[{"data":1,"prerenderedAt":3230},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":95,"navbar-about-highlight":155,"navbar-resource-highlight":211,"use-case-page":256,"blog/what-are-shadow-identities":1276},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8,59,76],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":14,"data":15,"variations":50,"lastUpdated":51,"firstPublished":52,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":54,"meta":55,"rev":58},1742213002749,"efff2a27faf4408e9f908eba4b5542fe","inductive-automation","1c6207a5f24948ab82d4a0b17f251193","published",[],{"testimonial":16,"description":43,"type":19,"link":44,"title":47,"testimonialLink":48,"image":49},{"@type":17,"id":18,"model":19,"value":20},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79","testimonial",{"query":21,"folders":22,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":26,"variations":30,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":35,"rev":42},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":27,"jobTitle":28,"quote":24,"image":29},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,1,"ST0tXQM8slWpFrmioqKHmENB2qe2",{"kind":36,"lastPreviewUrl":37,"breakpoints":38,"hasAutosaves":41},"data","",{"small":39,"medium":40},640,768,true,"3v32gocrrqz","Join the industry's top security minds as they break down the browser attack landscape.",{"url":45,"text":46},"https://pushsecurity.com/webinar/state-of-browser-security","Save Your Spot","State of Browser Attacks Series","/customer-stories/inductive-automation","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe94fca10aa7b46ac8052b7ea22de54cd",{},1776257019270,1742221533648,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2",[],{"breakpoints":56,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},320,"motto9r9yg",{"createdDate":60,"id":61,"name":62,"modelId":12,"published":13,"query":63,"data":64,"variations":69,"lastUpdated":70,"firstPublished":71,"testRatio":33,"createdBy":53,"lastUpdatedBy":72,"folders":73,"meta":74,"rev":58},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner",[],{"type":65,"url":66,"text":67,"link":68},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,"jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":36,"lastPreviewUrl":37,"breakpoints":75,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},{"createdDate":77,"id":78,"name":79,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":80,"data":81,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":92,"meta":93,"rev":58},1742208469288,"6763051b201f44a0838c6400c580ca67","Resource highlight",[],{"image":82,"type":83,"description":84,"link":85,"title":88},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9","resource","Learn about the latest techniques being used in the wild.",{"url":86,"text":87},"/resources/browser-attacks-report","Download now","Report: 2026 Browser Attack Techniques",{},1776255866789,1742208570400,[],{"kind":36,"lastPreviewUrl":37,"breakpoints":94,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},{"createdDate":96,"id":97,"name":98,"modelId":99,"published":13,"query":100,"data":101,"variations":145,"lastUpdated":146,"firstPublished":147,"testRatio":33,"createdBy":34,"lastUpdatedBy":148,"folders":149,"meta":150,"rev":154},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":102,"text":103,"url":37,"blocks":104,"state":141},"ewrererw","testrfesssssssssss",[105,129],{"@type":106,"@version":107,"id":108,"component":109,"responsiveStyles":119},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":110,"tag":110,"options":111,"isRSC":118},"TopBannerContent",{"text":112,"ctaText":46,"url":45,"mainText":113,"cta":116},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks",{"content":114,"fontSize":115},"\u003Cp>New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks\u003C/p>","text-base",{"content":117,"fontSize":115,"url":45},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">Save Your Spot\u003C/strong>\u003C/p>\n",null,{"large":120},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"marginTop":126,"marginBottom":126,"fontSize":127,"fontWeight":128},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":130,"@type":106,"tagName":131,"properties":132,"responsiveStyles":136},"builder-pixel-08zrjigffq5t","img",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":137},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},"block","hidden","none",{"deviceSize":142,"location":143},"large",{"path":37,"query":144},{},{},1775137295127,1774968080803,"ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"breakpoints":151,"hasLinks":6,"kind":152,"lastPreviewUrl":153,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","2lvuonnywj",[156,180],{"createdDate":157,"id":158,"name":159,"modelId":160,"published":13,"stageModifiedSincePublish":6,"query":161,"data":162,"variations":173,"lastUpdated":174,"firstPublished":175,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":176,"meta":177,"rev":179},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":163,"type":19,"testimonialLink":48,"testimonial":164},{},{"@type":17,"id":18,"model":19,"value":165},{"query":166,"folders":167,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":168,"variations":169,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":170,"rev":172},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":171,"hasAutosaves":41},{"small":39,"medium":40},"7t755zfvte3",{},1776247404986,1776247404973,[],{"breakpoints":178,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"4moh0qpywtr",{"createdDate":181,"id":182,"name":88,"modelId":160,"published":13,"meta":183,"stageModifiedSincePublish":6,"query":185,"data":186,"variations":207,"lastUpdated":208,"firstPublished":209,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":210,"rev":179},1776255761419,"05a9322735fc427db12e2740e4302300",{"breakpoints":184,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":187,"link":206,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":189},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":190,"folders":191,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":194,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":203,"rev":205},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":36,"lastPreviewUrl":37,"breakpoints":204,"hasAutosaves":41},{"small":39,"medium":40},"6s8ic0w0ao6",{"text":87,"url":86},{},1776255810913,1776255810900,[],[212,235],{"createdDate":213,"id":214,"name":88,"modelId":215,"published":13,"meta":216,"stageModifiedSincePublish":6,"query":218,"data":219,"variations":230,"lastUpdated":231,"firstPublished":232,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":233,"rev":234},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":217,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[],{"testimonial":220,"link":229,"type":83,"title":88,"description":84,"image":82},{"@type":17,"id":188,"model":19,"value":221},{"query":222,"folders":223,"createdDate":192,"id":188,"name":193,"modelId":25,"published":13,"data":224,"variations":225,"lastUpdated":201,"firstPublished":202,"testRatio":33,"createdBy":34,"lastUpdatedBy":53,"meta":226,"rev":228},[],[],{"video":195,"jobTitle":196,"author":197,"qoute":37,"quote":198,"image":199},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":227,"hasAutosaves":41},{"small":39,"medium":40},"r77qqueuo3j",{"text":87,"url":86},{},1776256937553,1776256937540,[],"q0jkez80wkg",{"createdDate":236,"id":237,"name":11,"modelId":215,"published":13,"stageModifiedSincePublish":6,"query":238,"data":239,"variations":250,"lastUpdated":251,"firstPublished":252,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":253,"meta":254,"rev":234},1776256949234,"ce043785b71b4ece98eac811ecf4ba10",[],{"link":240,"type":19,"testimonial":241,"testimonialLink":48},{},{"@type":17,"id":18,"model":19,"value":242},{"query":243,"folders":244,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":245,"variations":246,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":247,"rev":249},[],[],{"author":27,"jobTitle":28,"quote":24,"image":29},{},{"kind":36,"lastPreviewUrl":37,"breakpoints":248,"hasAutosaves":41},{"small":39,"medium":40},"mnaneamy308",{},1776256974140,1776256974130,[],{"breakpoints":255,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},[257,441,560,679,797,917,1037,1157],{"createdDate":258,"id":259,"name":260,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":262,"data":268,"variations":429,"lastUpdated":430,"firstPublished":431,"testRatio":33,"screenshot":432,"createdBy":34,"lastUpdatedBy":433,"folders":434,"meta":435,"rev":440},1744829487099,"387451215c314dd5bd654668cdc1a197","Zero-day phishing","cca4143377554c5a9163cc203a8ed2ba",[263],{"@type":264,"property":265,"operator":266,"value":267},"@builder.io/core:Query","urlPath","is","/uc/zero-day-phishing-protection",{"inputs":269,"customFonts":270,"seoTitle":318,"title":318,"tsCode":37,"seoDescription":319,"fontAwesomeIcon":320,"jsCode":37,"blocks":321,"url":267,"state":426},[],[271],{"family":272,"kind":273,"version":274,"lastModified":275,"files":276,"category":295,"menu":296,"subsets":297,"variants":300},"DM Sans","webfonts#webfont","v14","2023-07-13",{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"900italic":286,"700italic":287,"100italic":288,"italic":289,"regular":290,"200italic":291,"500italic":292,"300italic":293,"600italic":294},"https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAop1hTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwA_JxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAkJxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAfJthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwARZthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAC5thTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8gCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9uCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDG3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-7DW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat_XDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9XCm3zRmYJpso5.ttf","sans-serif","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRT23z.ttf",[298,299],"latin","latin-ext",[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"100","200","300","regular","500","600","800","900","100italic","200italic","300italic","italic","500italic","600italic","700italic","800italic","900italic","Zero-day phishing protection","Detect phishing TTPs directly in the browser and stop credential theft.","faFishingRod",[322,421],{"@type":106,"@version":107,"tagName":323,"id":324,"children":325},"div","builder-76c6b8d1499346c7bc1fd56ae4e93638",[326,343,351,358,370,385,396,407,413],{"@type":106,"@version":107,"layerName":327,"id":328,"component":329,"responsiveStyles":340},"UseCaseHero","builder-5228fe062bef4a40a91e43f1112832fa",{"name":327,"options":330,"isRSC":118},{"title":318,"description":331,"points":332,"video":339},"\u003Cp>Push detects phishing as it happens. Autonomous agents hunt for new phishing techniques, identify kit signatures, and deploy detections within minutes of a new attack being analyzed. From cloned login pages to AiTM credential harvesting, Push sees what traditional filters miss and stops threats before they escalate.\u003C/p>",[333,335,337],{"item":334},"Detect phishing that bypasses traditional filters, including AiTM, SSO password theft, and fake login pages",{"item":336},"Stop never-before-seen attacks with AI-native behavioral and on-page analysis inside the browser",{"item":338},"Investigate faster with unified browser, user, and page context","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F40433ceeb4f94b43a82e039a0f4fd411%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=40433ceeb4f94b43a82e039a0f4fd411&alt=media&optimized=true",{"large":341},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},"transparent",{"@type":106,"@version":107,"id":344,"component":345,"responsiveStyles":348},"builder-96634044407e491299e291ed64669e39",{"name":346,"options":347,"isRSC":118},"TrustedBy",{"AllPartners":41,"backgroundTransparent":6},{"large":349},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},"#000",{"@type":106,"@version":107,"id":352,"component":353,"responsiveStyles":356},"builder-2c3768f930534557bb8978e32b6a6a0f",{"name":354,"options":355,"isRSC":118},"Diagonal",{"darkMode":41},{"large":357},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":360,"component":361,"responsiveStyles":368},"TextImageBlockVertical","builder-7c3c1c2840424db2ad2ccbfaf382dd64",{"name":359,"tag":359,"options":362,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":365,"description":366,"animatedTitle":37,"image":367,"reverse":6,"descriptionPaddingHorizontal":118},1200,800,"\u003Ch2>Why stop at the inbox?\u003C/h2>","\u003Cp>Phishing attacks have evolved. Whether attackers lure users with QR codes, instant messages, or OAuth consent screens, the outcome is the same: it plays out in the browser. Push gives you real-time detection for in-browser threats, stopping phishing and consent-based attacks before they lead to compromise\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7fdcac241f0e4a049166d7076858adeb",{"large":369},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":371,"component":372,"responsiveStyles":380},"builder-41c978b3669749cf947e622b4e79e4d7",{"name":373,"options":374,"isRSC":118},"TextImageBlockHorizontal",{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":377,"description":378,"reverse":41,"image":379},600,100,"\u003Cp>Detect phishing at the edge\u003C/p>","\u003Cp>Push uses industry-first telemetry to detect phishing based on behavior, not static indicators. Autonomous agents analyze how phishing pages behave and how users interact with them, uncovering fake logins, credential theft, and phishing kits the moment they load in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9df3d180c97b4e61af142af2ccd68721",{"large":381},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},"DM Sans, sans-serif","20px","0px",{"@type":106,"@version":107,"id":386,"component":387,"responsiveStyles":393},"builder-d2a7bc941feb43cdb898bc116b203cf9",{"name":373,"options":388,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":390,"description":391,"reverse":6,"image":392},120,"\u003Ch2>Go beyond blocklists and IOCs\u003C/h2>","\u003Cp>Push goes beyond URLs and easy-to-change indicators. It reads the full phishing playbook like script behavior, session hijacks, DOM changes, user inputs, then connects the dots in real time. This gives your team a complete picture of how the phishing attempt worked, not just an alert.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabfd58db169b433e96d3f1261797156e",{"large":394},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},"36px",{"@type":106,"@version":107,"layerName":373,"id":397,"component":398,"responsiveStyles":404},"builder-42c32198083f4880acb37c5cb76934da",{"name":373,"options":399,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":401,"description":402,"reverse":41,"image":403},140,"\u003Ch2>Enhance your phishing response\u003C/h2>","\u003Cp>When phishing enters your environment, speed matters. Push gives you instant access to the telemetry that counts like session data, user behavior, and page activity, so you can investigate fast, trigger in-browser prompts, or forward alerts to your SIEM or SOAR for response. All in real time, right from the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbb195aec46904056b85e8688629e558e",{"large":405},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},"47px",{"@type":106,"@version":107,"id":408,"component":409,"responsiveStyles":411},"builder-9a95b9cbc4854421a92ef7b90f6c7adb",{"name":354,"options":410,"isRSC":118},{"darkMode":6},{"large":412},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":414,"component":415,"responsiveStyles":419},"builder-0afa17a9f25c4661a90f314d5578aa18",{"name":416,"tag":416,"options":417,"isRSC":118},"LatestResources",{"sectionHeading":37,"customClass":418},"bg-black",{"large":420},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":422,"@type":106,"tagName":131,"properties":423,"responsiveStyles":424},"builder-pixel-21yj6h3p4wh",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":425},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":427},{"path":37,"query":428},{},{},1776275046831,1745499158657,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fff60c30a8442489c8ed7e0af9599d14f","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"lastPreviewUrl":436,"winningTest":118,"breakpoints":437,"kind":438,"hasLinks":6,"originalContentId":439,"hasAutosaves":6},"https://pushsecurity.com/uc/zero-day-phishing-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=387451215c314dd5bd654668cdc1a197&builder.overrides.387451215c314dd5bd654668cdc1a197=387451215c314dd5bd654668cdc1a197&builder.overrides.use-case-page:/uc/zero-day-phishing-protection=387451215c314dd5bd654668cdc1a197&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},"page","2daa5670b8504fc7ba4700633e8bd921","atvz4dp24b7",{"createdDate":442,"id":443,"name":444,"modelId":261,"published":13,"stageModifiedSincePublish":6,"query":445,"data":448,"variations":552,"lastUpdated":553,"firstPublished":554,"testRatio":33,"screenshot":555,"createdBy":34,"lastUpdatedBy":433,"folders":556,"meta":557,"rev":440},1756833377777,"54f8256648f54d439303734b1e69221b","Browser extension security",[446],{"@type":264,"property":265,"operator":266,"value":447},"/uc/browser-extension-security",{"seoDescription":449,"jsCode":37,"fontAwesomeIcon":450,"tsCode":37,"title":444,"seoTitle":444,"customFonts":451,"inputs":456,"blocks":457,"url":447,"state":549},"Shine a light on risky browser extensions.","faPuzzlePiece",[452],{"kind":273,"family":272,"version":274,"files":453,"category":295,"lastModified":275,"subsets":454,"variants":455,"menu":296},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"100italic":288,"italic":289,"regular":290,"900italic":286,"800italic":285,"700italic":287,"200italic":291,"300italic":293,"500italic":292,"600italic":294},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],[],[458,544],{"@type":106,"@version":107,"tagName":323,"id":459,"meta":460,"children":461},"builder-71d0648c1d2f4ede8d0d0b5b28b7b94c",{"previousId":324},[462,478,485,492,501,511,521,531,538],{"@type":106,"@version":107,"id":463,"meta":464,"component":465,"responsiveStyles":476},"builder-ff325b4b8fad4edea53f38865947e854",{"previousId":328},{"name":327,"options":466,"isRSC":118},{"title":444,"description":467,"points":468,"video":475},"\u003Cp>Browser extensions introduce new code, new permissions, and new potential for risk. Many include AI features, and most go completely unnoticed. Push gives you full visibility into every extension used across your workforce, across major browsers, so you can uncover shadow IT, assess risky permissions, and block unsafe tools before they lead to compromise.\u003C/p>",[469,471,473],{"item":470},"Discover every browser extension in use",{"item":472},"Spot risky or unsanctioned behavior",{"item":474},"Make informed decisions on extension policy","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc538aad95d7f403aa3c3551af72f67c0?alt=media&token=1411fa6d-2eac-4e6c-94bf-ea117da12d67&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",{"large":477},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":479,"meta":480,"component":481,"responsiveStyles":483},"builder-fb89d128c64e47cf9cbb11d90fc24523",{"previousId":344},{"name":346,"options":482,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":484},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":486,"meta":487,"component":488,"responsiveStyles":490},"builder-54388d35126c4d0096eeebaf8c4448cd",{"previousId":352},{"name":354,"options":489,"isRSC":118},{"darkMode":41},{"large":491},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":359,"id":493,"component":494,"responsiveStyles":499},"builder-3c8fa6785dd6466abf52a2470d66d85a",{"name":359,"tag":359,"options":495,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":496,"description":497,"image":498,"reverse":6},"\u003Ch2>Take control of browser extensions\u003C/h2>","\u003Cp>Attackers are increasingly using malicious browser extensions to gain access to data processed and stored in the browser. And the problem is, most security teams have no visibility into what extensions are being used. Push changes that. With browser-native telemetry, the Push extension continuously inventories browser extensions across your environment, flags the risky ones, and gives you intelligence to act. \u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0a004f16a6874f4c8fdf14344acc9fec",{"large":500},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":502,"meta":503,"component":504,"responsiveStyles":509},"builder-93738f98109a4009affb349afd7bb182",{"previousId":371},{"name":373,"options":505,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":506,"description":507,"reverse":41,"image":508},"\u003Ch2>Discover every extension in use\u003C/h2>","\u003Cp>Push gives you structured, searchable data about every extension in your environment, so you’re not just seeing what’s there, but also understanding how it got there, what it can do, and who it affects. It’s the kind of granular insight that’s nearly impossible to get from traditional tools, and it lays the groundwork for better policy decisions and faster investigations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0e5727ca99474f14b1b7916bf6bbb782",{"large":510},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":512,"meta":513,"component":514,"responsiveStyles":519},"builder-83393acb12ee4fdd840839185b51edb4",{"previousId":386},{"name":373,"options":515,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":516,"description":517,"reverse":6,"image":518},"\u003Ch2>Spot risky or malicious extensions\u003C/h2>","\u003Cp>Push highlights extensions with dangerous permissions, broad access, or poor reputations. This includes AI extensions that request access far beyond what their stated purpose requires. You can quickly detect sideloaded, manually installed, or development-mode extensions that bypass normal controls. And because Push shows you who’s using them and where, you can respond precisely and effectively.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa104d58c8da34fbb8901f738fb21453b",{"large":520},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":522,"meta":523,"component":524,"responsiveStyles":529},"builder-da98e3de949646d89c53a0d1c2784664",{"previousId":397},{"name":373,"options":525,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":526,"description":527,"reverse":41,"image":528},"\u003Ch2>Accelerate security reviews\u003C/h2>","\u003Cp>Most teams have extension policies, they just don’t have the data to enforce them. Push reveals how each extension entered your environment, whether it was installed manually, sideloaded, or deployed in dev mode. You’ll see which users are running what, and where, so you can surface violations, investigate quickly, and respond with confidence.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F229f355be6f243b180f410d237a75bb3",{"large":530},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":532,"meta":533,"component":534,"responsiveStyles":536},"builder-1a689287d1a1418997d57db578a71105",{"previousId":408},{"name":354,"options":535,"isRSC":118},{"darkMode":6},{"large":537},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":539,"component":540,"responsiveStyles":542},"builder-feb4e75029f84c10b6498ef1f8f79128",{"name":416,"tag":416,"options":541,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":543},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":545,"@type":106,"tagName":131,"properties":546,"responsiveStyles":547},"builder-pixel-0edn39avfcei",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":548},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":550},{"path":37,"query":551},{},{},1776275365038,1757000441666,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8d496cf111644ee5afcc046b72d1ca5a",[],{"kind":438,"winningTest":118,"breakpoints":558,"lastPreviewUrl":559,"hasLinks":6,"originalContentId":259,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/browser-extension-security?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=54f8256648f54d439303734b1e69221b&builder.overrides.54f8256648f54d439303734b1e69221b=54f8256648f54d439303734b1e69221b&builder.overrides.use-case-page:/uc/browser-extension-security=54f8256648f54d439303734b1e69221b&builder.options.locale=Default",{"createdDate":561,"id":562,"name":563,"modelId":261,"published":13,"query":564,"data":567,"variations":670,"lastUpdated":671,"firstPublished":672,"testRatio":33,"screenshot":673,"createdBy":34,"lastUpdatedBy":674,"folders":675,"meta":676,"rev":440},1744923509705,"94bebb7bb99d48629ad157e80cf4d81d","Account takeover detection",[565],{"@type":264,"property":265,"operator":266,"value":566},"/uc/account-takeover-detection",{"title":563,"customFonts":568,"jsCode":37,"seoTitle":563,"seoDescription":573,"fontAwesomeIcon":574,"tsCode":37,"blocks":575,"url":566,"state":667},[569],{"kind":273,"category":295,"variants":570,"menu":296,"files":571,"family":272,"subsets":572,"version":274,"lastModified":275},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"800italic":285,"700italic":287,"italic":289,"900italic":286,"600italic":294,"200italic":291,"regular":290,"100italic":288},[298,299],"Stop ATO with stolen credential and compromised token detection.","faUserSecret",[576,662],{"@type":106,"@version":107,"tagName":323,"id":577,"meta":578,"children":579},"builder-e7913a774cae44c5a23d6081c5c30a52",{"previousId":324},[580,596,603,610,619,629,639,649,656],{"@type":106,"@version":107,"id":581,"meta":582,"component":583,"responsiveStyles":594},"builder-f1f1ab1601bc4c0f8c2a8aafd173675d",{"previousId":328},{"name":327,"options":584,"isRSC":118},{"title":563,"description":585,"points":586,"video":593},"\u003Cp>Attackers don’t need to phish, they just need a password that works. Push monitors for signs of credential-based attacks in real time, directly in the browser, catching account takeover attempts before the damage spreads. From ghost logins to credential stuffing, Push cuts off the paths attackers use to quietly slip in the back door.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[587,589,591],{"item":588},"Identify credential-based ATO as it unfolds",{"item":590},"Surface hijacked sessions and token misuse",{"item":592},"Strengthen authentication where your IdP can’t","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb4dd9db24bc9495b8a686b1b4d492016%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=b4dd9db24bc9495b8a686b1b4d492016&alt=media&optimized=true",{"large":595},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":597,"meta":598,"component":599,"responsiveStyles":601},"builder-0bc0d1c78ece4994993c3a6427a4d533",{"previousId":344},{"name":346,"options":600,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":602},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":604,"meta":605,"component":606,"responsiveStyles":608},"builder-e45de8f3768c4f16938dbf78e4e87524",{"previousId":352},{"name":354,"options":607,"isRSC":118},{"darkMode":41},{"large":609},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":611,"component":612,"responsiveStyles":617},"builder-c98e8bfd341146c1b67c02d5698ff093",{"name":359,"tag":359,"options":613,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":614,"description":615,"image":616,"reverse":6},"\u003Ch2>Assume less. See more.\u003C/h2>","\u003Cp>Most account takeovers don’t start with a breach, they start with a login. Whether it’s a reused password, a local account, or an outdated login flow, Push shows you how accounts are actually accessed day to day, not just how policies say they should be. That means no more blind spots around ghost logins, bypassed SSO, or stale access paths that quietly persist.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F18630ad2746d4eb7b7fcc0428b11a8f0",{"large":618},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":620,"meta":621,"component":622,"responsiveStyles":627},"builder-55c1fc38ddc04fd1a0d6a8e2fb819e00",{"previousId":371},{"name":373,"options":623,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":624,"description":625,"reverse":41,"image":626},"\u003Ch2>Catch stolen credential use in real time\u003C/h2>","\u003Cp>Push monitors login activity directly in the browser to detect signs of credential-based attacks like leaked password use or suspicious login flows. By analyzing attacker TTPs instead of relying on known indicators, Push spots credential stuffing and account takeover attempts the moment they begin, not after they’ve succeeded.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F52b0123cac2c4dfdb1dc0af6adf9d603",{"large":628},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":630,"meta":631,"component":632,"responsiveStyles":637},"builder-dfb31737b30948c6b95323655d571a50",{"previousId":386},{"name":373,"options":633,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":634,"description":635,"reverse":6,"image":636},"\u003Ch2>Detect session hijacks and stealth access\u003C/h2>","\u003Cp>Attackers don’t always need a login screen, they often sidestep it entirely using stolen session tokens. Push detects when valid sessions are reused in unexpected ways, identifying hijacked sessions and stealth access attempts that traditional tools miss. Because we monitor directly in the browser, you see what’s happening inside active sessions in real time.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F94a6859a99e04d309ffe5841f3dbdf5c",{"large":638},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":640,"meta":641,"component":642,"responsiveStyles":647},"builder-f7585b90eb974d03a7dc7eae5b58d227",{"previousId":397},{"name":373,"options":643,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":644,"description":645,"reverse":41,"image":646},"\u003Ch2>Harden accounts before they’re compromised\u003C/h2>","\u003Cp>Push goes beyond alerts. It identifies apps that still allow local logins, even when SSO is configured, so you can remove weak access paths. Push also flags users without MFA, reused work credentials, or weak passwords, and prompts users in-browser to fix risky behaviors before they’re exploited.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01c1b638f1b6497093a4f2b8ceddb5bb",{"large":648},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":650,"meta":651,"component":652,"responsiveStyles":654},"builder-ad81d1e3afec49a791214194eae09bdc",{"previousId":408},{"name":354,"options":653,"isRSC":118},{"darkMode":6},{"large":655},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":657,"component":658,"responsiveStyles":660},"builder-8dac1aa4b9d148628d92252bd8eff822",{"name":416,"tag":416,"options":659,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":661},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":663,"@type":106,"tagName":131,"properties":664,"responsiveStyles":665},"builder-pixel-s5u3wmvz7jq",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":666},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":668},{"path":37,"query":669},{},{},1770892814499,1745499162732,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F58b660fa94aa4b30b0faeb9b663ae41a","SfUPqW5tkibIPby49keNFMdHFTr1",[],{"lastPreviewUrl":677,"hasLinks":6,"originalContentId":259,"breakpoints":678,"winningTest":118,"kind":438,"hasAutosaves":41},"https://pushsecurity.com/uc/account-takeover-detection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.94bebb7bb99d48629ad157e80cf4d81d=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.use-case-page:/uc/account-takeover-detection=94bebb7bb99d48629ad157e80cf4d81d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":680,"id":681,"name":682,"modelId":261,"published":13,"query":683,"data":686,"variations":789,"lastUpdated":790,"firstPublished":791,"testRatio":33,"screenshot":792,"createdBy":34,"lastUpdatedBy":674,"folders":793,"meta":794,"rev":440},1745009370904,"23eb48fb56d3451cab77cb6ed140ee6d","Attack path hardening",[684],{"@type":264,"property":265,"operator":266,"value":685},"/uc/attack-path-hardening",{"tsCode":37,"seoDescription":687,"jsCode":37,"customFonts":688,"fontAwesomeIcon":693,"seoTitle":682,"title":682,"blocks":694,"url":685,"state":786},"Harden access paths with visibility,  detection, and guardrails.",[689],{"kind":273,"files":690,"version":274,"lastModified":275,"subsets":691,"menu":296,"category":295,"variants":692,"family":272},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"regular":290,"italic":289,"800italic":285,"500italic":292,"600italic":294,"200italic":291,"900italic":286,"700italic":287,"100italic":288,"300italic":293},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"faRadar",[695,781],{"@type":106,"@version":107,"tagName":323,"id":696,"meta":697,"children":698},"builder-1d8553eddcaa44d7bba9e2f4ca13af2a",{"previousId":577},[699,715,722,729,738,748,758,768,775],{"@type":106,"@version":107,"id":700,"meta":701,"component":702,"responsiveStyles":713},"builder-84fe3d7c85a743cf8cef649aa974f1ef",{"previousId":581},{"name":327,"options":703,"isRSC":118},{"title":682,"description":704,"points":705,"video":712},"\u003Cp>Push continuously monitors your environment for exposed login paths, weak credentials, and missing protections like MFA. It detects the gaps attackers exploit and helps you close them before they’re used.\u003C/p>",[706,708,710],{"item":707},"Find weak spots like reused passwords, local logins, and missing MFA",{"item":709},"Monitor how users actually log in across apps, flows, and tools",{"item":711},"Enforce secure access with in-browser guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdbdcf52892034f1bbddded77f753a343%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=dbdcf52892034f1bbddded77f753a343&alt=media&optimized=true",{"large":714},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":716,"meta":717,"component":718,"responsiveStyles":720},"builder-b3f66f5b08054cc78a06fecfc3ae2337",{"previousId":597},{"name":346,"options":719,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":721},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":723,"meta":724,"component":725,"responsiveStyles":727},"builder-4c73418b84be49ed85e6e13d2625c5a0",{"previousId":604},{"name":354,"options":726,"isRSC":118},{"darkMode":41},{"large":728},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":730,"component":731,"responsiveStyles":736},"builder-dec0246085e1485c803f7152b1922a81",{"name":359,"tag":359,"options":732,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":733,"description":734,"image":735,"reverse":6},"\u003Ch2>Find the gaps that lead to compromise\u003C/h2>","\u003Cp>Misconfigurations don’t show up in your config files, they show up in how users actually access apps. Push monitors real login behavior in the browser, surfacing risky patterns like local login access, duplicate accounts, or missing protections that leave doors wide open.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F309a59bba8d247a19476bb369397460e",{"large":737},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":739,"meta":740,"component":741,"responsiveStyles":746},"builder-ebf049a645604a249550996a88f8f3b6",{"previousId":620},{"name":373,"options":742,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":743,"description":744,"reverse":41,"image":745},"\u003Ch2>See real login behavior\u003C/h2>","\u003Cp>Push watches authentication flows as they happen, giving you a live view of how users log in, which methods they choose, and where protections like MFA are missing. Plus, uncover every app and account in use, even shadow IT you didn’t know existed, without relying on stale config files or IdP assumptions. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb51f6b0357cc451b87a7a5016d984e5e",{"large":747},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":749,"meta":750,"component":751,"responsiveStyles":756},"builder-431d175c59004669b0b2776b07d71737",{"previousId":630},{"name":373,"options":752,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":753,"description":754,"reverse":6,"image":755},"\u003Ch2>Find and fix posture drift\u003C/h2>","\u003Cp>Security posture isn’t static. Push continuously monitors for issues like missing MFA or legacy login methods. When something falls out of policy, you know immediately with custom notifications so you can act before it turns into risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F324e39127dfc41e592b1183dfb39892d",{"large":757},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":759,"meta":760,"component":761,"responsiveStyles":766},"builder-3dffdcbe0a484e2ca4c03f019b6d40ee",{"previousId":640},{"name":373,"options":762,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":763,"description":764,"reverse":41,"image":765},"\u003Ch2>Guide users with in-browser guardrails\u003C/h2>","\u003Cp>Push doesn’t just surface problems, it helps you fix them. When users sign in without MFA, reuse a password, or use insecure credentials, Push prompts them directly in the browser to secure their access. It’s faster, more effective, and actually gets results.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fee8b75d13e45488aba55434a8b49ebb0",{"large":767},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":769,"meta":770,"component":771,"responsiveStyles":773},"builder-976bc222cd7647ff905f1e01cfedc453",{"previousId":650},{"name":354,"options":772,"isRSC":118},{"darkMode":6},{"large":774},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":776,"component":777,"responsiveStyles":779},"builder-8c47ec2fd0f74382bb3e6c870555632c",{"name":416,"tag":416,"options":778,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":780},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":782,"@type":106,"tagName":131,"properties":783,"responsiveStyles":784},"builder-pixel-7akm7dayau8",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":785},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":787},{"path":37,"query":788},{},{},1770892844854,1745499166112,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6ca12bf728a045f1a31d40c0beb3bfe5",[],{"kind":438,"lastPreviewUrl":795,"breakpoints":796,"hasLinks":6,"originalContentId":562,"winningTest":118,"hasAutosaves":6},"https://pushsecurity.com/uc/attack-path-hardening?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.23eb48fb56d3451cab77cb6ed140ee6d=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.use-case-page:/uc/attack-path-hardening=23eb48fb56d3451cab77cb6ed140ee6d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":798,"id":799,"name":800,"modelId":261,"published":13,"query":801,"data":804,"variations":909,"lastUpdated":910,"firstPublished":911,"testRatio":33,"screenshot":912,"createdBy":34,"lastUpdatedBy":674,"folders":913,"meta":914,"rev":440},1761675020232,"ea4f309d2ffe46c5aa97ebf0fda4e2e3","ClickFix Protection",[802],{"@type":264,"property":265,"operator":266,"value":803},"/uc/clickfix-protection",{"seoDescription":805,"fontAwesomeIcon":806,"customFonts":807,"seoTitle":812,"jsCode":37,"tsCode":37,"title":812,"blocks":813,"url":803,"state":906},"Block attacks that trick users into running malicious code.","faLaptopCode",[808],{"files":809,"subsets":810,"menu":296,"version":274,"kind":273,"family":272,"lastModified":275,"variants":811,"category":295},{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"200italic":291,"800italic":285,"700italic":287,"600italic":294,"100italic":288,"italic":289,"regular":290,"300italic":293,"500italic":292,"900italic":286},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],"ClickFix protection",[814,901],{"@type":106,"@version":107,"tagName":323,"id":815,"meta":816,"children":817},"builder-d7eefdde0f2a4b2b9de3dcb2978fd6cb",{"previousId":696},[818,834,841,848,858,868,878,888,895],{"@type":106,"@version":107,"id":819,"meta":820,"component":821,"responsiveStyles":832},"builder-56e2c54bcce040a4af8b92ae03706c12",{"previousId":700},{"name":327,"options":822,"isRSC":118},{"title":812,"description":823,"points":824,"image":831},"\u003Cp>ClickFix attacks are one of the fastest-growing threats, tricking users into copying malicious code from a webpage and running it locally. This technique bypasses traditional EDR, email gateways, and network filters, leading directly to ransomware and data theft. Push stops this attack at the source, in the browser, by detecting and blocking the malicious behavior before the user can ever paste the code.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[825,827,829],{"item":826},"Detect ClickFix, FileFix, and fake CAPTCHA in the browser",{"item":828},"Block malicious copy-and-paste actions before code is executed",{"item":830},"See full telemetry into which users were targeted and what they saw","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b74af62889847ebb3927364485b0546",{"large":833},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":835,"meta":836,"component":837,"responsiveStyles":839},"builder-05f9614d4e3e4dc88b3ee8658f54e10e",{"previousId":716},{"name":346,"options":838,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":840},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":842,"meta":843,"component":844,"responsiveStyles":846},"builder-c4fb5179366243c1b6c32d368675cf47",{"previousId":723},{"name":354,"options":845,"isRSC":118},{"darkMode":41},{"large":847},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":849,"meta":850,"component":851,"responsiveStyles":856},"builder-261af50705fd445d8cca4a6ba20d5391",{"previousId":730},{"name":359,"tag":359,"options":852,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":853,"description":854,"reverse":6,"image":855},"\u003Ch2>Stop ClickFix-style attacks before they become a breach\u003C/h2>","\u003Cp>Traditional security tools are blind to malicious copy and paste attacks because the attack exploits a gap between the browser and the endpoint. EDR only sees the payload after it runs, and network tools see only part of the picture.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F98b2f7e08dec4eafaf8e24937605b8cf",{"large":857},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":859,"meta":860,"component":861,"responsiveStyles":866},"builder-7d21b8aab8064c40b1e5dd23c4749309",{"previousId":739},{"name":373,"options":862,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":863,"description":864,"reverse":41,"image":865},"\u003Ch2>Discover lures at the source\u003C/h2>","\u003Cp>Push inspects page behavior to identify ClickFix attacks as they happen. By inspecting the page, its structure, and how the user interacts with it, Push can detect and block these in-browser threats in real time. This deep, TTP-based inspection spots the trap even on novel pages that are built to bypass traditional web filters and blocklists.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F665bf47e01544c75bf9ddafd3917927b",{"large":867},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":383,"marginTop":384},{"@type":106,"@version":107,"id":869,"meta":870,"component":871,"responsiveStyles":876},"builder-fb91943adf6149259ed9e1e6566c9afe",{"previousId":749},{"name":373,"options":872,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":873,"description":874,"reverse":6,"image":875},"\u003Ch2>Block the malicious action\u003C/h2>","\u003Cp>When Push detects a malicious script, it intercepts the user's action and blocks the code from being copied to the clipboard. The user is protected, the attack is stopped, and no malicious code ever reaches the endpoint. Unlike broad DLP tools, this action is surgical, targeting only malicious behavior without disrupting normal work.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5ee68f81f1ac416685cbfe91298cf827",{"large":877},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":879,"meta":880,"component":881,"responsiveStyles":886},"builder-bfac95fada864e5a8259b955b5b5f98b",{"previousId":759},{"name":373,"options":882,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":883,"description":884,"reverse":41,"image":885},"\u003Ch2>Accelerate ClickFix investigations\u003C/h2>","\u003Cp>When an attack happens, knowing what the user saw or did is critical. Push provides rich browser session data for rapid investigation and containment. Security teams get detailed telemetry on which users were targeted, what lure they were served, and when the block occurred. This enables defenders to reconstruct what happened and respond quickly, even when other tools miss the activity entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6cdf2a8aeddc4e9a9023cbf974e40239",{"large":887},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":889,"meta":890,"component":891,"responsiveStyles":893},"builder-136892e831684a6987f87d3be67c33d1",{"previousId":769},{"name":354,"options":892,"isRSC":118},{"darkMode":6},{"large":894},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":896,"component":897,"responsiveStyles":899},"builder-dec26b739f2f42beb5a73cfc6c675b60",{"name":416,"tag":416,"options":898,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":900},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":902,"@type":106,"tagName":131,"properties":903,"responsiveStyles":904},"builder-pixel-zzjpxxgrc2l",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":905},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":907},{"path":37,"query":908},{},{},1770892881888,1761847585203,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F375467b8bef34ed1a8a1cc5b8b67d75f",[],{"lastPreviewUrl":915,"originalContentId":681,"winningTest":118,"hasLinks":6,"kind":438,"breakpoints":916,"hasAutosaves":6},"https://pushsecurity.com/uc/clickfix-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.ea4f309d2ffe46c5aa97ebf0fda4e2e3=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.use-case-page:/uc/clickfix-protection=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":918,"id":919,"name":920,"modelId":261,"published":13,"query":921,"data":924,"variations":1029,"lastUpdated":1030,"firstPublished":1031,"testRatio":33,"screenshot":1032,"createdBy":34,"lastUpdatedBy":674,"folders":1033,"meta":1034,"rev":440},1745009743870,"a9d5556e77f84a37b5bd52310a7110c1","Incident response",[922],{"@type":264,"property":265,"operator":266,"value":923},"/uc/incident-response",{"seoDescription":925,"customFonts":926,"title":920,"jsCode":37,"fontAwesomeIcon":931,"seoTitle":932,"tsCode":37,"blocks":933,"url":923,"state":1026},"Investigate and respond faster with unique browser telemetry.",[927],{"kind":273,"subsets":928,"menu":296,"variants":929,"category":295,"family":272,"version":274,"lastModified":275,"files":930},[298,299],[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"900italic":286,"600italic":294,"200italic":291,"300italic":293,"100italic":288,"700italic":287,"800italic":285,"regular":290,"italic":289,"500italic":292},"faSatelliteDish","Browser based incident response",[934,1021],{"@type":106,"@version":107,"tagName":323,"id":935,"meta":936,"children":937},"builder-653c4aed737b4def88dc4cd2d695660a",{"previousId":696},[938,955,962,969,978,988,998,1008,1015],{"@type":106,"@version":107,"id":939,"meta":940,"component":941,"responsiveStyles":953},"builder-18190bd36518467d9154d27d7e945b9b",{"previousId":700},{"name":327,"options":942,"isRSC":118},{"title":943,"description":944,"points":945,"video":952},"Browser-based incident response","\u003Cp>Push gives you real-time visibility into what actually happened during a breach, right in the browser where the attack played out. From credential theft to session hijacking, Push captures high-fidelity telemetry so you can investigate quickly, contain confidently, and shut it down before it spreads.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[946,948,950],{"item":947},"Reconstruct what happened with real browser session context",{"item":949},"Investigate faster with real-world session context",{"item":951},"Trigger response actions automatically through your SIEM or SOAR","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd00e39d3b6e346c296261d875cf55652%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=d00e39d3b6e346c296261d875cf55652&alt=media&optimized=true",{"large":954},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":956,"meta":957,"component":958,"responsiveStyles":960},"builder-8a0a8ea63f5d48dd8a6726f2d49cf0ca",{"previousId":716},{"name":346,"options":959,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":961},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":963,"meta":964,"component":965,"responsiveStyles":967},"builder-2df65c3f54334df2b26e7cb744886cdc",{"previousId":723},{"name":354,"options":966,"isRSC":118},{"darkMode":41},{"large":968},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":970,"component":971,"responsiveStyles":976},"builder-2c32c869efc2423ab69ef06b150e9f97",{"name":359,"tag":359,"options":972,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":973,"description":974,"image":975,"reverse":6},"\u003Ch2>See attacks unfold, not just their aftermath\u003C/h2>","\u003Cp>Attacks happen in the browser, not in logs. Push captures what traditional tools miss: what users clicked, what loaded, what was entered, and how attackers moved. That gives you real-world evidence, not just assumptions, when every second matters.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F36fc719bd1de4a38b916f4d25c81a26d",{"large":977},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":979,"meta":980,"component":981,"responsiveStyles":986},"builder-370e53c6016e432db01e9193a2ce90f6",{"previousId":739},{"name":373,"options":982,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":983,"description":984,"reverse":41,"image":985},"\u003Ch2>Investigate faster with high-fidelity data\u003C/h2>","\u003Cp>Reconstructing an incident shouldn’t feel like guesswork. Push records detailed telemetry from inside the browser: page loads, credential inputs, DOM changes, session activity, user behavior. It’s structured, exportable, and ready to plug into your investigation workflows, so you can move fast without digging through proxy logs or relying on user reports.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa6adda040e684e67a8d68a55c5ce5f6d",{"large":987},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":989,"meta":990,"component":991,"responsiveStyles":996},"builder-a7f3767a8d184bd08fb24520bf210e95",{"previousId":749},{"name":373,"options":992,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":993,"description":994,"reverse":6,"image":995},"\u003Ch2>Contain and respond in real time\u003C/h2>","\u003Cp>When something looks off, Push doesn’t just alert you, it gives you options. Guide users with in-browser prompts. Terminate sessions. Trigger SOAR workflows. Enrich SIEM alerts. Push gives you the context and control to stop spread before it starts.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb3dedeed5aba4847a2c2d22e10d0ec12",{"large":997},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":999,"meta":1000,"component":1001,"responsiveStyles":1006},"builder-b92036ee0ece4b32acdbdcc7c377366b",{"previousId":759},{"name":373,"options":1002,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1003,"description":1004,"reverse":41,"image":1005},"\u003Ch2>Prevent the next one\u003C/h2>","\u003Cp>Push helps you respond fast, but it also helps you fix what went wrong. It surfaces misconfigurations and risky behaviors that made the attack possible in the first place, then guides users in-browser to remediate. One tool. Full loop. No loose ends.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc1ecc2d5d3814b62b072fac01827ff96",{"large":1007},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1009,"meta":1010,"component":1011,"responsiveStyles":1013},"builder-5e8ae39655274de89da32ab573a2525a",{"previousId":769},{"name":354,"options":1012,"isRSC":118},{"darkMode":6},{"large":1014},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1016,"component":1017,"responsiveStyles":1019},"builder-dfd6850cfb4741d2b8a0c16c2780f00a",{"name":416,"tag":416,"options":1018,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1020},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1022,"@type":106,"tagName":131,"properties":1023,"responsiveStyles":1024},"builder-pixel-z197gdgcmu",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1025},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1027},{"path":37,"query":1028},{},{},1770892908052,1745427419274,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb07017bfd318431690a5bb35bda35b99",[],{"kind":438,"breakpoints":1035,"originalContentId":681,"winningTest":118,"lastPreviewUrl":1036,"hasLinks":6,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/incident-response?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.a9d5556e77f84a37b5bd52310a7110c1=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.use-case-page:/uc/incident-response=a9d5556e77f84a37b5bd52310a7110c1&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"createdDate":1038,"id":1039,"name":1040,"modelId":261,"published":13,"query":1041,"data":1044,"variations":1149,"lastUpdated":1150,"firstPublished":1151,"testRatio":33,"screenshot":1152,"createdBy":34,"lastUpdatedBy":674,"folders":1153,"meta":1154,"rev":440},1746122471259,"5f118e24433d46ceb79f5099987156d7","Shadow SaaS",[1042],{"@type":264,"property":265,"operator":266,"value":1043},"/uc/shadow-saas",{"seoTitle":1045,"seoDescription":1046,"customFonts":1047,"fontAwesomeIcon":1052,"title":1053,"jsCode":37,"tsCode":37,"blocks":1054,"url":1043,"state":1146},"Find and secure shadow SaaS","See and control shadow SaaS in the browser.",[1048],{"kind":273,"variants":1049,"files":1050,"family":272,"version":274,"subsets":1051,"lastModified":275,"category":295,"menu":296},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"300italic":293,"500italic":292,"regular":290,"900italic":286,"italic":289,"100italic":288,"200italic":291,"600italic":294,"700italic":287,"800italic":285},[298,299],"faShieldCheck","Secure shadow SaaS",[1055,1141],{"@type":106,"@version":107,"tagName":323,"id":1056,"meta":1057,"children":1058},"builder-04da805c4cd34652a2db452fcda52e1d",{"previousId":935},[1059,1075,1082,1089,1098,1108,1118,1128,1135],{"@type":106,"@version":107,"id":1060,"meta":1061,"component":1062,"responsiveStyles":1073},"builder-830d414faeaf41439142f9157e8288c8",{"previousId":939},{"name":327,"options":1063,"isRSC":118},{"title":1045,"description":1064,"points":1065,"video":1072},"\u003Cp>SaaS sprawl is one of today’s fastest-growing security blind spots because most tools monitor around the edges. Push sees it at the source, in the browser, revealing every app users access, flagging risky tools, and helping you shut down exposure before it leads to a breach. No guesswork. No nasty surprises. Just real-time visibility and control.\u003C/p>",[1066,1068,1070],{"item":1067},"Discover every SaaS app users access, managed or not",{"item":1069},"Spot accounts with weak security postures like missing MFA, unmanaged access, and no SSO",{"item":1071},"Control usage with in-browser prompts, blocks, and security guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e4eece318d04d6586e691d59d0741cf%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=3e4eece318d04d6586e691d59d0741cf&alt=media&optimized=true",{"large":1074},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1076,"meta":1077,"component":1078,"responsiveStyles":1080},"builder-cd7833f966cb4c7e8adf0d6c979414a6",{"previousId":956},{"name":346,"options":1079,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1081},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1083,"meta":1084,"component":1085,"responsiveStyles":1087},"builder-49d720b45430454e8b08c526f267c19f",{"previousId":963},{"name":354,"options":1086,"isRSC":118},{"darkMode":41},{"large":1088},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1090,"component":1091,"responsiveStyles":1096},"builder-3dde0bf6c8544e5e9ab41b18a9d68034",{"name":359,"tag":359,"options":1092,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1093,"description":1094,"image":1095,"reverse":6},"\u003Ch2>Use your browser to curb Saas Sprawl\u003C/h2>","\u003Cp>Shadow SaaS isn’t hiding in your network, it’s in your browser. From AI tools to unsanctioned file-sharing sites, security risks live in the apps your users sign into every day. Push maps your organization's true SaaS footprint in real time, exposing apps and accounts with unmanaged access, poor authentication, or no security oversight.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb6811a214c7949b6bbe0b9a3bca62efd",{"large":1097},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1099,"meta":1100,"component":1101,"responsiveStyles":1106},"builder-e2420451ccdc4f088d0a4904cff45935",{"previousId":979},{"name":373,"options":1102,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1103,"description":1104,"reverse":41,"image":1105},"\u003Ch2>Discover hidden SaaS usage\u003C/h2>","\u003Cp>Push captures live browser telemetry across every tab and session. Whether a user signs into a sanctioned app with a personal account or tries a new AI plugin, you’ll see it in real time, with no integrations or manual tagging.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe16e301f9af94665b95d98232a863d8a",{"large":1107},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1109,"meta":1110,"component":1111,"responsiveStyles":1116},"builder-b36de7fce7994beea9e58d94662e7166",{"previousId":989},{"name":373,"options":1112,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1113,"description":1114,"reverse":6,"image":1115},"\u003Ch2>Spot risky access and unsafe usage\u003C/h2>","\u003Cp>Discovery is just the beginning. Push flags apps with risky traits, no MFA, no SSO, known vulnerabilities, or broad access scopes. You’ll know which tools introduce real risk, and which users are exposed so you can act with precision.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6585f3c242da4d70ae3cb7d02f481bef",{"large":1117},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1119,"meta":1120,"component":1121,"responsiveStyles":1126},"builder-dc366b5134684fe7a508edf8913103ea",{"previousId":999},{"name":373,"options":1122,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1123,"description":1124,"reverse":41,"image":1125},"\u003Ch2>Close gaps before they grow\u003C/h2>","\u003Cp>Push turns insight into action. When risky SaaS use is detected, guide users to enable MFA, block high-risk apps, or apply in-browser guardrails automatically. All without deploying new infrastructure or managing dozens of integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe6d60b6d91414819bc6258a318f00557",{"large":1127},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1129,"meta":1130,"component":1131,"responsiveStyles":1133},"builder-8708f6f0d8da4b3f9e17bf16cda70219",{"previousId":1009},{"name":354,"options":1132,"isRSC":118},{"darkMode":6},{"large":1134},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1136,"component":1137,"responsiveStyles":1139},"builder-8ff4b38d60534cf28cb523ab0f754875",{"name":416,"tag":416,"options":1138,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1140},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1142,"@type":106,"tagName":131,"properties":1143,"responsiveStyles":1144},"builder-pixel-d1ul2kmxbed",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1145},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1147},{"path":37,"query":1148},{},{},1770892936802,1746714967208,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01bfb2304521412fbd2e1a1180904d40",[],{"originalContentId":919,"winningTest":118,"lastPreviewUrl":1155,"breakpoints":1156,"kind":438,"hasLinks":6,"hasAutosaves":6},"https://pushsecurity.com/uc/shadow-saas?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=5f118e24433d46ceb79f5099987156d7&builder.overrides.5f118e24433d46ceb79f5099987156d7=5f118e24433d46ceb79f5099987156d7&builder.overrides.use-case-page:/uc/shadow-saas=5f118e24433d46ceb79f5099987156d7&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":1158,"id":1159,"name":1160,"modelId":261,"published":13,"query":1161,"data":1164,"variations":1268,"lastUpdated":1269,"firstPublished":1270,"testRatio":33,"screenshot":1271,"createdBy":34,"lastUpdatedBy":674,"folders":1272,"meta":1273,"rev":440},1764707470172,"b62629ce2f3741158d961cd10fe74b31","Shadow AI",[1162],{"@type":264,"property":265,"operator":266,"value":1163},"/uc/shadow-ai",{"fontAwesomeIcon":1165,"seoTitle":1166,"jsCode":37,"customFonts":1167,"title":1172,"tsCode":37,"seoDescription":1173,"blocks":1174,"url":1163,"state":1265},"faBrainCircuit","Secure AI native and AI enhanced apps. ",[1168],{"variants":1169,"category":295,"files":1170,"subsets":1171,"family":272,"kind":273,"menu":296,"lastModified":275,"version":274},[301,302,303,304,305,306,128,307,308,309,310,311,312,313,314,315,316,317],{"100":277,"200":278,"300":279,"500":280,"600":281,"700":282,"800":283,"900":284,"800italic":285,"regular":290,"700italic":287,"200italic":291,"italic":289,"500italic":292,"600italic":294,"300italic":293,"100italic":288,"900italic":286},[298,299],"Secure shadow AI","See and control shadow AI apps in the browser.",[1175,1260],{"@type":106,"@version":107,"tagName":323,"id":1176,"meta":1177,"children":1178},"builder-a6e5717a2c914d5695058e4ee201a05d",{"previousId":1056},[1179,1195,1202,1209,1219,1228,1237,1247,1254],{"@type":106,"@version":107,"id":1180,"meta":1181,"component":1182,"responsiveStyles":1193},"builder-3e0ed678683f4a0eb7aa00253cf263b2",{"previousId":1060},{"name":327,"options":1183,"isRSC":118},{"title":1172,"description":1184,"points":1185,"image":1192},"\u003Cp>Your employees are adopting AI faster than you can track it. From native features in corporate apps to unapproved shadow tools, it’s all happening in the browser. Push detects every AI interaction in real time, letting you categorize apps and enforce acceptable use policies in the browser.\u003C/p>",[1186,1188,1190],{"item":1187},"Map every AI tool used across your workforce",{"item":1189},"Review and classify apps by sensitivity, purpose, and policy status",{"item":1191},"Enforce AI usage rules directly in the browser","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33cf153d920f4e389f3650253577cff7",{"large":1194},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":342},{"@type":106,"@version":107,"id":1196,"meta":1197,"component":1198,"responsiveStyles":1200},"builder-76968f8471d14893b8189d75b08fb426",{"previousId":1076},{"name":346,"options":1199,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":1201},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":350},{"@type":106,"@version":107,"id":1203,"meta":1204,"component":1205,"responsiveStyles":1207},"builder-b55b9d4bc5a649d8839ce7f6c2043d95",{"previousId":1083},{"name":354,"options":1206,"isRSC":118},{"darkMode":41},{"large":1208},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1210,"meta":1211,"component":1212,"responsiveStyles":1217},"builder-c3f38ef4d75d4989a29b5903175ed8a1",{"previousId":1090},{"name":359,"tag":359,"options":1213,"isRSC":118},{"darkMode":6,"maxWidth":363,"maxTextWidth":364,"title":1214,"description":1215,"image":1216,"reverse":6},"\u003Ch2>Use your browser to govern AI \u003C/h2>","\u003Cp>The AI footprint inside your company is bigger than you think. From text generators to meeting assistants and design copilots, employees test, adopt, and connect new tools constantly. Push shows you those tools and which users are accessing them, without relying on network scans or API integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F30b43bda6f1644c19478fb1efa20050c",{"large":1218},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1220,"meta":1221,"component":1222,"responsiveStyles":1226},"builder-90ee9cb9afc44e7f885523715bf51a53",{"previousId":1099},{"name":373,"options":1223,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":376,"title":1224,"description":1225,"reverse":41,"image":1115},"\u003Ch2>Discover every AI tool users touch\u003C/h2>","\u003Cp>Push captures live telemetry from the browser, identifying every AI-native and AI-enhanced application users access. You’ll know which corporate identities are connected, how data flows, and what new AI apps appear across your environment. \u003C/p>",{"large":1227},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":382,"paddingTop":384,"marginTop":384},{"@type":106,"@version":107,"id":1229,"meta":1230,"component":1231,"responsiveStyles":1235},"builder-9e44539fa53c4d8e87406036c921fc46",{"previousId":1109},{"name":373,"options":1232,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":389,"title":1233,"description":1234,"reverse":6,"image":1125},"\u003Ch2>Classify and manage AI risk\u003C/h2>","\u003Cp>For apps you choose to allow, Push lets you apply custom in-browser banners. You can bulk-select categories of AI tools and require users to read and acknowledge your acceptable use policy before they proceed. This creates an auditable trail and moves policy from an easy to forget document to an active, in-workflow control.\u003C/p>",{"large":1236},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":395},{"@type":106,"@version":107,"layerName":373,"id":1238,"meta":1239,"component":1240,"responsiveStyles":1245},"builder-44c1a891926f4bdeaaa37e90721fe6ac",{"previousId":1119},{"name":373,"options":1241,"isRSC":118},{"darkMode":6,"maxWidth":363,"imageMaxWidth":375,"textPaddingTop":400,"title":1242,"description":1243,"reverse":41,"image":1244},"\u003Ch2>Enforce your AI policy in the browser\u003C/h2>","\u003Cp>When an AI tool is deemed non-compliant or too risky, Push blocks it at the source. The block happens directly in the browser, preventing the user from accessing the site or submitting data. This gives you an immediate, powerful lever to stop data exfiltration and enforce a hard line on unacceptable risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa359ac1805af4e15a8a7f84632b9bb55",{"large":1246},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":406},{"@type":106,"@version":107,"id":1248,"meta":1249,"component":1250,"responsiveStyles":1252},"builder-dcc906f9cbe54dc68b3c672668e7a38f",{"previousId":1129},{"name":354,"options":1251,"isRSC":118},{"darkMode":6},{"large":1253},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":1255,"component":1256,"responsiveStyles":1258},"builder-d2d64780c31b4349bc75805b23a07e38",{"name":416,"tag":416,"options":1257,"isRSC":118},{"sectionHeading":37,"customClass":418},{"large":1259},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":1261,"@type":106,"tagName":131,"properties":1262,"responsiveStyles":1263},"builder-pixel-wxx9tk70r9p",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":1264},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":1266},{"path":37,"query":1267},{},{},1770892957225,1764950077593,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe558b8b069884037a8e6904f7ecc029c",[],{"winningTest":118,"breakpoints":1274,"originalContentId":1039,"kind":438,"lastPreviewUrl":1275,"hasLinks":6,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/shadow-ai?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=b62629ce2f3741158d961cd10fe74b31&builder.overrides.b62629ce2f3741158d961cd10fe74b31=b62629ce2f3741158d961cd10fe74b31&builder.overrides.use-case-page:/uc/shadow-ai=b62629ce2f3741158d961cd10fe74b31&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"_path":1277,"_dir":1278,"_draft":6,"_partial":6,"_locale":37,"sys":1279,"ogImage":118,"summary":1282,"title":1296,"subtitle":118,"metaTitle":1297,"synopsis":1298,"hashTags":118,"publishedDate":1299,"slug":1300,"tagsCollection":1301,"relatedBlogPostsCollection":1311,"authorsCollection":2665,"content":2673,"_id":3225,"_type":3226,"_source":3227,"_file":3228,"_stem":3229,"_extension":3226},"/blog/what-are-shadow-identities","blog",{"id":1280,"publishedAt":1281},"1I9skXuLjbdjnc6rAVkaS3","2025-01-15T14:31:02.984Z",{"json":1283},{"data":1284,"content":1285,"nodeType":1295},{},[1286],{"data":1287,"content":1288,"nodeType":1294},{},[1289],{"data":1290,"marks":1291,"value":1292,"nodeType":1293},{},[],"In this article, we define shadow identities and shadow IDs and guide readers on how to find and secure them to reduce the risk.","text","paragraph","document","Get out of the dark: Manage the risk of shadow identities","Manage the risk of shadow identities","Employees sign up to cloud apps on their own every day. Each time, they create a new account and a new identity on that app. How do you find and secure them?","2023-09-19T00:00:00.000Z","what-are-shadow-identities",{"items":1302},[1303,1307],{"sys":1304,"name":1306},{"id":1305},"3SA5H01UkKauuiTdt0KC6q","Shadow IT",{"sys":1308,"name":1310},{"id":1309},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"items":1312},[1313,2217],{"__typename":1314,"sys":1315,"content":1317,"title":2197,"synopsis":2198,"hashTags":118,"publishedDate":2199,"slug":2200,"tagsCollection":2201,"authorsCollection":2209},"BlogPosts",{"id":1316},"3eCWNBg1avThJNsZSwaq1y",{"json":1318},{"nodeType":1295,"data":1319,"content":1320},{},[1321,1328,1335,1344,1380,1388,1395,1417,1425,1432,1439,1458,1464,1471,1485,1492,1499,1506,1512,1537,1544,1551,1558,1565,1572,1579,1597,1605,1621,1628,1634,1656,1686,1702,1729,1736,1743,1750,1757,1764,1771,1778,1830,1837,1868,1913,1988,1995,2002,2009,2016,2023,2030,2037,2044,2050,2057,2064,2085,2092,2099,2106,2112,2119,2126,2133,2140,2163,2170,2176],{"nodeType":1294,"data":1322,"content":1323},{},[1324],{"nodeType":1293,"value":1325,"marks":1326,"data":1327},"If you’re working in security, you know you’re on the hook to secure all the assets in your organization’s attack surface – including cloud and SaaS applications. But with employees signing up and adopting SaaS applications without your oversight, the scale of your attack surface has blown up without you even knowing it - leading to a huge increase in SaaS security risks. ",[],{},{"nodeType":1294,"data":1329,"content":1330},{},[1331],{"nodeType":1293,"value":1332,"marks":1333,"data":1334},"You’ve probably locked down the known cloud services and cloud apps your company is using (Google Workspace, Microsoft 365, etc.) and you have policies you’re already enforcing for how employees log into, access, and input sensitive data into cloud platforms like Salesforce and Hubspot. \n\nBut what about all those other SaaS applications people in the company are using? Those apps make up a significant part of your attack surface. ",[],{},{"nodeType":1336,"data":1337,"content":1343},"embedded-entry-block",{"target":1338},{"sys":1339},{"id":1340,"type":1341,"linkType":1342},"5NfrrDeIPs7TE213UYly7E","Link","Entry",[],{"nodeType":1294,"data":1345,"content":1346},{},[1347,1351,1362,1366,1376],{"nodeType":1293,"value":1348,"marks":1349,"data":1350},"You need visibility into all those apps as the first step. We ",[],{},{"nodeType":1352,"data":1353,"content":1357},"entry-hyperlink",{"target":1354},{"sys":1355},{"id":1356,"type":1341,"linkType":1342},"3PqX7fLrTIYhWjbEhHSRHG",[1358],{"nodeType":1293,"value":1359,"marks":1360,"data":1361},"can help there",[],{},{"nodeType":1293,"value":1363,"marks":1364,"data":1365}," and there are some ",[],{},{"nodeType":1352,"data":1367,"content":1371},{"target":1368},{"sys":1369},{"id":1370,"type":1341,"linkType":1342},"45iZ69EdPF4629gZ6yf7p5",[1372],{"nodeType":1293,"value":1373,"marks":1374,"data":1375},"semi-hacky ways",[],{},{"nodeType":1293,"value":1377,"marks":1378,"data":1379}," you can even get this visibility on your own. ",[],{},{"nodeType":1381,"data":1382,"content":1383},"heading-1",{},[1384],{"nodeType":1293,"value":1385,"marks":1386,"data":1387},"I found all these shadow SaaS apps, now what?",[],{},{"nodeType":1294,"data":1389,"content":1390},{},[1391],{"nodeType":1293,"value":1392,"marks":1393,"data":1394},"Once you get the list of (likely hundreds) of SaaS applications employees have been using that you weren’t aware of, you’re probably then thinking about the next daunting task - how do I secure all these shadow SaaS or shadow IT assets across your SaaS attack surface to manage SaaS security risks?",[],{},{"nodeType":1294,"data":1396,"content":1397},{},[1398,1402,1413],{"nodeType":1293,"value":1399,"marks":1400,"data":1401},"That’s where the ",[],{},{"nodeType":1403,"data":1404,"content":1406},"hyperlink",{"uri":1405},"https://www.ncsc.gov.uk/collection/cloud/understanding-cloud-services/cloud-security-shared-responsibility-model",[1407],{"nodeType":1293,"value":1408,"marks":1409,"data":1412},"shared responsibility model ",[1410],{"type":1411},"underline",{},{"nodeType":1293,"value":1414,"marks":1415,"data":1416},"comes into play. You’re not on the hook to take on every aspect of SaaS security, so let’s do a walkthrough of this model and we’ll help you hone in on where you can make the most impact when it comes to securing your sensitive data with every third-party SaaS vendor.",[],{},{"nodeType":1418,"data":1419,"content":1420},"heading-2",{},[1421],{"nodeType":1293,"value":1422,"marks":1423,"data":1424},"SaaS allows you to offload some operational security",[],{},{"nodeType":1294,"data":1426,"content":1427},{},[1428],{"nodeType":1293,"value":1429,"marks":1430,"data":1431},"You’re undoubtedly resource strapped, so using SaaS apps is a great way to delegate as many operational security tasks as possible to the cloud provider.",[],{},{"nodeType":1294,"data":1433,"content":1434},{},[1435],{"nodeType":1293,"value":1436,"marks":1437,"data":1438},"The shared-responsibility model shows you your responsibilities as the customer and which the cloud provider owns - this is one of the reasons SaaS is taking over the world.   ",[],{},{"nodeType":1294,"data":1440,"content":1441},{},[1442,1446,1454],{"nodeType":1293,"value":1443,"marks":1444,"data":1445},"The following table produced by the ",[],{},{"nodeType":1403,"data":1447,"content":1448},{"uri":1405},[1449],{"nodeType":1293,"value":1450,"marks":1451,"data":1453},"National Cyber Security Centre",[1452],{"type":1411},{},{"nodeType":1293,"value":1455,"marks":1456,"data":1457}," (NCSC) shows how much of the balance of security responsibility is outsourced to the SaaS provider. For reference, IaaS = infrastructure-as-a-service; PaaS = platform-as-a-service; SaaS = software-as-a-service:",[],{},{"nodeType":1336,"data":1459,"content":1463},{"target":1460},{"sys":1461},{"id":1462,"type":1341,"linkType":1342},"17rMTpxgCAU5ropjkGIIjK",[],{"nodeType":1294,"data":1465,"content":1466},{},[1467],{"nodeType":1293,"value":1468,"marks":1469,"data":1470},"This table shows that in the SaaS model, you’re delegating a lot of responsibility for security to the vendor, which is great because it reduces the burden on your security team and SaaS providers are certainly best placed to secure their software. ",[],{},{"nodeType":1294,"data":1472,"content":1473},{},[1474,1481],{"nodeType":1293,"value":1475,"marks":1476,"data":1480},"However, this requires far greater trust in SaaS providers. ",[1477,1478],{"type":312},{"type":1479},"bold",{},{"nodeType":1293,"value":1482,"marks":1483,"data":1484},"Even so, this is a net positive trade off for most organizations.",[],{},{"nodeType":1294,"data":1486,"content":1487},{},[1488],{"nodeType":1293,"value":1489,"marks":1490,"data":1491},"While we’re offloading a lot to SaaS providers, we aren’t offloading everything. You still need to take care of your responsibilities, even though they’re now quite limited.",[],{},{"nodeType":1381,"data":1493,"content":1494},{},[1495],{"nodeType":1293,"value":1496,"marks":1497,"data":1498},"How to handle your responsibilities for managing SaaS risks in your company ",[],{},{"nodeType":1294,"data":1500,"content":1501},{},[1502],{"nodeType":1293,"value":1503,"marks":1504,"data":1505},"So, how do you go about handling these two responsibilities highlighted in the table below?",[],{},{"nodeType":1336,"data":1507,"content":1511},{"target":1508},{"sys":1509},{"id":1510,"type":1341,"linkType":1342},"4jeDpoYQzPmg5TFApeopSA",[],{"nodeType":1513,"data":1514,"content":1515},"ordered-list",{},[1516,1527],{"nodeType":1517,"data":1518,"content":1519},"list-item",{},[1520],{"nodeType":1294,"data":1521,"content":1522},{},[1523],{"nodeType":1293,"value":1524,"marks":1525,"data":1526},"Configuration of the SaaS app ",[],{},{"nodeType":1517,"data":1528,"content":1529},{},[1530],{"nodeType":1294,"data":1531,"content":1532},{},[1533],{"nodeType":1293,"value":1534,"marks":1535,"data":1536},"Manage identity and access controls provided by the app.",[],{},{"nodeType":1418,"data":1538,"content":1539},{},[1540],{"nodeType":1293,"value":1541,"marks":1542,"data":1543},"Configuration of the SaaS app",[],{},{"nodeType":1294,"data":1545,"content":1546},{},[1547],{"nodeType":1293,"value":1548,"marks":1549,"data":1550},"The way application configuration is presented in the NCSC table above is a bit of a red herring for the apps your employees will be self-adopting. The vast majority of SaaS apps (and especially self-adopted apps) allow very little, if any, security relevant configuration. ",[],{},{"nodeType":1294,"data":1552,"content":1553},{},[1554],{"nodeType":1293,"value":1555,"marks":1556,"data":1557},"Sure, the big core apps like Salesforce, Google Workspace, Microsoft 365 do (and often require a dedicated team or partner to run them), but they are highly unlikely to be self-adopted by employees. ",[],{},{"nodeType":1294,"data":1559,"content":1560},{},[1561],{"nodeType":1293,"value":1562,"marks":1563,"data":1564},"The issues that are likely to lead to a compromise are more likely to be related to the individual accounts on the app, rather than the app configuration - so in practice there may be little to do in terms of hardening most self-managed apps.",[],{},{"nodeType":1418,"data":1566,"content":1567},{},[1568],{"nodeType":1293,"value":1569,"marks":1570,"data":1571},"Manage identity and access controls, like MFA, provided by the app\n",[],{},{"nodeType":1294,"data":1573,"content":1574},{},[1575],{"nodeType":1293,"value":1576,"marks":1577,"data":1578},"You have a few options for handling this one. We’ll go through the key areas below:",[],{},{"nodeType":1513,"data":1580,"content":1581},{},[1582],{"nodeType":1517,"data":1583,"content":1584},{},[1585],{"nodeType":1294,"data":1586,"content":1587},{},[1588,1593],{"nodeType":1293,"value":1589,"marks":1590,"data":1592},"SSO",[1591],{"type":1479},{},{"nodeType":1293,"value":1594,"marks":1595,"data":1596},": Better yet, if there’s a way to tuck the app behind SSO, do it! SAML SSO is the ideal, gold standard solution for managing your SaaS security risks. The big issue is that very, very few apps, particularly the smaller ones most of the employees in your company will be signing up for, offer SSO integrations. ",[],{},{"nodeType":1294,"data":1598,"content":1599},{},[1600],{"nodeType":1293,"value":1601,"marks":1602,"data":1604},"When we looked at the apps we cover, only 30% of them offered SAML SSO integrations. ",[1603],{"type":1479},{},{"nodeType":1294,"data":1606,"content":1607},{},[1608,1612,1617],{"nodeType":1293,"value":1609,"marks":1610,"data":1611},"Making things worse, of those few apps that ",[],{},{"nodeType":1293,"value":1613,"marks":1614,"data":1616},"did ",[1615],{"type":312},{},{"nodeType":1293,"value":1618,"marks":1619,"data":1620},"offer SAML SSO as a feature, they offered it as a paid feature that you can only access at a high pricing tier, typically Enterprise or the highest pricing tier. Many more apps offer social logins (aka OIDC SSO), and while this is not quite as good as SAML, for most organizations this is a far better option compared to local passwords for each SaaS app!",[],{},{"nodeType":1294,"data":1622,"content":1623},{},[1624],{"nodeType":1293,"value":1625,"marks":1626,"data":1627},"You’ve probably heard mutterings about this before and it’s even got its own site, called SSO tax, which gives you a sense of the huge number of apps without SSO integrations. See a screenshot of the site below:",[],{},{"nodeType":1336,"data":1629,"content":1633},{"target":1630},{"sys":1631},{"id":1632,"type":1341,"linkType":1342},"71LeJlkZLWAr2rMN7Izam3",[],{"nodeType":1294,"data":1635,"content":1636},{},[1637,1641,1652],{"nodeType":1293,"value":1638,"marks":1639,"data":1640},"At the moment, this means SAML SSO isn’t a practical option for most apps. We wrote much more on this ",[],{},{"nodeType":1352,"data":1642,"content":1646},{"target":1643},{"sys":1644},{"id":1645,"type":1341,"linkType":1342},"tkUfN6TKuYyVNYDpsGWrE",[1647],{"nodeType":1293,"value":1648,"marks":1649,"data":1651},"here",[1650],{"type":1411},{},{"nodeType":1293,"value":1653,"marks":1654,"data":1655}," as well.",[],{},{"nodeType":1294,"data":1657,"content":1658},{},[1659,1663,1668,1672,1682],{"nodeType":1293,"value":1660,"marks":1661,"data":1662},"2.",[],{},{"nodeType":1293,"value":1664,"marks":1665,"data":1667}," Encourage the other type of SSO — social logins",[1666],{"type":1479},{},{"nodeType":1293,"value":1669,"marks":1670,"data":1671},": It's also smart to make your policy towards OIDC SSO a.k.a. Social Logins (“login with Google” or “login with Microsoft”) clear. Our advice is you should prefer social logins over usernames and passwords wherever possible. Read more about that ",[],{},{"nodeType":1352,"data":1673,"content":1677},{"target":1674},{"sys":1675},{"id":1676,"type":1341,"linkType":1342},"1pbtctbbJRqLuz8dOsecOt",[1678],{"nodeType":1293,"value":1648,"marks":1679,"data":1681},[1680],{"type":1411},{},{"nodeType":1293,"value":1683,"marks":1684,"data":1685},".",[],{},{"nodeType":1294,"data":1687,"content":1688},{},[1689,1693,1698],{"nodeType":1293,"value":1690,"marks":1691,"data":1692},"3.",[],{},{"nodeType":1293,"value":1694,"marks":1695,"data":1697}," Employee trainings and education: ",[1696],{"type":1479},{},{"nodeType":1293,"value":1699,"marks":1700,"data":1701},"Of course, you’ll want to (and typically, you’ll be required to) do regular security training for your employees.",[],{},{"nodeType":1294,"data":1703,"content":1704},{},[1705,1709,1720,1725],{"nodeType":1293,"value":1706,"marks":1707,"data":1708},"If nothing else, make sure employees understand ",[],{},{"nodeType":1352,"data":1710,"content":1714},{"target":1711},{"sys":1712},{"id":1713,"type":1341,"linkType":1342},"5Zy1Kj162pY69NT6001gAa",[1715],{"nodeType":1293,"value":1716,"marks":1717,"data":1719},"the value and impact of MFA",[1718],{"type":1411},{},{"nodeType":1293,"value":1721,"marks":1722,"data":1724}," ",[1723],{"type":1479},{},{"nodeType":1293,"value":1726,"marks":1727,"data":1728},"and other identity access management tools.",[],{},{"nodeType":1381,"data":1730,"content":1731},{},[1732],{"nodeType":1293,"value":1733,"marks":1734,"data":1735},"Doesn’t delegating my responsibility increase SaaS security risks?",[],{},{"nodeType":1294,"data":1737,"content":1738},{},[1739],{"nodeType":1293,"value":1740,"marks":1741,"data":1742},"While delegating security responsibilities is great and takes a huge load off your security team, you need to consider who you’re delegating it to. ",[],{},{"nodeType":1294,"data":1744,"content":1745},{},[1746],{"nodeType":1293,"value":1747,"marks":1748,"data":1749},"This is what’s sometimes understood as supply chain security or third party risk management. You need to trust the SaaS provider to uphold their end of the bargain and, more often than not, also the SaaS/cloud vendors they use (their sub-processors) as well.",[],{},{"nodeType":1294,"data":1751,"content":1752},{},[1753],{"nodeType":1293,"value":1754,"marks":1755,"data":1756},"This sounds a lot scarier than it is. Many SaaS providers do a great job - they provide easy-to-audit, externally-verified, policies through a framework such as SOC2, and most do regular penetration tests and have bug bounty programs, etc.",[],{},{"nodeType":1294,"data":1758,"content":1759},{},[1760],{"nodeType":1293,"value":1761,"marks":1762,"data":1763},"And, before you panic about having to do a full security audit of every one of those hundreds of SaaS providers, know that there are tools that can help with this, which we’ll talk more about at the end of this article.",[],{},{"nodeType":1381,"data":1765,"content":1766},{},[1767],{"nodeType":1293,"value":1768,"marks":1769,"data":1770},"How to determine if you can live with the risk  ",[],{},{"nodeType":1294,"data":1772,"content":1773},{},[1774],{"nodeType":1293,"value":1775,"marks":1776,"data":1777},"Here are a few things you might consider when you assess third-party risk: ",[],{},{"nodeType":1779,"data":1780,"content":1781},"unordered-list",{},[1782,1806],{"nodeType":1517,"data":1783,"content":1784},{},[1785,1793],{"nodeType":1294,"data":1786,"content":1787},{},[1788],{"nodeType":1293,"value":1789,"marks":1790,"data":1792},"The data going into these apps is simply too sensitive. ",[1791],{"type":1479},{},{"nodeType":1779,"data":1794,"content":1795},{},[1796],{"nodeType":1517,"data":1797,"content":1798},{},[1799],{"nodeType":1294,"data":1800,"content":1801},{},[1802],{"nodeType":1293,"value":1803,"marks":1804,"data":1805},"Many organizations have very sensitive data, customer information or intellectual property (IP) that they simply aren’t willing to entrust to a third party. ",[],{},{"nodeType":1517,"data":1807,"content":1808},{},[1809,1817],{"nodeType":1294,"data":1810,"content":1811},{},[1812],{"nodeType":1293,"value":1813,"marks":1814,"data":1816},"The app requests administrative access to sensitive systems ",[1815],{"type":1479},{},{"nodeType":1779,"data":1818,"content":1819},{},[1820],{"nodeType":1517,"data":1821,"content":1822},{},[1823],{"nodeType":1294,"data":1824,"content":1825},{},[1826],{"nodeType":1293,"value":1827,"marks":1828,"data":1829},"You may not want to trust a third party with administrative access to critical IT systems",[],{},{"nodeType":1294,"data":1831,"content":1832},{},[1833],{"nodeType":1293,"value":1834,"marks":1835,"data":1836},"If the sensitive data in the app or the access the app has represents some significant (but not unacceptable) risk, you may consider:",[],{},{"nodeType":1779,"data":1838,"content":1839},{},[1840],{"nodeType":1517,"data":1841,"content":1842},{},[1843,1855],{"nodeType":1294,"data":1844,"content":1845},{},[1846,1851],{"nodeType":1293,"value":1847,"marks":1848,"data":1850},"The vendor has a string of repeated breaches or security incidents",[1849],{"type":1479},{},{"nodeType":1293,"value":1852,"marks":1853,"data":1854},". ",[],{},{"nodeType":1779,"data":1856,"content":1857},{},[1858],{"nodeType":1517,"data":1859,"content":1860},{},[1861],{"nodeType":1294,"data":1862,"content":1863},{},[1864],{"nodeType":1293,"value":1865,"marks":1866,"data":1867},"This is troubling because it’s a fairly common pattern for attackers to breach apps in ways that don’t impact customer information, but then use the information they learn from these breaches to launch far more successful breaches in future and gain access to additional sensitive data. ",[],{},{"nodeType":1294,"data":1869,"content":1870},{},[1871,1875,1884,1888,1897,1900,1909],{"nodeType":1293,"value":1872,"marks":1873,"data":1874},"Consider the string of breaches at ",[],{},{"nodeType":1403,"data":1876,"content":1878},{"uri":1877},"https://www.bleepingcomputer.com/search/?q=lastpass+breach",[1879],{"nodeType":1293,"value":1880,"marks":1881,"data":1883},"LastPass",[1882],{"type":1411},{},{"nodeType":1293,"value":1885,"marks":1886,"data":1887},", ",[],{},{"nodeType":1403,"data":1889,"content":1891},{"uri":1890},"https://www.bleepingcomputer.com/search/?q=okta+breach",[1892],{"nodeType":1293,"value":1893,"marks":1894,"data":1896},"Okta",[1895],{"type":1411},{},{"nodeType":1293,"value":1885,"marks":1898,"data":1899},[],{},{"nodeType":1403,"data":1901,"content":1903},{"uri":1902},"https://www.bleepingcomputer.com/search/?q=twilio+breach",[1904],{"nodeType":1293,"value":1905,"marks":1906,"data":1908},"Twilio",[1907],{"type":1411},{},{"nodeType":1293,"value":1910,"marks":1911,"data":1912}," (and many others) or as a typical example of this.",[],{},{"nodeType":1779,"data":1914,"content":1915},{},[1916,1940,1964],{"nodeType":1517,"data":1917,"content":1918},{},[1919,1927],{"nodeType":1294,"data":1920,"content":1921},{},[1922],{"nodeType":1293,"value":1923,"marks":1924,"data":1926},"The app doesn’t offer adequate security features. ",[1925],{"type":1479},{},{"nodeType":1779,"data":1928,"content":1929},{},[1930],{"nodeType":1517,"data":1931,"content":1932},{},[1933],{"nodeType":1294,"data":1934,"content":1935},{},[1936],{"nodeType":1293,"value":1937,"marks":1938,"data":1939},"You want to see features like MFA, SSO (either social login through OIDC or, ideally, SAML), and bonus points for the ability to enforce these controls. This is especially important on platforms where the data is high-risk.",[],{},{"nodeType":1517,"data":1941,"content":1942},{},[1943,1951],{"nodeType":1294,"data":1944,"content":1945},{},[1946],{"nodeType":1293,"value":1947,"marks":1948,"data":1950},"They operate in a sanctioned country ",[1949],{"type":1479},{},{"nodeType":1779,"data":1952,"content":1953},{},[1954],{"nodeType":1517,"data":1955,"content":1956},{},[1957],{"nodeType":1294,"data":1958,"content":1959},{},[1960],{"nodeType":1293,"value":1961,"marks":1962,"data":1963},"Clearly SaaS providers operating from (or that have close ties with) sanctioned or politically-complicated countries represent additional risk.",[],{},{"nodeType":1517,"data":1965,"content":1966},{},[1967,1975],{"nodeType":1294,"data":1968,"content":1969},{},[1970],{"nodeType":1293,"value":1971,"marks":1972,"data":1974},"The SaaS vendor may not have the resources to adequately protect your sensitive data. ",[1973],{"type":1479},{},{"nodeType":1779,"data":1976,"content":1977},{},[1978],{"nodeType":1517,"data":1979,"content":1980},{},[1981],{"nodeType":1294,"data":1982,"content":1983},{},[1984],{"nodeType":1293,"value":1985,"marks":1986,"data":1987},"Also, question vendors that are so small that it is hard to imagine they can afford to spend significant resources on security. ",[],{},{"nodeType":1294,"data":1989,"content":1990},{},[1991],{"nodeType":1293,"value":1992,"marks":1993,"data":1994},"These are really common apps that integrate with your Google Workspace or Microsoft 365 - they add a feature or help streamline the employee’s workflow but aren’t a fully baked SaaS app with funding, a product and engineering team, or customer support.",[],{},{"nodeType":1381,"data":1996,"content":1997},{},[1998],{"nodeType":1293,"value":1999,"marks":2000,"data":2001},"If you can’t establish trust with a SaaS provider…",[],{},{"nodeType":1294,"data":2003,"content":2004},{},[2005],{"nodeType":1293,"value":2006,"marks":2007,"data":2008},"While the hope is that you can establish enough trust with third-party SaaS providers to allow employees to use the app, there will be exceptions.",[],{},{"nodeType":1418,"data":2010,"content":2011},{},[2012],{"nodeType":1293,"value":2013,"marks":2014,"data":2015},"Guide employees to secure alternatives early, before they invest too much time in a risky platform",[],{},{"nodeType":1294,"data":2017,"content":2018},{},[2019],{"nodeType":1293,"value":2020,"marks":2021,"data":2022},"Obviously, you can block the apps that you’ve deemed too risky for your company’s risk profile, which will reduce the attack surface. However, doing that in a vacuum, without working with the employees who are using (or testing) a SaaS application, can roadblock their work. ",[],{},{"nodeType":1294,"data":2024,"content":2025},{},[2026],{"nodeType":1293,"value":2027,"marks":2028,"data":2029},"While it solves your need for strong SaaS security, if you don’t provide employees with an alternative, more secure app to test, you’re burning all good will with the rest of the company. ",[],{},{"nodeType":1294,"data":2031,"content":2032},{},[2033],{"nodeType":1293,"value":2034,"marks":2035,"data":2036},"Worst case scenario, they’ll work around you to use the tool you removed by using their personal laptop or personal email to log in. ",[],{},{"nodeType":1294,"data":2038,"content":2039},{},[2040],{"nodeType":1293,"value":2041,"marks":2042,"data":2043},"The best path forward is to get into the SaaS adoption process early, as shown in this employee SaaS app adoption workflow: ",[],{},{"nodeType":1336,"data":2045,"content":2049},{"target":2046},{"sys":2047},{"id":2048,"type":1341,"linkType":1342},"6HzSQ8wPVn9RfDSFWGaCh8",[],{"nodeType":1294,"data":2051,"content":2052},{},[2053],{"nodeType":1293,"value":2054,"marks":2055,"data":2056},"The goal is to catch those apps that are high risk, either because the data going into them (or that will be) is high risk or because the app can perform some high-risk action (like managing your inventory or sending emails to customers or your behalf). ",[],{},{"nodeType":1294,"data":2058,"content":2059},{},[2060],{"nodeType":1293,"value":2061,"marks":2062,"data":2063},"By getting in early, you can focus your efforts on these high-risk vendors and apps to make sure they can be trusted with their data. ",[],{},{"nodeType":1294,"data":2065,"content":2066},{},[2067,2071,2081],{"nodeType":1293,"value":2068,"marks":2069,"data":2070},"We’ve written more about this ",[],{},{"nodeType":1352,"data":2072,"content":2076},{"target":2073},{"sys":2074},{"id":2075,"type":1341,"linkType":1342},"6ppEa7WXiKcgLQ9yGn7q3k",[2077],{"nodeType":1293,"value":1648,"marks":2078,"data":2080},[2079],{"type":1411},{},{"nodeType":1293,"value":2082,"marks":2083,"data":2084}," and it’s worth your time to read it, we promise. Blocking simply doesn’t work and it frustrates the team, so please consider this new way of securing SaaS. ",[],{},{"nodeType":1381,"data":2086,"content":2087},{},[2088],{"nodeType":1293,"value":2089,"marks":2090,"data":2091},"Try a tool to automate SaaS account security improvements",[],{},{"nodeType":1294,"data":2093,"content":2094},{},[2095],{"nodeType":1293,"value":2096,"marks":2097,"data":2098},"Check out SaaS security tools that don’t only look at the SaaS provider or the SaaS platform itself, but which also focus on the SaaS account or user identity level. ",[],{},{"nodeType":1294,"data":2100,"content":2101},{},[2102],{"nodeType":1293,"value":2103,"marks":2104,"data":2105},"Once you have visibility into which apps employees are using, you can dig into whether they’re using security features like MFA or using strong passwords. If they're not, use Push to equip them to enable MFA on their own: ",[],{},{"nodeType":1336,"data":2107,"content":2111},{"target":2108},{"sys":2109},{"id":2110,"type":1341,"linkType":1342},"22jQt6xKpBHthBFqYlzKD1",[],{"nodeType":1294,"data":2113,"content":2114},{},[2115],{"nodeType":1293,"value":2116,"marks":2117,"data":2118},"Modern SaaS security solutions like Push can not only give you visibility into that information, but automate the process of reaching out to employees to help them turn on security features or updating weak passwords in a few short clicks.",[],{},{"nodeType":1381,"data":2120,"content":2121},{},[2122],{"nodeType":1293,"value":2123,"marks":2124,"data":2125},"Manage SaaS risk as scale without overburdening your team",[],{},{"nodeType":1294,"data":2127,"content":2128},{},[2129],{"nodeType":1293,"value":2130,"marks":2131,"data":2132},"\nWhen facing a list of hundreds of apps that employees are using in your business, doing due diligence feels like a daunting task. Push can help with this as well.",[],{},{"nodeType":1294,"data":2134,"content":2135},{},[2136],{"nodeType":1293,"value":2137,"marks":2138,"data":2139},"You can classify SaaS apps directly in the Push platform based on:",[],{},{"nodeType":1779,"data":2141,"content":2142},{},[2143,2153],{"nodeType":1517,"data":2144,"content":2145},{},[2146],{"nodeType":1294,"data":2147,"content":2148},{},[2149],{"nodeType":1293,"value":2150,"marks":2151,"data":2152},"the sensitivity of the data they contain",[],{},{"nodeType":1517,"data":2154,"content":2155},{},[2156],{"nodeType":1294,"data":2157,"content":2158},{},[2159],{"nodeType":1293,"value":2160,"marks":2161,"data":2162},"the permissions they've been granted using the Sensitivity level field",[],{},{"nodeType":1294,"data":2164,"content":2165},{},[2166],{"nodeType":1293,"value":2167,"marks":2168,"data":2169},"Then use the Approval status option to capture your decision about an app. ",[],{},{"nodeType":1336,"data":2171,"content":2175},{"target":2172},{"sys":2173},{"id":2174,"type":1341,"linkType":1342},"5rACOqYdUseU5rJqTSkaK5",[],{"nodeType":1294,"data":2177,"content":2178},{},[2179,2183,2194],{"nodeType":1293,"value":2180,"marks":2181,"data":2182},"This helps your team suss out the risk so you can make the right choice, without having to have discussions in side channels. ",[],{},{"nodeType":1352,"data":2184,"content":2188},{"target":2185},{"sys":2186},{"id":2187,"type":1341,"linkType":1342},"1BuDaKpiwwntLe4goObvgb",[2189],{"nodeType":1293,"value":2190,"marks":2191,"data":2193},"Read more about how this works",[2192],{"type":1411},{},{"nodeType":1293,"value":1683,"marks":2195,"data":2196},[],{},"Focus on account and identity security to reduce SaaS risks","You’ve probably locked down the known cloud services your company is using, but what about all those other SaaS apps people in the company are using? \n","2023-08-15T00:00:00.000Z","focus-on-account-security-to-reduce-saas-risks",{"items":2202},[2203,2205],{"sys":2204,"name":1310},{"id":1309},{"sys":2206,"name":2208},{"id":2207},"3pjES4THCIfSAwhGdNwBcy","Identity security",{"items":2210},[2211],{"fullName":2212,"firstName":2213,"jobTitle":2214,"profilePicture":2215},"Sally Soulliere","Sally","Head of Brand & Content",{"url":2216},"https://images.ctfassets.net/y1cdw1ablpvd/7Gh4SbbEj6Zsbd6OzGto8Q/885041a4ddeccc5ef3045c0e22975ef4/T016S22KZ96-U036FPETQRH-330f87708d26-192.jpeg",{"__typename":1314,"sys":2218,"content":2220,"title":2651,"synopsis":2652,"hashTags":118,"publishedDate":2653,"slug":2654,"tagsCollection":2655,"authorsCollection":2661},{"id":2219},"PFohPDnjNsdWymehsCvV6",{"json":2221},{"nodeType":1295,"data":2222,"content":2223},{},[2224,2231,2238,2245,2252,2259,2266,2273,2280,2287,2294,2301,2308,2314,2321,2328,2335,2342,2349,2356,2363,2370,2377,2384,2391,2398,2404,2411,2431,2438,2445,2452,2459,2466,2473,2480,2487,2494,2510,2526,2533,2540,2547,2554,2561,2568,2575,2582,2589,2596,2603,2610,2617,2624,2631],{"nodeType":1381,"data":2225,"content":2226},{},[2227],{"nodeType":1293,"value":2228,"marks":2229,"data":2230},"Introduction",[],{},{"nodeType":1294,"data":2232,"content":2233},{},[2234],{"nodeType":1293,"value":2235,"marks":2236,"data":2237},"SaaS applications have made it incredibly easy for users to quickly sign up and adopt their tools independently. As a result, employees are signing up for the tools they need on their own, without IT approval.  This is a great thing as it allows businesses to embrace innovation and employees to move quickly and be more productive. But the cost of this digital transformation is the emergence of shadow IT. ",[],{},{"nodeType":1294,"data":2239,"content":2240},{},[2241],{"nodeType":1293,"value":2242,"marks":2243,"data":2244},"So, what exactly is shadow IT? ",[],{},{"nodeType":1294,"data":2246,"content":2247},{},[2248],{"nodeType":1293,"value":2249,"marks":2250,"data":2251},"In this article, we’ll define shadow IT and shadow SaaS and talk through some of the serious security risks associated with it and give some actionable guidance on how to manage both shadow IT and its risks. ",[],{},{"nodeType":1294,"data":2253,"content":2254},{},[2255],{"nodeType":1293,"value":2256,"marks":2257,"data":2258},"We’ll be focusing primarily on shadow SaaS, since this is a newer area that organizations need to address with new security methods, policies and tools. ",[],{},{"nodeType":1381,"data":2260,"content":2261},{},[2262],{"nodeType":1293,"value":2263,"marks":2264,"data":2265},"What is shadow IT?",[],{},{"nodeType":1294,"data":2267,"content":2268},{},[2269],{"nodeType":1293,"value":2270,"marks":2271,"data":2272},"Shadow IT is the use of technology, software, applications, or devices within an organization that hasn’t been explicitly approved or given oversight from IT and/or security teams. Usually, individual employees or teams have adopted these tools to streamline processes, enhance productivity, or address specific needs.",[],{},{"nodeType":1294,"data":2274,"content":2275},{},[2276],{"nodeType":1293,"value":2277,"marks":2278,"data":2279},"This article specifically focuses on the SaaS applications portion of shadow IT, also known as “shadow SaaS.”",[],{},{"nodeType":1381,"data":2281,"content":2282},{},[2283],{"nodeType":1293,"value":2284,"marks":2285,"data":2286},"What is shadow SaaS?",[],{},{"nodeType":1294,"data":2288,"content":2289},{},[2290],{"nodeType":1293,"value":2291,"marks":2292,"data":2293},"Shadow SaaS is a subset of shadow IT, specifically focused on — you guessed it — SaaS apps. Shadow SaaS are the SaaS and cloud applications used within an organization without the explicit knowledge or approval of the company’s IT department. ",[],{},{"nodeType":1294,"data":2295,"content":2296},{},[2297],{"nodeType":1293,"value":2298,"marks":2299,"data":2300},"These unmanaged services and apps are added to the company’s attack surface when employees or teams subscribe to and use SaaS applications on their own, bypassing official IT procurement and security processes. ",[],{},{"nodeType":1381,"data":2302,"content":2303},{},[2304],{"nodeType":1293,"value":2305,"marks":2306,"data":2307},"What are the risks of shadow SaaS?",[],{},{"nodeType":1336,"data":2309,"content":2313},{"target":2310},{"sys":2311},{"id":2312,"type":1341,"linkType":1342},"1WaBhoYHNKLEYTxjuCdhon",[],{"nodeType":1418,"data":2315,"content":2316},{},[2317],{"nodeType":1293,"value":2318,"marks":2319,"data":2320},"Bugs and vulnerabilities ",[],{},{"nodeType":1294,"data":2322,"content":2323},{},[2324],{"nodeType":1293,"value":2325,"marks":2326,"data":2327},"The SaaS applications and cloud services that fall under shadow IT don’t always go through proper security testing and assessments. ",[],{},{"nodeType":1294,"data":2329,"content":2330},{},[2331],{"nodeType":1293,"value":2332,"marks":2333,"data":2334},"Many may be bootstrapped tools or apps that are only managed by very small teams and startups who are primarily focused on adding product features, not security features.",[],{},{"nodeType":1294,"data":2336,"content":2337},{},[2338],{"nodeType":1293,"value":2339,"marks":2340,"data":2341},"That means some bugs and vulnerabilities may exist that attackers can exploit to gain access to the sensitive data stored within the app or to gain a foothold into your business by moving laterally through your attack surface.  ",[],{},{"nodeType":1294,"data":2343,"content":2344},{},[2345],{"nodeType":1293,"value":2346,"marks":2347,"data":2348},"There’s always a risk of bugs and vulnerabilities, but the risk is higher when the vendor isn’t investing in security.",[],{},{"nodeType":1418,"data":2350,"content":2351},{},[2352],{"nodeType":1293,"value":2353,"marks":2354,"data":2355},"Data loss and potential compliance violations ",[],{},{"nodeType":1294,"data":2357,"content":2358},{},[2359],{"nodeType":1293,"value":2360,"marks":2361,"data":2362},"The issue with shadow SaaS is that the security team has no knowledge that the platform or app is being used in the company, so they have no idea where company data is being stored. ",[],{},{"nodeType":1294,"data":2364,"content":2365},{},[2366],{"nodeType":1293,"value":2367,"marks":2368,"data":2369},"Without knowing which third-parties have access to company data, the security team aren’t aware what sensitive data could be exposed to attackers. Data leaks, supply chain, and third-party risks are the biggest security issues that result from shadow IT and shadow SaaS. ",[],{},{"nodeType":1294,"data":2371,"content":2372},{},[2373],{"nodeType":1293,"value":2374,"marks":2375,"data":2376},"When it comes to compliance,  you may find you’re not actually complying with data privacy regulations as well as you thought. More and more regulatory compliance standards are enforcing up-to-date SaaS application inventories along with their third-party supplier checklists these days.",[],{},{"nodeType":1418,"data":2378,"content":2379},{},[2380],{"nodeType":1293,"value":2381,"marks":2382,"data":2383},"Lack of support",[],{},{"nodeType":1294,"data":2385,"content":2386},{},[2387],{"nodeType":1293,"value":2388,"marks":2389,"data":2390},"When the IT team doesn’t know which SaaS apps the team is using, they can’t provide support with the tool, when needed. That leaves employees feeling stranded and frustrated as they struggle to troubleshoot on their own. This may even lead to employees being blocked on projects they’re relying on the SaaS app to help with.",[],{},{"nodeType":1381,"data":2392,"content":2393},{},[2394],{"nodeType":1293,"value":2395,"marks":2396,"data":2397},"How to manage shadow IT risks",[],{},{"nodeType":1336,"data":2399,"content":2403},{"target":2400},{"sys":2401},{"id":2402,"type":1341,"linkType":1342},"4CSBmlPhd3rc74ohqIVX9N",[],{"nodeType":1418,"data":2405,"content":2406},{},[2407],{"nodeType":1293,"value":2408,"marks":2409,"data":2410},"Visibility ",[],{},{"nodeType":1294,"data":2412,"content":2413},{},[2414,2418,2427],{"nodeType":1293,"value":2415,"marks":2416,"data":2417},"To properly secure your data and that of your customers, you need to have visibility into all the SaaS applications employees are using, including free trials and apps they’re just testing. We’ve written ",[],{},{"nodeType":1403,"data":2419,"content":2421},{"uri":2420},"https://pushsecurity.com/blog/free-and-trial-saas-applications-are-even-riskier-than-paid-apps/",[2422],{"nodeType":1293,"value":2423,"marks":2424,"data":2426},"an article",[2425],{"type":1411},{},{"nodeType":1293,"value":2428,"marks":2429,"data":2430}," on how to manage the security challenges of freemium and trial apps that’s worth exploring further.",[],{},{"nodeType":1294,"data":2432,"content":2433},{},[2434],{"nodeType":1293,"value":2435,"marks":2436,"data":2437},"There are plenty of modern tools on the market that focus on discovering the SaaS applications and cloud services employees in your company are using. Most also have some level of risk-based data for the apps people are using, so you can make better security decisions about the shadow IT you uncover.",[],{},{"nodeType":1418,"data":2439,"content":2440},{},[2441],{"nodeType":1293,"value":2442,"marks":2443,"data":2444},"Consolidate shadow IT and cloud-based applications",[],{},{"nodeType":1294,"data":2446,"content":2447},{},[2448],{"nodeType":1293,"value":2449,"marks":2450,"data":2451},"Once security and IT teams know about and have an accurate inventory of all the SaaS apps in use (those previously considered “shadow IT” or “shadow SaaS”), they can encourage teams to consolidate their SaaS tools. ",[],{},{"nodeType":1294,"data":2453,"content":2454},{},[2455],{"nodeType":1293,"value":2456,"marks":2457,"data":2458},"For IT and Security, consolidating apps is a huge win because they can focus on making sure that short-list of tools is secure enough for them to continue to use them.",[],{},{"nodeType":1294,"data":2460,"content":2461},{},[2462],{"nodeType":1293,"value":2463,"marks":2464,"data":2465},"For the rest of the company, working within the same tools can aid in collaboration, clear communication and status for ongoing projects.",[],{},{"nodeType":1294,"data":2467,"content":2468},{},[2469],{"nodeType":1293,"value":2470,"marks":2471,"data":2472},"And, of course, Finance will love spending less money on a sea of disparate tools and consolidating the spend on the SaaS applications that are regularly used by the wider team.",[],{},{"nodeType":1418,"data":2474,"content":2475},{},[2476],{"nodeType":1293,"value":2477,"marks":2478,"data":2479},"Offer secure alternatives",[],{},{"nodeType":1294,"data":2481,"content":2482},{},[2483],{"nodeType":1293,"value":2484,"marks":2485,"data":2486},"To consolidate SaaS apps and rein in shadow IT, you’ll need to offer alternative solutions that will solve the problems employees have. Work with them to understand the use cases they’re solving with these apps, identify their requirements, and provide a few tools you’ve already vetted which still serve their needs but are more secure or have security features like SAML SSO so you can tuck them behind your existing SSO solution. ",[],{},{"nodeType":1418,"data":2488,"content":2489},{},[2490],{"nodeType":1293,"value":2491,"marks":2492,"data":2493},"Safely embrace shadow IT",[],{},{"nodeType":1294,"data":2495,"content":2496},{},[2497,2501,2506],{"nodeType":1293,"value":2498,"marks":2499,"data":2500},"We’re not suggesting that security and information technology teams throw their hands up and say “shadow IT will happen and we can’t control it,” but we ",[],{},{"nodeType":1293,"value":2502,"marks":2503,"data":2505},"are ",[2504],{"type":312},{},{"nodeType":1293,"value":2507,"marks":2508,"data":2509},"suggesting that they consider a mindset that balances the needs of the team and their own need to control the security of sensitive information and the organization. ",[],{},{"nodeType":1294,"data":2511,"content":2512},{},[2513,2517,2522],{"nodeType":1293,"value":2514,"marks":2515,"data":2516},"New technologies exist that can help you uncover shadow IT so you can get involved in the software adoption process early on. This will give you the advantage of working with employees to understand why they’re using the tool ",[],{},{"nodeType":1293,"value":2518,"marks":2519,"data":2521},"before they’ve fully adopted it",[2520],{"type":312},{},{"nodeType":1293,"value":2523,"marks":2524,"data":2525}," and become dependent on it. This will also give you more time to risk assess the app once it’s clear that the employee or team needs it. ",[],{},{"nodeType":1294,"data":2527,"content":2528},{},[2529],{"nodeType":1293,"value":2530,"marks":2531,"data":2532},"Some modern SaaS security solutions also help you enable security features like multi-factor authentication (MFA) and guide employees to use strong, unique passwords or social logins (“Login with your Google account” or “Login with Microsoft 365 account”), at the account level. These small, but powerful SaaS account security actions raise the bar for attackers, making it much harder for them to gain a foothold into your systems via an employee’s SaaS account.",[],{},{"nodeType":1381,"data":2534,"content":2535},{},[2536],{"nodeType":1293,"value":2537,"marks":2538,"data":2539},"This is a solvable problem",[],{},{"nodeType":1294,"data":2541,"content":2542},{},[2543],{"nodeType":1293,"value":2544,"marks":2545,"data":2546},"Shadow IT introduces security risks, sometimes serious security risks, but there’s no stopping it — even if Security goes the route of blocking access to SaaS apps that they haven’t yet approved or sanctioned employees will work around these security policies to gain access to the tools they need to do their jobs. ",[],{},{"nodeType":1294,"data":2548,"content":2549},{},[2550],{"nodeType":1293,"value":2551,"marks":2552,"data":2553},"The biggest reasons employees engage in this behavior is to streamline their work and, often, to collaborate with one another in a remote-work environment. Cloud apps enable these things really well, which is why they’re so popular.",[],{},{"nodeType":1294,"data":2555,"content":2556},{},[2557],{"nodeType":1293,"value":2558,"marks":2559,"data":2560},"But shadow IT doesn’t have to be a completely uncontrolled disaster, either. With visibility, security and IT teams can be a powerful ally for the business and a trusted partner for employees, rather than taking on the role of draconian authoritarian. Security teams no longer have to be the Department of No and, in fact, by changing this mindset, Security may find that they have more pull with business leaders within the company.",[],{},{"nodeType":1294,"data":2562,"content":2563},{},[2564],{"nodeType":1293,"value":2565,"marks":2566,"data":2567},"By working with employees, rather than against them, Security and IT become “enablers of the business,” which typically resonates with higher ups. If helping to streamline the cloud-based services the company uses doesn’t get them excited, saving the company money by consolidating tools certainly will.",[],{},{"nodeType":1418,"data":2569,"content":2570},{},[2571],{"nodeType":1293,"value":2572,"marks":2573,"data":2574},"Shadow IT is a visibility problem, not a technology one ",[],{},{"nodeType":1294,"data":2576,"content":2577},{},[2578],{"nodeType":1293,"value":2579,"marks":2580,"data":2581},"The issue with shadow IT isn’t that it exists, it’s that these SaaS apps exist outside of the IT department and security team’s remit — they just don’t know about them. By discovering the apps employees are using, they can integrate these SaaS apps safely into the company’s SaaS estate, alongside all the other tools in the tech stack.",[],{},{"nodeType":1418,"data":2583,"content":2584},{},[2585],{"nodeType":1293,"value":2586,"marks":2587,"data":2588},"Shift IT department and security team mindsets to make an impact",[],{},{"nodeType":1294,"data":2590,"content":2591},{},[2592],{"nodeType":1293,"value":2593,"marks":2594,"data":2595},"Security and IT need to be approachable and transparent with employees as the first step, rather than shaming them for their behavior. They’re not gleefully going behind the information technology team’s back for fun, they’re trying to get their work done quickly. ",[],{},{"nodeType":1294,"data":2597,"content":2598},{},[2599],{"nodeType":1293,"value":2600,"marks":2601,"data":2602},"Asking employees to shift from hiding these SaaS apps from you to being transparent that they’re using them requires a level of mutual trust and respect.  ",[],{},{"nodeType":1418,"data":2604,"content":2605},{},[2606],{"nodeType":1293,"value":2607,"marks":2608,"data":2609},"Become a partner to improve security",[],{},{"nodeType":1294,"data":2611,"content":2612},{},[2613],{"nodeType":1293,"value":2614,"marks":2615,"data":2616},"You will, of course, still have some SaaS apps that are outright not approved because they’re too high-risk for the company’s security policies and, in that case, you’ll want to offer one of those safer alternatives that we mentioned above and offer that as a replacement to users who were using the risky, unsafe tool. ",[],{},{"nodeType":1294,"data":2618,"content":2619},{},[2620],{"nodeType":1293,"value":2621,"marks":2622,"data":2623},"This is much easier to do when you’re seen as a collaborative, friendly team that’s doing the best thing for the company than when you’re the enforcer of rules and policies, which restrict them at every turn. ",[],{},{"nodeType":1294,"data":2625,"content":2626},{},[2627],{"nodeType":1293,"value":2628,"marks":2629,"data":2630},"Building a strong relationship with employees (or repairing the relationship if you’ve previously been seen as the Department of No), takes work and a major shift in the security team’s mindset, but the ramifications are far reaching. By considering how employees feel about the security team and IT department’s decisions, both teams win. The end result should never be that employees make security decisions, however their needs for getting their jobs done needs to be considered as security measures are put in place.",[],{},{"nodeType":1294,"data":2632,"content":2633},{},[2634,2638,2647],{"nodeType":1293,"value":2635,"marks":2636,"data":2637},"The National Cyber Security Centre (NCSC) posted ",[],{},{"nodeType":1403,"data":2639,"content":2641},{"uri":2640},"https://www.ncsc.gov.uk/guidance/shadow-it#:~:text=Avoid%20unnecessary%20lockdowns%20of%20enterprise%20IT",[2642],{"nodeType":1293,"value":2643,"marks":2644,"data":2646},"a great article",[2645],{"type":1411},{},{"nodeType":1293,"value":2648,"marks":2649,"data":2650}," on this topic if you’d like to explore further.",[],{},"Understanding Shadow IT and Shadow SaaS: Definition, security risks, and how to manage it","We’ll define shadow IT, talk through the security risks associated with it and give some actionable guidance on how to manage it.\n","2023-08-30T00:00:00.000Z","understanding-shadow-it",{"items":2656},[2657,2659],{"sys":2658,"name":1306},{"id":1305},{"sys":2660,"name":1310},{"id":1309},{"items":2662},[2663],{"fullName":2212,"firstName":2213,"jobTitle":2214,"profilePicture":2664},{"url":2216},{"items":2666},[2667],{"fullName":2668,"firstName":2669,"jobTitle":2670,"profilePicture":2671},"Tyrone Erasmus","Tyrone","Co-founder / CTO",{"url":2672},"https://images.ctfassets.net/y1cdw1ablpvd/5rkMblymL7lG4pZBiYzWo6/26f0da21be8fc252b13b62aacc22d19d/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-22.jpg",{"json":2674,"links":3181},{"nodeType":1295,"data":2675,"content":2676},{},[2677,2683,2690,2697,2704,2711,2736,2748,2769,2776,2783,2798,2805,2812,2819,2826,2833,2840,2846,2853,2931,2938,2944,2951,2958,2979,2986,2993,3016,3036,3043,3050,3083,3089,3096,3117,3124,3131,3153,3160,3167,3174],{"nodeType":1381,"data":2678,"content":2679},{},[2680],{"nodeType":1293,"value":2228,"marks":2681,"data":2682},[],{},{"nodeType":1294,"data":2684,"content":2685},{},[2686],{"nodeType":1293,"value":2687,"marks":2688,"data":2689},"Employees are signing up to cloud apps on their own every day in their organizations. When they sign up with a password, they have created a new account and a new identity on that app. ",[],{},{"nodeType":1294,"data":2691,"content":2692},{},[2693],{"nodeType":1293,"value":2694,"marks":2695,"data":2696},"Why both? If they had instead clicked on “Signup with Google,” they would have created a new account, but would have been using their Google identity that already exists. ",[],{},{"nodeType":1418,"data":2698,"content":2699},{},[2700],{"nodeType":1293,"value":2701,"marks":2702,"data":2703},"Types of identities",[],{},{"nodeType":1294,"data":2705,"content":2706},{},[2707],{"nodeType":1293,"value":2708,"marks":2709,"data":2710},"This informally introduces the concept of an identity provider - a place that stores primary identity information (including email address, password and other profile information).",[],{},{"nodeType":1294,"data":2712,"content":2713},{},[2714,2718,2723,2727,2732],{"nodeType":1293,"value":2715,"marks":2716,"data":2717},"When someone creates a new account with a password, a new ",[],{},{"nodeType":1293,"value":2719,"marks":2720,"data":2722},"local identity",[2721],{"type":312},{},{"nodeType":1293,"value":2724,"marks":2725,"data":2726}," has been created. In contrast, they probably use a ",[],{},{"nodeType":1293,"value":2728,"marks":2729,"data":2731},"centralized identity",[2730],{"type":312},{},{"nodeType":1293,"value":2733,"marks":2734,"data":2735}," to access business email and other core business apps. This means that the number of accounts and number of identities that an employee has are probably different.",[],{},{"nodeType":1294,"data":2737,"content":2738},{},[2739,2744],{"nodeType":1293,"value":2740,"marks":2741,"data":2743},"Local identities",[2742],{"type":312},{},{"nodeType":1293,"value":2745,"marks":2746,"data":2747}," are often unknown by security/IT teams as there are no easy observation points for them. These local identities, which employees create to sign up for new tools that help them with their job, can also open the door to potential breaches if not secured properly. ",[],{},{"nodeType":1294,"data":2749,"content":2750},{},[2751,2755,2765],{"nodeType":1293,"value":2752,"marks":2753,"data":2754},"In the ",[],{},{"nodeType":1352,"data":2756,"content":2759},{"target":2757},{"sys":2758},{"id":1316,"type":1341,"linkType":1342},[2760],{"nodeType":1293,"value":2761,"marks":2762,"data":2764},"shared responsibility model",[2763],{"type":1411},{},{"nodeType":1293,"value":2766,"marks":2767,"data":2768}," of cloud security, most apps only require that organizations secure user accounts and the vendor takes care of the rest. But how do security teams secure identities that they don’t even know about? ",[],{},{"nodeType":1294,"data":2770,"content":2771},{},[2772],{"nodeType":1293,"value":2773,"marks":2774,"data":2775},"In this blog post, we'll delve into the world of shadow identities and how security teams can find and secure them.",[],{},{"nodeType":1381,"data":2777,"content":2778},{},[2779],{"nodeType":1293,"value":2780,"marks":2781,"data":2782},"What is a shadow identity? ",[],{},{"nodeType":1294,"data":2784,"content":2785},{},[2786,2790,2794],{"nodeType":1293,"value":2787,"marks":2788,"data":2789},"A shadow identity",[],{},{"nodeType":1293,"value":1721,"marks":2791,"data":2793},[2792],{"type":1479},{},{"nodeType":1293,"value":2795,"marks":2796,"data":2797},"is an identity a security/IT team is not aware of. Most often (but not exclusively) these exist outside IT-managed identity providers as local accounts on SaaS apps. ",[],{},{"nodeType":1294,"data":2799,"content":2800},{},[2801],{"nodeType":1293,"value":2802,"marks":2803,"data":2804},"These shadow identities introduce risk to the organization. However, once an organization’s security/IT function has visibility of an identity on an ongoing basis it is no-longer a \"shadow identity,\" and becomes just a normal identity - even if it’s on a third-party app.",[],{},{"nodeType":1418,"data":2806,"content":2807},{},[2808],{"nodeType":1293,"value":2809,"marks":2810,"data":2811},"Where do centralized identities fit in? ",[],{},{"nodeType":1294,"data":2813,"content":2814},{},[2815],{"nodeType":1293,"value":2816,"marks":2817,"data":2818},"Most organizations have a central identity provider (e.g. AzureAD/Google Directory/Okta) that stores login credentials and profile information for each employee. Most organizations strive to connect their identity provider (IdP) to all the apps they use. ",[],{},{"nodeType":1294,"data":2820,"content":2821},{},[2822],{"nodeType":1293,"value":2823,"marks":2824,"data":2825},"It’s a noble goal because it allows efforts to be focused on securing only a single set of credentials and MFA per employee. However, the reality is that this isn’t practical and there are many reasons why each employee only having only a single identity is only a dream (it’s a good one though!). More on this later.",[],{},{"nodeType":1381,"data":2827,"content":2828},{},[2829],{"nodeType":1293,"value":2830,"marks":2831,"data":2832},"Understanding shadow identity security risks",[],{},{"nodeType":1294,"data":2834,"content":2835},{},[2836],{"nodeType":1293,"value":2837,"marks":2838,"data":2839},"Since shadow identities (or shadow cloud identities) cannot get the same level of security attention as IT-managed identities because they’re unknown, they’re usually not as tightly secured as other identities in the business. ",[],{},{"nodeType":1336,"data":2841,"content":2845},{"target":2842},{"sys":2843},{"id":2844,"type":1341,"linkType":1342},"35WMjPHXP2v0qtEaUMIBAS",[],{"nodeType":1294,"data":2847,"content":2848},{},[2849],{"nodeType":1293,"value":2850,"marks":2851,"data":2852},"Common security risks in shadow identities:",[],{},{"nodeType":1779,"data":2854,"content":2855},{},[2856,2871,2886,2901,2916],{"nodeType":1517,"data":2857,"content":2858},{},[2859],{"nodeType":1294,"data":2860,"content":2861},{},[2862,2867],{"nodeType":1293,"value":2863,"marks":2864,"data":2866},"Weak password",[2865],{"type":1479},{},{"nodeType":1293,"value":2868,"marks":2869,"data":2870}," - they could be using a really basic password like the person’s name or some other dictionary word (or some combination that gets accepted by the complexity checks on the app e.g. Password1!).",[],{},{"nodeType":1517,"data":2872,"content":2873},{},[2874],{"nodeType":1294,"data":2875,"content":2876},{},[2877,2882],{"nodeType":1293,"value":2878,"marks":2879,"data":2881},"Leaked password",[2880],{"type":1479},{},{"nodeType":1293,"value":2883,"marks":2884,"data":2885}," - the password used has been leaked in a public data breach. Attackers often attempt to gain access to accounts using leaked passwords. This attack is called “credential stuffing.”",[],{},{"nodeType":1517,"data":2887,"content":2888},{},[2889],{"nodeType":1294,"data":2890,"content":2891},{},[2892,2897],{"nodeType":1293,"value":2893,"marks":2894,"data":2896},"Reused passwords",[2895],{"type":1479},{},{"nodeType":1293,"value":2898,"marks":2899,"data":2900}," - the password set is used across other identities. This means that if an attacker got access to one password (via phishing or other means), they would be able to access more than one identity or app.",[],{},{"nodeType":1517,"data":2902,"content":2903},{},[2904],{"nodeType":1294,"data":2905,"content":2906},{},[2907,2912],{"nodeType":1293,"value":2908,"marks":2909,"data":2911},"No MFA",[2910],{"type":1479},{},{"nodeType":1293,"value":2913,"marks":2914,"data":2915}," - no multifactor authentication is enabled on the account. This means that any of the above problems could lead to a direct compromise without any additional hindrances.",[],{},{"nodeType":1517,"data":2917,"content":2918},{},[2919],{"nodeType":1294,"data":2920,"content":2921},{},[2922,2927],{"nodeType":1293,"value":2923,"marks":2924,"data":2926},"No authentication logs ",[2925],{"type":1479},{},{"nodeType":1293,"value":2928,"marks":2929,"data":2930},"- on centralized identities, it’s possible to see the app an identity was used on, the geographical location of the user and even the device. Contextual information like this would obviously not be available to the security/IT team for a shadow identity, so detecting compromises from unusual or suspicious activity is not possible.",[],{},{"nodeType":1381,"data":2932,"content":2933},{},[2934],{"nodeType":1293,"value":2935,"marks":2936,"data":2937},"Managing shadow identity and shadow cloud identity risk ",[],{},{"nodeType":1336,"data":2939,"content":2943},{"target":2940},{"sys":2941},{"id":2942,"type":1341,"linkType":1342},"34SORjKga52MSgBaZddxGJ",[],{"nodeType":1418,"data":2945,"content":2946},{},[2947],{"nodeType":1293,"value":2948,"marks":2949,"data":2950},"Get visibility to bring identities out of the shadows",[],{},{"nodeType":1294,"data":2952,"content":2953},{},[2954],{"nodeType":1293,"value":2955,"marks":2956,"data":2957},"This goes for existing identities or new ones being created. Having visibility is the first step - nothing can be secured if neither security nor IT can see them. Visibility allows organizations to start managing the risks these identities introduce.",[],{},{"nodeType":1294,"data":2959,"content":2960},{},[2961,2965,2975],{"nodeType":1293,"value":2962,"marks":2963,"data":2964},"We think the best source of discovering identities is a browser extension. Read ",[],{},{"nodeType":1352,"data":2966,"content":2970},{"target":2967},{"sys":2968},{"id":2969,"type":1341,"linkType":1342},"19dT3oWX2H3EYtZIT3J5UO",[2971],{"nodeType":1293,"value":2972,"marks":2973,"data":2974},"our post ",[],{},{"nodeType":1293,"value":2976,"marks":2977,"data":2978},"on the pros and cons of this approach. ",[],{},{"nodeType":1418,"data":2980,"content":2981},{},[2982],{"nodeType":1293,"value":2983,"marks":2984,"data":2985},"Centralize identities as far as possible",[],{},{"nodeType":1294,"data":2987,"content":2988},{},[2989],{"nodeType":1293,"value":2990,"marks":2991,"data":2992},"The ideal number of identities per employee is 1. However, there are quite a few reasons why this will not be possible. Here’s just a few:",[],{},{"nodeType":1779,"data":2994,"content":2995},{},[2996,3006],{"nodeType":1517,"data":2997,"content":2998},{},[2999],{"nodeType":1294,"data":3000,"content":3001},{},[3002],{"nodeType":1293,"value":3003,"marks":3004,"data":3005},"SSO tax - a practice where vendors put SSO support as part of their “Enterprise” tiers which are a lot more expensive (and usually bundled with unneeded features)",[],{},{"nodeType":1517,"data":3007,"content":3008},{},[3009],{"nodeType":1294,"data":3010,"content":3011},{},[3012],{"nodeType":1293,"value":3013,"marks":3014,"data":3015},"Lack of support - our research shows that 69% of the top 500 apps don’t even offer SAML SSO support at any license tier.",[],{},{"nodeType":1294,"data":3017,"content":3018},{},[3019,3023,3032],{"nodeType":1293,"value":3020,"marks":3021,"data":3022},"On apps where SAML SSO support is not possible, we encourage organizations to make use of OIDC logins (“Login with Google” for Google Workspace customers). This lacks some of the manageability of SAML, but still makes use of the company’s Google identity - which is MUCH better than creating a new local identity using a password. We’ve written about this in more detail ",[],{},{"nodeType":1352,"data":3024,"content":3027},{"target":3025},{"sys":3026},{"id":1676,"type":1341,"linkType":1342},[3028],{"nodeType":1293,"value":1648,"marks":3029,"data":3031},[3030],{"type":1411},{},{"nodeType":1293,"value":3033,"marks":3034,"data":3035},". Centralizing identities is an essential part of a good IAM governance and compliance initiative.",[],{},{"nodeType":1418,"data":3037,"content":3038},{},[3039],{"nodeType":1293,"value":3040,"marks":3041,"data":3042},"If centralizing isn’t an option, secure them",[],{},{"nodeType":1294,"data":3044,"content":3045},{},[3046],{"nodeType":1293,"value":3047,"marks":3048,"data":3049},"If security teams can’t use a centralized identity for whatever reason, ensure the newly created one is secured to reduce risk. To do this:",[],{},{"nodeType":1779,"data":3051,"content":3052},{},[3053,3063,3073],{"nodeType":1517,"data":3054,"content":3055},{},[3056],{"nodeType":1294,"data":3057,"content":3058},{},[3059],{"nodeType":1293,"value":3060,"marks":3061,"data":3062},"Use a strong, unique password stored in a password manager",[],{},{"nodeType":1517,"data":3064,"content":3065},{},[3066],{"nodeType":1294,"data":3067,"content":3068},{},[3069],{"nodeType":1293,"value":3070,"marks":3071,"data":3072},"Enable MFA. Bonus points for a strong method like WebAuthn (if you have a Mac, look at that lovely fingerprint reader). TOTP is still totally fine.",[],{},{"nodeType":1517,"data":3074,"content":3075},{},[3076],{"nodeType":1294,"data":3077,"content":3078},{},[3079],{"nodeType":1293,"value":3080,"marks":3081,"data":3082},"Engage directly with employees to help them do the above. We recommend that this process be automated to make it manageable for security and IT teams. For example:",[],{},{"nodeType":1336,"data":3084,"content":3088},{"target":3085},{"sys":3086},{"id":3087,"type":1341,"linkType":1342},"6LlNqtWam4jtXbxMcEbabB",[],{"nodeType":1418,"data":3090,"content":3091},{},[3092],{"nodeType":1293,"value":3093,"marks":3094,"data":3095},"Keep authentication logs centrally",[],{},{"nodeType":1294,"data":3097,"content":3098},{},[3099,3103,3113],{"nodeType":1293,"value":3100,"marks":3101,"data":3102},"The ability to see what app a user has logged into, from which device and location is invaluable during an incident. Identity providers allow security teams to stream logs to their favorite security analytics tools, but identities outside of it will not be possible to monitor. Unless Security have a separate data source that allows them to see authentication activity (I’m looking at you, ",[],{},{"nodeType":1352,"data":3104,"content":3107},{"target":3105},{"sys":3106},{"id":2969,"type":1341,"linkType":1342},[3108],{"nodeType":1293,"value":3109,"marks":3110,"data":3112},"browser extension",[3111],{"type":1411},{},{"nodeType":1293,"value":3114,"marks":3115,"data":3116},"). ",[],{},{"nodeType":1294,"data":3118,"content":3119},{},[3120],{"nodeType":1293,"value":3121,"marks":3122,"data":3123},"Expanding coverage to shadow identities will allow organizations to expand their monitoring use cases and better cover risks on apps that can’t be hooked into SSO. This will also go a long way in helping with compliance and IAM governance, so it’s a win-win.",[],{},{"nodeType":1418,"data":3125,"content":3126},{},[3127],{"nodeType":1293,"value":3128,"marks":3129,"data":3130},"Have an incident response plan ",[],{},{"nodeType":1294,"data":3132,"content":3133},{},[3134,3138,3149],{"nodeType":1293,"value":3135,"marks":3136,"data":3137},"Develop a comprehensive incident response (IR) plan that outlines steps to take if a shadow identity has been compromised. This will help Security respond swiftly and mitigate damage. Here’s ",[],{},{"nodeType":1352,"data":3139,"content":3143},{"target":3140},{"sys":3141},{"id":3142,"type":1341,"linkType":1342},"14NiRrBrLFVkR8h05RCD7F",[3144],{"nodeType":1293,"value":3145,"marks":3146,"data":3148},"some guidance",[3147],{"type":1411},{},{"nodeType":1293,"value":3150,"marks":3151,"data":3152}," on how to create one for SaaS accounts. ",[],{},{"nodeType":1381,"data":3154,"content":3155},{},[3156],{"nodeType":1293,"value":3157,"marks":3158,"data":3159},"Conclusion",[],{},{"nodeType":1294,"data":3161,"content":3162},{},[3163],{"nodeType":1293,"value":3164,"marks":3165,"data":3166},"Shadow identities and shadow cloud identities are a risk to the business simply because they’re unknown to the security/IT team. If these groups lack visibility on identities outside of their main identity provider, their impact on the company’s overall security posture is unknown. ",[],{},{"nodeType":1294,"data":3168,"content":3169},{},[3170],{"nodeType":1293,"value":3171,"marks":3172,"data":3173},"However, once spotted using the right data source, identities and accounts that were previously unknown can be monitored just like any other asset.",[],{},{"nodeType":1294,"data":3175,"content":3176},{},[3177],{"nodeType":1293,"value":3178,"marks":3179,"data":3180},"By understanding what shadow identities are and implementing proactive security measures, security teams can minimize the risks they pose to their organizations and customers.",[],{},{"entries":3182},{"inline":3183,"hyperlink":3184,"block":3199},[],[3185,3187,3191,3195],{"sys":3186,"__typename":1314,"title":2197,"slug":2200},{"id":1316},{"sys":3188,"__typename":1314,"title":3189,"slug":3190},{"id":2969},"Want to discover the full extent of your SaaS sprawl? Embrace browser extensions ","want-to-discover-the-full-extent-of-your-saas-sprawl-embrace-browser",{"sys":3192,"__typename":1314,"title":3193,"slug":3194},{"id":1676},"Should I let my employees login with their work Google account?","should-i-let-my-employees-login-with-their-work-google-account",{"sys":3196,"__typename":1314,"title":3197,"slug":3198},{"id":3142},"How to kick off an incident response investigation for a compromised SaaS account","how-to-kick-off-an-incident-response-investigation-for-a-compromised-saas",[3200,3209,3217],{"sys":3201,"__typename":3202,"title":3203,"caption":3204,"layoutMode":118,"file":3205},{"id":2844},"Image","Shadow identity risks","The risks of shadow identities",{"url":3206,"width":3207,"height":3208},"https://images.ctfassets.net/y1cdw1ablpvd/5xapR3DnQgRa58qpgKEkNN/57c124664fa57d8576f945e4be931707/image1.png",1590,894,{"sys":3210,"__typename":3202,"title":3211,"caption":3212,"layoutMode":118,"file":3213},{"id":2942},"Manage shadow identity risks","Guidance for managing the risks shadow identities present",{"url":3214,"width":3215,"height":3216},"https://images.ctfassets.net/y1cdw1ablpvd/3Cdux9BCTCgDMVVyBqGyXM/f72f4c7f0a05f19b094999a3db860cea/image2.png",1588,892,{"sys":3218,"__typename":3202,"title":3219,"caption":3220,"layoutMode":118,"file":3221},{"id":3087},"Password reuse chatops","In Push, admins can push out notifications to employees via Slack or Teams with easily understandable, non-technical instructions to improve the security of their account",{"url":3222,"width":3223,"height":3224},"https://images.ctfassets.net/y1cdw1ablpvd/1aMdatiFBkOodiOPMLIu3J/81b92634084bef4e02c75e00b6dcedf7/image3.png",1284,921,"content:blog:what-are-shadow-identities.json","json","content","blog/what-are-shadow-identities.json","blog/what-are-shadow-identities",1776359990975]