Product
Use cases
Get real-time visibility of SaaS use
Prevent the most common SaaS attacks
Manage third-party supply chain risk
Automate fixes, free your security team
Pricing
Blog
About
Help center
Get Started
Login
Blog
Company news
Pushing Push Forward
Today we're launching a bold new identity for Push. Take a look behind the scenes
Read more
All
Company news
Incident response
Risk Management
SaaS attack methods
Account security
Release notes
OAuth
Asset discovery
Cloud security
Consent phishing
Shadow IT
user-centric security
Email security
Case studies
5 min read
Pushing Push Forward
Today we're launching a bold new identity for Push. Take a look behind the scenes
Sally Soulliere
24 Mar 2023
Company news
11 min read
An investigation guide for assessing app-to-app OAuth integration risk
An employee has added a new integration to your Azure tenant or Google Workspace. How do you assess risk? We’ll cover a few techniques in this article.
Luke Jennings
15 Mar 2023
Incident response
Risk Management
16 min read
How attackers compromise Azure organizations through SaaS apps
This article covers common ways an app could lead to compromise in Microsoft Azure, and what to look out for when determining risk to your organization.
Johann Scheepers
3 Jan 2023
Incident response
SaaS attack methods
3 min read
Password expirations don’t work. Try these best practices instead.
Password expirations are still commonly recommended, but most security pros agree that they lead to more predictable passwords. Here's what to do instead.
Tyrone Erasmus
15 Dec 2022
Account security
Risk Management
3 min read
Product Release: December 2022
Here's what's new on the Push platform this month.
Andy Waugh
8 Dec 2022
Release notes
11 min read
Maintaining persistent access in a SaaS-first world
Attackers have loads of persistence options in an endpoint compromise scenario, but what changes in a SaaS-first world? We talk new attack methods in this post.
Luke Jennings
29 Nov 2022
SaaS attack methods
12 min read
Is it safe to allow my employees to connect third-party apps to our M365/Google...
Learn about the benefits and risks of SaaS integrations and get tips for how to manage the risks.
Luke Jennings
12 Oct 2022
OAuth
Risk Management
9 min read
Should I let my employees login with their work Google account?
Is logging in with Google or Microsoft secure? Yes, with caveats.
Luke Jennings
4 Oct 2022
OAuth
4 min read
NCSC 2022 Cyber Essentials puts the spotlight on SaaS
We address some of the biggest changes to the Cyber Essentials technical controls and offer guidance about how to handle these new questions.
Sally Soulliere
27 Sep 2022
Asset discovery
Cloud security
8 min read
How to kick off an incident response investigation for a compromised SaaS...
We'll walk through how to quickly detect and mitigate business email compromise (BEC) and then prevent future attacks.
Johann Scheepers
20 Sep 2022
Consent phishing
Incident response
2 min read
Product release: August 2022
Here’s what’s new on the Push platform this month.
Andy Waugh
25 Aug 2022
Release notes
5 min read
How to discover SaaS use without invading employee privacy
Learn how to manage SaaS in a way that keeps employees productive and doesn't compromise privacy.
Andy Waugh
22 Aug 2022
Shadow IT
user-centric security
13 min read
How to manage the risk of unsanctioned SaaS
Learn some lightweight ways to manage the risks SaaS introduces without relying on restrictive policies that block employees from using their preferred tools.
Jacques Louw
11 Aug 2022
Risk Management
Shadow IT
9 min read
How to find the right SaaS security solution for your organization
In this guide, we’ll break down some major SaaS use cases and match them up with solutions that can address them, covering pros and cons for each.
Jacques Louw
25 Jul 2022
Asset discovery
Shadow IT
3 min read
What we’ve been up to with our seed funding: a peek behind the curtain
Yesterday, we announced our official launch and what Push Security is all about following our $4m series seed.
Adam Bateman
20 Jul 2022
Company news
8 min read
Building a culture of trust to secure SaaS, together
We’re excited to announce our $4M seed round, led by Decibel. See how we’re building tech that allows companies to let employees freely & securely adopt SaaS.
The Push Team
19 Jul 2022
Company news
4 min read
Push Security Announces $4M Seed Round to Introduce User-Centric Approach to...
Launches solution that finds SaaS apps employees are using and guides them to fix issues
The Push Team
19 Jul 2022
Company news
4 min read
Product release: July 2022
Find out the latest features available on the Push platform.
Andy Waugh
15 Jul 2022
Release notes
5 min read
Microsoft rolls out Security Defaults for Azure AD to secure access
Microsoft is starting to roll out Security Defaults for Azure AD for those who haven’t turned them on yet. Here’s what you need to know.
Sally Soulliere
14 Jun 2022
Account security
12 min read
Rolling-your-own SaaS discovery
We’ve compiled some methods for discovering SaaS. Lets explore each approach and learn new ways to discover unknown SaaS, capture SaaS use, and secure it.
Jacques Louw
2 May 2022
Asset discovery
7 min read
How to find a malicious OAuth app on Microsoft 365
How do you find a malicious Microsoft 365 OAuth app? Learn what to look for, and what to ignore, when checking your users haven't been consent phished.
Andy Waugh
5 Sep 2021
OAuth
7 min read
Investigating user delegated OAuth tokens in Google Workspace - a ride along
Introduction to OAuth tokens in Google Workspace, how they are used, reasons you might want to review them, and a discussion of how you might go about it.
Jacques Louw
14 Jul 2021
Account security
5 min read
Consent phishing: the emerging phishing technique that can bypass 2FA
Consent phishing is an emerging technique attackers are using to compromise user accounts, even if they have Multi-factor Authentication (MFA or 2FA) enabled.
Alex Triaca
5 Jul 2021
Account security
OAuth
3 min read
Case study: Business Email Compromise (BEC) attack nearly cost us millions
A story by the owner of an Engineering company on how they almost lost millions from a Business Email Compromise (BEC) style attack. An interesting BEC example.
Tyrone Erasmus
13 Jun 2021
Case studies
Email security
4 min read
Email security: How hackers use mail rules to access your inbox
After phishing campaigns target Office 365 and Google Workspace users, malicious mail rules are automatically added to the user’s mailbox. Take steps to defend.
Andy Waugh
9 Jun 2021
Email security
4 min read
Should you disable external email auto-forwarding?
External email auto-forwarding is a feature but also a risk; learn whether you should disable it, and, if you can't, how to manage the risk through detection.
Andy Waugh
2 Jun 2021
Email security
2 min read
Push Security’s early access preview is live! 🚀
We built Push to help small and medium-sized organisations get security done, in the easiest, lowest friction way possible.
Adam Bateman
15 Mar 2021
Company news
4 min read
How to set up Multi-Factor Authentication for Microsoft 365
Conditional Access, Security Defaults, or Legacy? Figuring out how to deploy MFA in Microsoft 365 can be complex. This post summarises your options.
Andy Waugh
14 Mar 2021
Account security
6 min read
Multi-Factor Authentication is the top security control for most small and...
Why Multi-Factor Authentication (MFA aka 2FA) is so useful for small and medium-sized businesses, and how to deploy it successfully.
Jacques Louw
14 Mar 2021
Account security
6 min read
Which MFA methods should you use?
SMS, Authenticator apps, Security Keys, and more! We compare them from a user experience, security, cost, and security aspect.
Andy Waugh
14 Mar 2021
Account security
Subscribe to get updates from Push
The latest news, articles, and resources, sent to your inbox weekly
Subscribe
This site is protected by reCAPTCHA and the Google
Privacy Policy
and
Terms of Service
apply.
You're offline. Waiting to reconnect.
hide