Blog

Credential stuffing attacks are incredibly common, but they often go undetected. These attacks are often the entry point for attack. Learn how to prevent them.

Employees sign up to cloud apps on their own every day. Each time, they create a new account and a new identity on that app. How do you find and secure them?

In this article, we’re going to demonstrate how combining two of our favorite new SaaS attack techniques makes a simple, but very stealthy persistence approach.

While OAuth scopes provide seamless online user authentication, they also carry significant risk. Watch out for these common, dangerous scopes.

We’ll define shadow IT, talk through the security risks associated with it and give some actionable guidance on how to manage it.

In this article, we’re going to demo combining two of our favorite new SaaS attack techniques to make a simple, but effective attack chain.

You’ve probably locked down the known cloud services your company is using, but what about all those other SaaS apps people in the company are using?

We'll quickly define SaaS security and help you better understand how to manage the risk SaaS applications introduce to your business

Here’s what’s new on the Push platform for July 2023.

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face.

Free and trial SaaS accounts are often invisible to security teams and still interact with real, live corporate data.

Adapt your thinking to secure your data. Security needs to move from being the Department of No to the Department of Yes, Unless...

Attackers commonly target SaaS apps because they know employees sign up without running them past IT first. Learn how to adjust to secure your data.

Employees using a new work app used to be the final step of the software-onboarding process. Now it's the first. Security must adapt to secure business data.

This article helps you hone in on which SaaS security solutions might be the best to consider for your specific needs, objectives, and environment.

Attackers routinely use mail rules to hide their attacks, exfiltrate sensitive data, and to get persistent access to victim accounts.

Here’s what’s new on the Push platform for June 2023.

Browser extensions are the most effective SaaS discovery tool because they can capture employee SaaS use and adoption in real time, as employees sign up.

Look at enabling SaaS from a broader understanding of the business and not just the impact to security

SaaS sprawl is not just a raw increase of apps in-use, but also due to employees self-adopting new apps. Orgs need sensible guardrails for employees.

We’re proud to announce our $15M Series A round, led by GV. Here's what we've learned about what our customers need since we launched in July 2022.

Today we're launching a bold new identity for Push. Take a look behind the scenes

Here’s what’s new on the Push platform for March 2023.

An employee has added a new integration to your Azure tenant or Google Workspace. How do you assess risk? We’ll cover a few techniques in this article.

This article covers common ways an app could lead to compromise in Microsoft Azure, and what to look out for when determining risk to your organization.

Password expirations are still commonly recommended, but most security pros agree that they lead to more predictable passwords. Here's what to do instead.

Here’s what’s new on the Push platform for December 2022.

Attackers have loads of persistence options in an endpoint compromise scenario, but what changes in a SaaS-first world? We talk new attack methods in this post.

Learn about the benefits and risks of SaaS integrations and get tips for how to manage the risks.

Is logging in with Google or Microsoft secure? Yes, with caveats.

We address some of the biggest changes to the Cyber Essentials technical controls and offer guidance about how to handle these new questions.

We'll walk through how to quickly detect and mitigate business email compromise (BEC) and then prevent future attacks.

Here’s what’s new on the Push platform for August 2022.

Learn how to manage SaaS in a way that keeps employees productive and doesn't compromise privacy.

Learn some lightweight ways to manage the risks SaaS introduces without relying on restrictive policies that block employees from using their preferred tools.

In this guide, we’ll break down some major SaaS use cases and match them up with solutions that can address them, covering pros and cons for each.

Yesterday, we announced our official launch and what Push Security is all about following our $4m series seed.

We’re excited to announce our $4M seed round, led by Decibel. See how we’re building tech that allows companies to let employees freely & securely adopt SaaS.

Launches solution that finds SaaS apps employees are using and guides them to fix issues

Here’s what’s new on the Push platform for July 2022.

Microsoft is starting to roll out Security Defaults for Azure AD for those who haven’t turned them on yet. Here’s what you need to know.

We’ve compiled some methods for discovering SaaS. Lets explore each approach and learn new ways to discover unknown SaaS, capture SaaS use, and secure it.

How do you find a malicious Microsoft 365 OAuth app? Learn what to look for, and what to ignore, when checking your users haven't been consent phished.

Introduction to OAuth tokens in Google Workspace, how they are used, reasons you might want to review them, and a discussion of how you might go about it.

Consent phishing is an emerging technique attackers are using to compromise user accounts, even if they have Multi-factor Authentication (MFA or 2FA) enabled.

A story by the owner of an Engineering company on how they almost lost millions from a Business Email Compromise (BEC) style attack. An interesting BEC example.

After phishing campaigns target Office 365 and Google Workspace users, malicious mail rules are automatically added to the user’s mailbox. Take steps to defend.

External email auto-forwarding is a feature but also a risk; learn whether you should disable it, and, if you can't, how to manage the risk through detection.

We built Push to help small and medium-sized organisations get security done, in the easiest, lowest friction way possible.

Conditional Access, Security Defaults, or Legacy? Figuring out how to deploy MFA in Microsoft 365 can be complex. This post summarises your options.

Why Multi-Factor Authentication (MFA aka 2FA) is so useful for small and medium-sized businesses, and how to deploy it successfully.

SMS, Authenticator apps, Security Keys, and more! We compare them from a user experience, security, cost, and security aspect.