Blog

Today we're launching a bold new identity for Push. Take a look behind the scenes

An employee has added a new integration to your Azure tenant or Google Workspace. How do you assess risk? We’ll cover a few techniques in this article.

This article covers common ways an app could lead to compromise in Microsoft Azure, and what to look out for when determining risk to your organization.

Password expirations are still commonly recommended, but most security pros agree that they lead to more predictable passwords. Here's what to do instead.

Here's what's new on the Push platform this month.

Attackers have loads of persistence options in an endpoint compromise scenario, but what changes in a SaaS-first world? We talk new attack methods in this post.

Learn about the benefits and risks of SaaS integrations and get tips for how to manage the risks.

Is logging in with Google or Microsoft secure? Yes, with caveats.

We address some of the biggest changes to the Cyber Essentials technical controls and offer guidance about how to handle these new questions.

We'll walk through how to quickly detect and mitigate business email compromise (BEC) and then prevent future attacks.

Here’s what’s new on the Push platform this month.

Learn how to manage SaaS in a way that keeps employees productive and doesn't compromise privacy.

Learn some lightweight ways to manage the risks SaaS introduces without relying on restrictive policies that block employees from using their preferred tools.

In this guide, we’ll break down some major SaaS use cases and match them up with solutions that can address them, covering pros and cons for each.

Yesterday, we announced our official launch and what Push Security is all about following our $4m series seed.

We’re excited to announce our $4M seed round, led by Decibel. See how we’re building tech that allows companies to let employees freely & securely adopt SaaS.

Launches solution that finds SaaS apps employees are using and guides them to fix issues

Find out the latest features available on the Push platform.

Microsoft is starting to roll out Security Defaults for Azure AD for those who haven’t turned them on yet. Here’s what you need to know.

We’ve compiled some methods for discovering SaaS. Lets explore each approach and learn new ways to discover unknown SaaS, capture SaaS use, and secure it.

How do you find a malicious Microsoft 365 OAuth app? Learn what to look for, and what to ignore, when checking your users haven't been consent phished.

Introduction to OAuth tokens in Google Workspace, how they are used, reasons you might want to review them, and a discussion of how you might go about it.

Consent phishing is an emerging technique attackers are using to compromise user accounts, even if they have Multi-factor Authentication (MFA or 2FA) enabled.

A story by the owner of an Engineering company on how they almost lost millions from a Business Email Compromise (BEC) style attack. An interesting BEC example.

After phishing campaigns target Office 365 and Google Workspace users, malicious mail rules are automatically added to the user’s mailbox. Take steps to defend.

External email auto-forwarding is a feature but also a risk; learn whether you should disable it, and, if you can't, how to manage the risk through detection.

We built Push to help small and medium-sized organisations get security done, in the easiest, lowest friction way possible.

Conditional Access, Security Defaults, or Legacy? Figuring out how to deploy MFA in Microsoft 365 can be complex. This post summarises your options.

Why Multi-Factor Authentication (MFA aka 2FA) is so useful for small and medium-sized businesses, and how to deploy it successfully.

SMS, Authenticator apps, Security Keys, and more! We compare them from a user experience, security, cost, and security aspect.