050],{"nodeType":1294,"data":2051,"content":2052},{},[2053],{"nodeType":1293,"value":2054,"marks":2055,"data":2056},"Password manager use",[],{},{"nodeType":1367,"data":2058,"content":2062},{"target":2059},{"sys":2060},{"id":2061,"type":1372,"linkType":1373},"3hR2N6WoP5WDyD6O6zdJP1",[],{"nodeType":1294,"data":2064,"content":2065},{},[2066],{"nodeType":1293,"value":2067,"marks":2068,"data":2069},"We identify these issues at the same time we discover shadow SaaS apps, so you can tackle account compromise at the same time as SaaS discovery to reduce your SaaS security risk exposure faster.",[],{},{"nodeType":1425,"data":2071,"content":2072},{},[2073],{"nodeType":1293,"value":2074,"marks":2075,"data":2076},"Step 7: Automatically reduce the risks we find by engaging employees",[],{},{"nodeType":1294,"data":2078,"content":2079},{},[2080],{"nodeType":1293,"value":2081,"marks":2082,"data":2083},"How do we actually reduce the risks? We engage employees directly via Slack or MS Teams, explain the account security issue we’ve identified in a way they’ll understand, and help them understand how it’s putting them and the business at risk. Then we guide them on how to fix it.",[],{},{"nodeType":1367,"data":2085,"content":2089},{"target":2086},{"sys":2087},{"id":2088,"type":1372,"linkType":1373},"7Hgf81IlfZKoUMOp26ZXmq",[],{"nodeType":1294,"data":2091,"content":2092},{},[2093],{"nodeType":1293,"value":37,"marks":2094,"data":2095},[],{},"7 Steps to secure your data across shadow SaaS apps","Attackers commonly target SaaS apps because they know employees sign up without running them past IT first. Learn how to adjust to secure your data.\n","2023-06-26T00:00:00.000Z","3-steps-to-secure-your-data-across-shadow-saas-apps",{"items":2101},[2102,2104],{"sys":2103,"name":1313},{"id":1312},{"sys":2105,"name":1317},{"id":1316},{"items":2107},[2108],{"fullName":2109,"firstName":2109,"jobTitle":118,"profilePicture":2110},"The Push Team",{"url":2111},"https://images.ctfassets.net/y1cdw1ablpvd/7xpR9kiHAQWtZBj2rpOmmU/052ddfbb96afb37962278062047ab16d/Twitter_Linkedin_icon_white.png",{"__typename":1321,"sys":2113,"content":2115,"title":2443,"synopsis":2444,"hashTags":118,"publishedDate":2445,"slug":2446,"tagsCollection":2447,"authorsCollection":2453},{"id":2114},"4LOMe7ez5adQtwbPireIBc",{"json":2116},{"data":2117,"content":2118,"nodeType":1302},{},[2119,2126,2146,2153,2160,2167,2174,2181,2188,2195,2202,2209,2216,2223,2230,2246,2253,2260,2267,2274,2281,2288,2307,2314,2321,2328,2335,2342,2350,2383,2391,2424],{"data":2120,"content":2121,"nodeType":1294},{},[2122],{"data":2123,"marks":2124,"value":2125,"nodeType":1293},{},[],"As part of your larger cloud security strategy, you’ve likely been asked to focus on how to secure SaaS apps used in your company. The first step to securing SaaS is getting a real sense of what platforms employees are actually using, beyond those that you already know about. Since SaaS is so easy for employees to adopt and start using without any input from IT and security, they’re likely using hundreds of SaaS apps that aren’t even on your radar. The first step in securing something is getting full visibility into what you even need to secure in the first place. ",{"data":2127,"content":2128,"nodeType":1294},{},[2129,2133,2142],{"data":2130,"marks":2131,"value":2132,"nodeType":1293},{},[],"To help guide folks through how you might do SaaS discovery on your own, we wrote an ",{"data":2134,"content":2137,"nodeType":1587},{"target":2135},{"sys":2136},{"id":1591,"type":1372,"linkType":1373},[2138],{"data":2139,"marks":2140,"value":2141,"nodeType":1293},{},[],"article",{"data":2143,"marks":2144,"value":2145,"nodeType":1293},{},[]," about how to manually find what apps employees are using. In it, we explored how to analyze data that you already have on hand to find the unknown apps (shadow IT) used within your business. That’s a pretty significant manual effort, though, and most security teams don’t have the resources to do it. Plus, while these manual attempts can chip away at the SaaS discovery process, none are great at giving you a comprehensive view of SaaS use, nor do they keep up with the constant influx of apps employees are signing up for daily. ",{"data":2147,"content":2148,"nodeType":1294},{},[2149],{"data":2150,"marks":2151,"value":2152,"nodeType":1293},{},[],"To get truly broad coverage of what SaaS employees are using, you need a large dataset of SaaS apps, the domains associated with them, and this dataset must constantly be updated and expanded to include new apps that are launched every day. ",{"data":2154,"content":2155,"nodeType":1294},{},[2156],{"data":2157,"marks":2158,"value":2159,"nodeType":1293},{},[],"Unless you can find such a dataset, you must create it. And creating a constantly updated dataset is no small undertaking. That’s why there are so many off-the-shelf solutions and tools that focus solely on SaaS discovery these days. Many say that they are full-scale SaaS security platforms, but what that means isn’t always clear, even after reading product marketing materials. If you were to look at a venn diagram of “SaaS security platforms,” you’d have a giant mess of interlocking circles, with some shared activities amongst all (or most) tools and then vastly different features from that core functionality.",{"data":2161,"content":2162,"nodeType":1294},{},[2163],{"data":2164,"marks":2165,"value":2166,"nodeType":1293},{},[],"How “good” they are at SaaS discovery really depends on what data they’re using, what they have access to within your environment, the quality of their proprietary datasets (breadth, depth, and timeliness of that data), and how they work with your existing data and tools. To help navigate this mess, we’re sharing some pros and cons of the categories of commercial tools on the market.",{"data":2168,"content":2169,"nodeType":1294},{},[2170],{"data":2171,"marks":2172,"value":2173,"nodeType":1293},{},[],"To determine which solution you need, you need to consider your tech stack, your specific needs, your risk tolerance, and your short and long term objectives. In this article, we’ll break down some major use cases and match them up with what solutions make the most sense to address them.",{"data":2175,"content":2176,"nodeType":1425},{},[2177],{"data":2178,"marks":2179,"value":2180,"nodeType":1293},{},[],"You’re a large enterprise interested in securing core SaaS platforms",{"data":2182,"content":2183,"nodeType":1294},{},[2184],{"data":2185,"marks":2186,"value":2187,"nodeType":1293},{},[],"\nWorking to only secure 20 or so core applications that have already been sanctioned by the security team? A cloud security posture management (CSPM) or SaaS security posture management (SSPM) solution might be the answer you’re looking for, particularly if you’re on the highest tier license for those apps. ",{"data":2189,"content":2190,"nodeType":1294},{},[2191],{"data":2192,"marks":2193,"value":2194,"nodeType":1293},{},[],"You can make the most of these tools during in-depth investigations or threat hunting exercises. Leverage them to enforce custom SaaS or cloud app policies as well. The caveat with this one is that you’ll need a fairly sophisticated security team to manage, customize, and run SSPM and CSPM tools.",{"data":2196,"content":2197,"nodeType":1294},{},[2198],{"data":2199,"marks":2200,"value":2201,"nodeType":1293},{},[],"An ideal environment for these solutions is one that has a full SOC capability so that you extend your existing security monitoring and threat hunting coverage into these core SaaS platforms. You’ll be able to secure a small handful of your business critical applications as long as they’re large and well-established platforms. ",{"data":2203,"content":2204,"nodeType":1294},{},[2205],{"data":2206,"marks":2207,"value":2208,"nodeType":1293},{},[],"The reason you’ll need top-level licenses and well-established SaaS platforms to make these solutions work is because they rely on API data from those SaaS platforms. Those mature APIs provide necessary information about those core apps that CSPMs and SSPMs use to provide security insights you need to manage the risks. Unfortunately, they won’t cover the dozens of smaller SaaS apps most organizations use, and are normally only available on top license tiers.",{"data":2210,"content":2211,"nodeType":1425},{},[2212],{"data":2213,"marks":2214,"value":2215,"nodeType":1293},{},[],"You’re a more traditional, on-prem enterprise interested in blocking unsanctioned SaaS",{"data":2217,"content":2218,"nodeType":1294},{},[2219],{"data":2220,"marks":2221,"value":2222,"nodeType":1293},{},[],"If your environment is traditional on-site internal networks and you have mature gateway monitoring technology in place already, a cloud access security broker (CASB) may be your best path to securing cloud apps. CASBs work best if you have no employees working from home or on the road or you’re forcing employees to only access work platforms and internet browsers through your corporate VPN.",{"data":2224,"content":2225,"nodeType":1294},{},[2226],{"data":2227,"marks":2228,"value":2229,"nodeType":1293},{},[],"CASBs typically pull network data such as DNS, SASE, VPN, proxy, and firewall logs. They may also require that you install an agent on each employees’ devices if you want coverage when they are out of the office. ",{"data":2231,"content":2232,"nodeType":1294},{},[2233,2237,2242],{"data":2234,"marks":2235,"value":2236,"nodeType":1293},{},[],"With those data sources, they provide good aggregate information about SaaS platforms that are accessed. What they ",{"data":2238,"marks":2239,"value":2241,"nodeType":1293},{},[2240],{"type":312},"can’t do well",{"data":2243,"marks":2244,"value":2245,"nodeType":1293},{},[]," is provide any insight into how the SaaS app is being used, by which employees (you typically get IP addresses not user names), and for what purpose - as an example, they are typically not able to tell the difference between opening a SaaS product’s homepage, or actually logging into the application - so you are going to have a fairly large number of false positives. ",{"data":2247,"content":2248,"nodeType":1294},{},[2249],{"data":2250,"marks":2251,"value":2252,"nodeType":1293},{},[],"A CASB also really makes sense if you’re forced into complying with strict regulatory requirements to block everything until you’re able to do an in-depth due diligence process on each app. If your goal (or need) is to block access to unknown, unvetted, or unsanctioned SaaS at the network level with no exceptions, a CASB might be for you.",{"data":2254,"content":2255,"nodeType":1425},{},[2256],{"data":2257,"marks":2258,"value":2259,"nodeType":1293},{},[],"You’re a cloud-native company who wants to enable SaaS without introducing too much risk",{"data":2261,"content":2262,"nodeType":1294},{},[2263],{"data":2264,"marks":2265,"value":2266,"nodeType":1293},{},[],"For cloud-native companies that need better coverage, and are looking for more nuanced controls than network-level blocking, a solution that discovers and secures SaaS through the browser is the way to go. Since employees access SaaS through their browser, it’s a logical step to collect data about who is using what apps through a browser extension. ",{"data":2268,"content":2269,"nodeType":1294},{},[2270],{"data":2271,"marks":2272,"value":2273,"nodeType":1293},{},[],"The browser approach lets you do true SaaS discovery - so you can find what employees are actually using (not just accessing) and then go about securing those apps. You also don’t need to do much in terms of managing a browser-based solution once it’s set up. It simply runs in the background and surfaces employee SaaS use data into a dashboard. ",{"data":2275,"content":2276,"nodeType":1294},{},[2277],{"data":2278,"marks":2279,"value":2280,"nodeType":1293},{},[],"By combining browser-level data and robust security APIs from those core business platforms that SSPMs typically tap into, you can get broad visibility of SaaS use in your company for those large in number, but less mature, more up-and-coming apps, and the depth of security data you need for those few core apps that most employees are using. ",{"data":2282,"content":2283,"nodeType":1294},{},[2284],{"data":2285,"marks":2286,"value":2287,"nodeType":1293},{},[],"The other key benefit of a browser-based approach for SaaS discovery is that you can get incredibly powerful data about who is using the app, how they’re using it, if they’re using security features such as MFA, if they’re reusing passwords across multiple apps, if they’re sharing passwords, when they’ve used it last, and so on. That data is critical when it comes to securing SaaS because the devil truly is in the details. ",{"data":2289,"content":2290,"nodeType":1294},{},[2291,2295,2304],{"data":2292,"marks":2293,"value":2294,"nodeType":1293},{},[],"If we’ve piqued your interest and you’re curious to see what we can discover about SaaS in your business, ",{"data":2296,"content":2298,"nodeType":2303},{"uri":2297},"https://login.pushsecurity.com/",[2299],{"data":2300,"marks":2301,"value":2302,"nodeType":1293},{},[],"try the free browser extension","hyperlink",{"data":2305,"marks":2306,"value":1600,"nodeType":1293},{},[],{"data":2308,"content":2309,"nodeType":1425},{},[2310],{"data":2311,"marks":2312,"value":2313,"nodeType":1293},{},[],"Consider their data sources  ",{"data":2315,"content":2316,"nodeType":1294},{},[2317],{"data":2318,"marks":2319,"value":2320,"nodeType":1293},{},[],"The critical thing to understand when you’re evaluating if a solution will work for you would be understanding what their data sources are, what weaknesses those data sources inherently have, and what aligns best with your goals. We’ve tried to surface some of that information within the use cases in this article.",{"data":2322,"content":2323,"nodeType":1294},{},[2324],{"data":2325,"marks":2326,"value":2327,"nodeType":1293},{},[],"So if you’re looking at an EDR that says they can discover SaaS usage, they’ll likely be leveraging endpoint data to detect SaaS use. If you’re looking at CASBs that integrate with your proxy, they’re probably looking at network level data – you get the idea.  ",{"data":2329,"content":2330,"nodeType":1425},{},[2331],{"data":2332,"marks":2333,"value":2334,"nodeType":1293},{},[],"Conclusion",{"data":2336,"content":2337,"nodeType":1294},{},[2338],{"data":2339,"marks":2340,"value":2341,"nodeType":1293},{},[],"To wrap this up, we’re going to summarize some key points and provide some questions to ask yourself, your team, or even the vendor of the solution you’re evaluating, as you consider what combination of efforts or what tool is right for you. ",{"data":2343,"content":2344,"nodeType":1294},{},[2345],{"data":2346,"marks":2347,"value":2349,"nodeType":1293},{},[2348],{"type":1356},"Does this solution provide SaaS discovery?",{"data":2351,"content":2352,"nodeType":1676},{},[2353,2363,2373],{"data":2354,"content":2355,"nodeType":1680},{},[2356],{"data":2357,"content":2358,"nodeType":1294},{},[2359],{"data":2360,"marks":2361,"value":2362,"nodeType":1293},{},[],"Will this tool find what SaaS apps employees are using, including those you don’t already know about? If so, how? ",{"data":2364,"content":2365,"nodeType":1680},{},[2366],{"data":2367,"content":2368,"nodeType":1294},{},[2369],{"data":2370,"marks":2371,"value":2372,"nodeType":1293},{},[],"Will the tool be able to differentiate between a user visiting a SaaS website, and actually logging into the app? How will it determine who the user is?",{"data":2374,"content":2375,"nodeType":1680},{},[2376],{"data":2377,"content":2378,"nodeType":1294},{},[2379],{"data":2380,"marks":2381,"value":2382,"nodeType":1293},{},[],"If the tool doesn’t provide you with SaaS discovery (finding Shadow IT and the apps employees are using that aren’t on your radar), how will you deal with those apps employees are using without your knowledge?",{"data":2384,"content":2385,"nodeType":1294},{},[2386],{"data":2387,"marks":2388,"value":2390,"nodeType":1293},{},[2389],{"type":1356},"Does the tool provide enough context so you can manage SaaS risk?",{"data":2392,"content":2393,"nodeType":1676},{},[2394,2404,2414],{"data":2395,"content":2396,"nodeType":1680},{},[2397],{"data":2398,"content":2399,"nodeType":1294},{},[2400],{"data":2401,"marks":2402,"value":2403,"nodeType":1293},{},[],"Are you getting context about how your users are using apps (are they logging in with social logins or passwords, do they have MFA enabled, are they admins on the app, etc.), or is it only providing generic information about the app?",{"data":2405,"content":2406,"nodeType":1680},{},[2407],{"data":2408,"content":2409,"nodeType":1294},{},[2410],{"data":2411,"marks":2412,"value":2413,"nodeType":1293},{},[],"How will you engage employees that already rely on these SaaS platforms, or want to adopt new apps, can you handle that though email or in-person - or do you need something more scalable?",{"data":2415,"content":2416,"nodeType":1680},{},[2417],{"data":2418,"content":2419,"nodeType":1294},{},[2420],{"data":2421,"marks":2422,"value":2423,"nodeType":1293},{},[],"Do you need the ability to apply progressive controls, or simply need the ability to block apps entirely?",{"data":2425,"content":2426,"nodeType":1294},{},[2427,2431,2439],{"data":2428,"marks":2429,"value":2430,"nodeType":1293},{},[],"\nIf you aren’t sure about these questions, why not consider what a ",{"data":2432,"content":2434,"nodeType":2303},{"uri":2433},"/product",[2435],{"data":2436,"marks":2437,"value":2438,"nodeType":1293},{},[],"user-powered security approach",{"data":2440,"marks":2441,"value":2442,"nodeType":1293},{},[]," might look like for your organization.","How to find the right SaaS security solution for your organization ","In this guide, we’ll break down some major SaaS use cases and match them up with solutions that can address them, covering pros and cons for each.\n","2022-07-25T00:00:00.000Z","how-to-find-the-right-saas-security-solution-for-your-organization",{"items":2448},[2449,2451],{"sys":2450,"name":1313},{"id":1312},{"sys":2452,"name":1317},{"id":1316},{"items":2454},[2455],{"fullName":2456,"firstName":2457,"jobTitle":2458,"profilePicture":2459},"Jacques Louw","Jacques","Co-founder / CRO",{"url":2460},"https://images.ctfassets.net/y1cdw1ablpvd/39m8bektV23lnCRcEq0G8h/2a08f6276a50744f1a4b499b273f6bb2/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-21.jpg",{"items":2462},[2463],{"fullName":2464,"firstName":2465,"jobTitle":2466,"profilePicture":2467},"Sally Soulliere","Sally","Head of Brand & Content",{"url":2468},"https://images.ctfassets.net/y1cdw1ablpvd/7Gh4SbbEj6Zsbd6OzGto8Q/885041a4ddeccc5ef3045c0e22975ef4/T016S22KZ96-U036FPETQRH-330f87708d26-192.jpeg",{"json":2470,"links":2900},{"nodeType":1302,"data":2471,"content":2472},{},[2473,2480,2487,2494,2501,2508,2515,2522,2529,2536,2543,2550,2557,2563,2570,2577,2584,2591,2598,2605,2612,2619,2626,2633,2640,2647,2653,2660,2680,2687,2694,2701,2708,2715,2722,2729,2736,2743,2759,2775,2782,2789,2796,2803,2810,2817,2824,2831,2838,2845,2852,2859,2866,2873,2880],{"nodeType":1396,"data":2474,"content":2475},{},[2476],{"nodeType":1293,"value":2477,"marks":2478,"data":2479},"Introduction",[],{},{"nodeType":1294,"data":2481,"content":2482},{},[2483],{"nodeType":1293,"value":2484,"marks":2485,"data":2486},"SaaS applications have made it incredibly easy for users to quickly sign up and adopt their tools independently. As a result, employees are signing up for the tools they need on their own, without IT approval.  This is a great thing as it allows businesses to embrace innovation and employees to move quickly and be more productive. But the cost of this digital transformation is the emergence of shadow IT. ",[],{},{"nodeType":1294,"data":2488,"content":2489},{},[2490],{"nodeType":1293,"value":2491,"marks":2492,"data":2493},"So, what exactly is shadow IT? ",[],{},{"nodeType":1294,"data":2495,"content":2496},{},[2497],{"nodeType":1293,"value":2498,"marks":2499,"data":2500},"In this article, we’ll define shadow IT and shadow SaaS and talk through some of the serious security risks associated with it and give some actionable guidance on how to manage both shadow IT and its risks. ",[],{},{"nodeType":1294,"data":2502,"content":2503},{},[2504],{"nodeType":1293,"value":2505,"marks":2506,"data":2507},"We’ll be focusing primarily on shadow SaaS, since this is a newer area that organizations need to address with new security methods, policies and tools. ",[],{},{"nodeType":1396,"data":2509,"content":2510},{},[2511],{"nodeType":1293,"value":2512,"marks":2513,"data":2514},"What is shadow IT?",[],{},{"nodeType":1294,"data":2516,"content":2517},{},[2518],{"nodeType":1293,"value":2519,"marks":2520,"data":2521},"Shadow IT is the use of technology, software, applications, or devices within an organization that hasn’t been explicitly approved or given oversight from IT and/or security teams. Usually, individual employees or teams have adopted these tools to streamline processes, enhance productivity, or address specific needs.",[],{},{"nodeType":1294,"data":2523,"content":2524},{},[2525],{"nodeType":1293,"value":2526,"marks":2527,"data":2528},"This article specifically focuses on the SaaS applications portion of shadow IT, also known as “shadow SaaS.”",[],{},{"nodeType":1396,"data":2530,"content":2531},{},[2532],{"nodeType":1293,"value":2533,"marks":2534,"data":2535},"What is shadow SaaS?",[],{},{"nodeType":1294,"data":2537,"content":2538},{},[2539],{"nodeType":1293,"value":2540,"marks":2541,"data":2542},"Shadow SaaS is a subset of shadow IT, specifically focused on — you guessed it — SaaS apps. Shadow SaaS are the SaaS and cloud applications used within an organization without the explicit knowledge or approval of the company’s IT department. ",[],{},{"nodeType":1294,"data":2544,"content":2545},{},[2546],{"nodeType":1293,"value":2547,"marks":2548,"data":2549},"These unmanaged services and apps are added to the company’s attack surface when employees or teams subscribe to and use SaaS applications on their own, bypassing official IT procurement and security processes. ",[],{},{"nodeType":1396,"data":2551,"content":2552},{},[2553],{"nodeType":1293,"value":2554,"marks":2555,"data":2556},"What are the risks of shadow SaaS?",[],{},{"nodeType":1367,"data":2558,"content":2562},{"target":2559},{"sys":2560},{"id":2561,"type":1372,"linkType":1373},"1WaBhoYHNKLEYTxjuCdhon",[],{"nodeType":1425,"data":2564,"content":2565},{},[2566],{"nodeType":1293,"value":2567,"marks":2568,"data":2569},"Bugs and vulnerabilities ",[],{},{"nodeType":1294,"data":2571,"content":2572},{},[2573],{"nodeType":1293,"value":2574,"marks":2575,"data":2576},"The SaaS applications and cloud services that fall under shadow IT don’t always go through proper security testing and assessments. ",[],{},{"nodeType":1294,"data":2578,"content":2579},{},[2580],{"nodeType":1293,"value":2581,"marks":2582,"data":2583},"Many may be bootstrapped tools or apps that are only managed by very small teams and startups who are primarily focused on adding product features, not security features.",[],{},{"nodeType":1294,"data":2585,"content":2586},{},[2587],{"nodeType":1293,"value":2588,"marks":2589,"data":2590},"That means some bugs and vulnerabilities may exist that attackers can exploit to gain access to the sensitive data stored within the app or to gain a foothold into your business by moving laterally through your attack surface.  ",[],{},{"nodeType":1294,"data":2592,"content":2593},{},[2594],{"nodeType":1293,"value":2595,"marks":2596,"data":2597},"There’s always a risk of bugs and vulnerabilities, but the risk is higher when the vendor isn’t investing in security.",[],{},{"nodeType":1425,"data":2599,"content":2600},{},[2601],{"nodeType":1293,"value":2602,"marks":2603,"data":2604},"Data loss and potential compliance violations ",[],{},{"nodeType":1294,"data":2606,"content":2607},{},[2608],{"nodeType":1293,"value":2609,"marks":2610,"data":2611},"The issue with shadow SaaS is that the security team has no knowledge that the platform or app is being used in the company, so they have no idea where company data is being stored. ",[],{},{"nodeType":1294,"data":2613,"content":2614},{},[2615],{"nodeType":1293,"value":2616,"marks":2617,"data":2618},"Without knowing which third-parties have access to company data, the security team aren’t aware what sensitive data could be exposed to attackers. Data leaks, supply chain, and third-party risks are the biggest security issues that result from shadow IT and shadow SaaS. ",[],{},{"nodeType":1294,"data":2620,"content":2621},{},[2622],{"nodeType":1293,"value":2623,"marks":2624,"data":2625},"When it comes to compliance,  you may find you’re not actually complying with data privacy regulations as well as you thought. More and more regulatory compliance standards are enforcing up-to-date SaaS application inventories along with their third-party supplier checklists these days.",[],{},{"nodeType":1425,"data":2627,"content":2628},{},[2629],{"nodeType":1293,"value":2630,"marks":2631,"data":2632},"Lack of support",[],{},{"nodeType":1294,"data":2634,"content":2635},{},[2636],{"nodeType":1293,"value":2637,"marks":2638,"data":2639},"When the IT team doesn’t know which SaaS apps the team is using, they can’t provide support with the tool, when needed. That leaves employees feeling stranded and frustrated as they struggle to troubleshoot on their own. This may even lead to employees being blocked on projects they’re relying on the SaaS app to help with.",[],{},{"nodeType":1396,"data":2641,"content":2642},{},[2643],{"nodeType":1293,"value":2644,"marks":2645,"data":2646},"How to manage shadow IT risks",[],{},{"nodeType":1367,"data":2648,"content":2652},{"target":2649},{"sys":2650},{"id":2651,"type":1372,"linkType":1373},"4CSBmlPhd3rc74ohqIVX9N",[],{"nodeType":1425,"data":2654,"content":2655},{},[2656],{"nodeType":1293,"value":2657,"marks":2658,"data":2659},"Visibility ",[],{},{"nodeType":1294,"data":2661,"content":2662},{},[2663,2667,2676],{"nodeType":1293,"value":2664,"marks":2665,"data":2666},"To properly secure your data and that of your customers, you need to have visibility into all the SaaS applications employees are using, including free trials and apps they’re just testing. We’ve written ",[],{},{"nodeType":2303,"data":2668,"content":2670},{"uri":2669},"https://pushsecurity.com/blog/free-and-trial-saas-applications-are-even-riskier-than-paid-apps/",[2671],{"nodeType":1293,"value":2672,"marks":2673,"data":2675},"an article",[2674],{"type":1597},{},{"nodeType":1293,"value":2677,"marks":2678,"data":2679}," on how to manage the security challenges of freemium and trial apps that’s worth exploring further.",[],{},{"nodeType":1294,"data":2681,"content":2682},{},[2683],{"nodeType":1293,"value":2684,"marks":2685,"data":2686},"There are plenty of modern tools on the market that focus on discovering the SaaS applications and cloud services employees in your company are using. Most also have some level of risk-based data for the apps people are using, so you can make better security decisions about the shadow IT you uncover.",[],{},{"nodeType":1425,"data":2688,"content":2689},{},[2690],{"nodeType":1293,"value":2691,"marks":2692,"data":2693},"Consolidate shadow IT and cloud-based applications",[],{},{"nodeType":1294,"data":2695,"content":2696},{},[2697],{"nodeType":1293,"value":2698,"marks":2699,"data":2700},"Once security and IT teams know about and have an accurate inventory of all the SaaS apps in use (those previously considered “shadow IT” or “shadow SaaS”), they can encourage teams to consolidate their SaaS tools. ",[],{},{"nodeType":1294,"data":2702,"content":2703},{},[2704],{"nodeType":1293,"value":2705,"marks":2706,"data":2707},"For IT and Security, consolidating apps is a huge win because they can focus on making sure that short-list of tools is secure enough for them to continue to use them.",[],{},{"nodeType":1294,"data":2709,"content":2710},{},[2711],{"nodeType":1293,"value":2712,"marks":2713,"data":2714},"For the rest of the company, working within the same tools can aid in collaboration, clear communication and status for ongoing projects.",[],{},{"nodeType":1294,"data":2716,"content":2717},{},[2718],{"nodeType":1293,"value":2719,"marks":2720,"data":2721},"And, of course, Finance will love spending less money on a sea of disparate tools and consolidating the spend on the SaaS applications that are regularly used by the wider team.",[],{},{"nodeType":1425,"data":2723,"content":2724},{},[2725],{"nodeType":1293,"value":2726,"marks":2727,"data":2728},"Offer secure alternatives",[],{},{"nodeType":1294,"data":2730,"content":2731},{},[2732],{"nodeType":1293,"value":2733,"marks":2734,"data":2735},"To consolidate SaaS apps and rein in shadow IT, you’ll need to offer alternative solutions that will solve the problems employees have. Work with them to understand the use cases they’re solving with these apps, identify their requirements, and provide a few tools you’ve already vetted which still serve their needs but are more secure or have security features like SAML SSO so you can tuck them behind your existing SSO solution. ",[],{},{"nodeType":1425,"data":2737,"content":2738},{},[2739],{"nodeType":1293,"value":2740,"marks":2741,"data":2742},"Safely embrace shadow IT",[],{},{"nodeType":1294,"data":2744,"content":2745},{},[2746,2750,2755],{"nodeType":1293,"value":2747,"marks":2748,"data":2749},"We’re not suggesting that security and information technology teams throw their hands up and say “shadow IT will happen and we can’t control it,” but we ",[],{},{"nodeType":1293,"value":2751,"marks":2752,"data":2754},"are ",[2753],{"type":312},{},{"nodeType":1293,"value":2756,"marks":2757,"data":2758},"suggesting that they consider a mindset that balances the needs of the team and their own need to control the security of sensitive information and the organization. ",[],{},{"nodeType":1294,"data":2760,"content":2761},{},[2762,2766,2771],{"nodeType":1293,"value":2763,"marks":2764,"data":2765},"New technologies exist that can help you uncover shadow IT so you can get involved in the software adoption process early on. This will give you the advantage of working with employees to understand why they’re using the tool ",[],{},{"nodeType":1293,"value":2767,"marks":2768,"data":2770},"before they’ve fully adopted it",[2769],{"type":312},{},{"nodeType":1293,"value":2772,"marks":2773,"data":2774}," and become dependent on it. This will also give you more time to risk assess the app once it’s clear that the employee or team needs it. ",[],{},{"nodeType":1294,"data":2776,"content":2777},{},[2778],{"nodeType":1293,"value":2779,"marks":2780,"data":2781},"Some modern SaaS security solutions also help you enable security features like multi-factor authentication (MFA) and guide employees to use strong, unique passwords or social logins (“Login with your Google account” or “Login with Microsoft 365 account”), at the account level. These small, but powerful SaaS account security actions raise the bar for attackers, making it much harder for them to gain a foothold into your systems via an employee’s SaaS account.",[],{},{"nodeType":1396,"data":2783,"content":2784},{},[2785],{"nodeType":1293,"value":2786,"marks":2787,"data":2788},"This is a solvable problem",[],{},{"nodeType":1294,"data":2790,"content":2791},{},[2792],{"nodeType":1293,"value":2793,"marks":2794,"data":2795},"Shadow IT introduces security risks, sometimes serious security risks, but there’s no stopping it — even if Security goes the route of blocking access to SaaS apps that they haven’t yet approved or sanctioned employees will work around these security policies to gain access to the tools they need to do their jobs. ",[],{},{"nodeType":1294,"data":2797,"content":2798},{},[2799],{"nodeType":1293,"value":2800,"marks":2801,"data":2802},"The biggest reasons employees engage in this behavior is to streamline their work and, often, to collaborate with one another in a remote-work environment. Cloud apps enable these things really well, which is why they’re so popular.",[],{},{"nodeType":1294,"data":2804,"content":2805},{},[2806],{"nodeType":1293,"value":2807,"marks":2808,"data":2809},"But shadow IT doesn’t have to be a completely uncontrolled disaster, either. With visibility, security and IT teams can be a powerful ally for the business and a trusted partner for employees, rather than taking on the role of draconian authoritarian. Security teams no longer have to be the Department of No and, in fact, by changing this mindset, Security may find that they have more pull with business leaders within the company.",[],{},{"nodeType":1294,"data":2811,"content":2812},{},[2813],{"nodeType":1293,"value":2814,"marks":2815,"data":2816},"By working with employees, rather than against them, Security and IT become “enablers of the business,” which typically resonates with higher ups. If helping to streamline the cloud-based services the company uses doesn’t get them excited, saving the company money by consolidating tools certainly will.",[],{},{"nodeType":1425,"data":2818,"content":2819},{},[2820],{"nodeType":1293,"value":2821,"marks":2822,"data":2823},"Shadow IT is a visibility problem, not a technology one ",[],{},{"nodeType":1294,"data":2825,"content":2826},{},[2827],{"nodeType":1293,"value":2828,"marks":2829,"data":2830},"The issue with shadow IT isn’t that it exists, it’s that these SaaS apps exist outside of the IT department and security team’s remit — they just don’t know about them. By discovering the apps employees are using, they can integrate these SaaS apps safely into the company’s SaaS estate, alongside all the other tools in the tech stack.",[],{},{"nodeType":1425,"data":2832,"content":2833},{},[2834],{"nodeType":1293,"value":2835,"marks":2836,"data":2837},"Shift IT department and security team mindsets to make an impact",[],{},{"nodeType":1294,"data":2839,"content":2840},{},[2841],{"nodeType":1293,"value":2842,"marks":2843,"data":2844},"Security and IT need to be approachable and transparent with employees as the first step, rather than shaming them for their behavior. They’re not gleefully going behind the information technology team’s back for fun, they’re trying to get their work done quickly. ",[],{},{"nodeType":1294,"data":2846,"content":2847},{},[2848],{"nodeType":1293,"value":2849,"marks":2850,"data":2851},"Asking employees to shift from hiding these SaaS apps from you to being transparent that they’re using them requires a level of mutual trust and respect.  ",[],{},{"nodeType":1425,"data":2853,"content":2854},{},[2855],{"nodeType":1293,"value":2856,"marks":2857,"data":2858},"Become a partner to improve security",[],{},{"nodeType":1294,"data":2860,"content":2861},{},[2862],{"nodeType":1293,"value":2863,"marks":2864,"data":2865},"You will, of course, still have some SaaS apps that are outright not approved because they’re too high-risk for the company’s security policies and, in that case, you’ll want to offer one of those safer alternatives that we mentioned above and offer that as a replacement to users who were using the risky, unsafe tool. ",[],{},{"nodeType":1294,"data":2867,"content":2868},{},[2869],{"nodeType":1293,"value":2870,"marks":2871,"data":2872},"This is much easier to do when you’re seen as a collaborative, friendly team that’s doing the best thing for the company than when you’re the enforcer of rules and policies, which restrict them at every turn. ",[],{},{"nodeType":1294,"data":2874,"content":2875},{},[2876],{"nodeType":1293,"value":2877,"marks":2878,"data":2879},"Building a strong relationship with employees (or repairing the relationship if you’ve previously been seen as the Department of No), takes work and a major shift in the security team’s mindset, but the ramifications are far reaching. By considering how employees feel about the security team and IT department’s decisions, both teams win. The end result should never be that employees make security decisions, however their needs for getting their jobs done needs to be considered as security measures are put in place.",[],{},{"nodeType":1294,"data":2881,"content":2882},{},[2883,2887,2896],{"nodeType":1293,"value":2884,"marks":2885,"data":2886},"The National Cyber Security Centre (NCSC) posted ",[],{},{"nodeType":2303,"data":2888,"content":2890},{"uri":2889},"https://www.ncsc.gov.uk/guidance/shadow-it#:~:text=Avoid%20unnecessary%20lockdowns%20of%20enterprise%20IT",[2891],{"nodeType":1293,"value":2892,"marks":2893,"data":2895},"a great article",[2894],{"type":1597},{},{"nodeType":1293,"value":2897,"marks":2898,"data":2899}," on this topic if you’d like to explore further.",[],{},{"entries":2901},{"hyperlink":2902,"inline":2903,"block":2904},[],[],[2905,2913],{"sys":2906,"__typename":2907,"title":2908,"caption":118,"layoutMode":118,"file":2909},{"id":2561},"Image","Risks of Shadow IT",{"url":2910,"width":2911,"height":2912},"https://images.ctfassets.net/y1cdw1ablpvd/3WlIBBrP9U8eDeTAwWfL3L/fbc2e7e0392831aae6ff392ac4b85507/Screenshot_2023-08-30_at_9.24.03_AM.png",1584,888,{"sys":2914,"__typename":2907,"title":2915,"caption":118,"layoutMode":118,"file":2916},{"id":2651},"How to manage shadow IT risk",{"url":2917,"width":2918,"height":2919},"https://images.ctfassets.net/y1cdw1ablpvd/6FSkByMYm70r9KLtBBe4n/20c82e55c1b219ffcd80cb79c265a881/Screenshot_2023-08-30_at_9.23.46_AM.png",1588,890,"content:blog:understanding-shadow-it.json","json","content","blog/understanding-shadow-it.json","blog/understanding-shadow-it",1776359991255]