New Feature: Verified Stolen Credential Detection

Blog
/
Release notes

Product release: July 2022

You can now use the Push platform to discover SaaS used in your organization, secure the accounts used on those SaaS platforms, find risky third-party integrations, and use ChatOps to solve problems at scale.

We've been busy at Push Security recently and we're so excited to tell you the latest on some highlights:

  • Discover SaaS and secure accounts

  • Find risky third-party integrations

  • Solve problems at scale with ChatOps

Discover SaaS and secure accounts

Use Push to discover SaaS apps employees are using in your company and secure the accounts being used to access them.

If you’re already using the Push platform and have connected Microsoft 365 or Google Workspace to Push, you’ll see we’ve already started showing SaaS your employees are using via social logins on the SaaS page:

Example SaaS page: July 22 release post
Visit the SaaS page to see all the SaaS you organization is using. Click on a tile to see who is using each platform.

Now we’ve officially released our browser extension, you can also see the SaaS your employees are logging in to using classic usernames and passwords, so you can see your SaaSiest users:

Example employee page by SaaS: July 22 blog
See which employees are using which SaaS platforms on the Employees page

Deploying the browser extension is easy - you can send install links to your employees via email or ChatOps and they can install and enroll in just a few seconds: 

Web extension enrolment process
How to enroll the browser extension

If you’d prefer a no-click setup, watch this space, we’ll be releasing some options for managed browsers, GPO, and MDM users soon.

Using the browser extension will also show if users are using strong passwords and unique passwords between accounts and, of course, you can use ChatOps to have Push automatically reach out to any users with issues (like using weak passwords or sharing passwords with multiple apps) to have them self-remediate without you having to lift a finger.

Click here to check out an interactive demo.

Find risky third-party integrations

Now that you’ve got visibility of all the SaaS apps employees are using, what about all the integrations within each of those apps? 

They often request access to company data and files, but fly under your radar because they’re buried under that core app and you don’t normally even see them. Turns out they’re just as risky as the core SaaS platforms employees are using.

  • You can now see all of those SaaS integrations connected to your core SaaS platforms (Google Workspace and Microsoft 365) within the Push dashboard

  • Get visibility on if those integrations are doing anything suspicious or malicious, or even if they’re asking for excessive or risky permissions.

  • Soon, you'll be able to use ChatOps to Let us work directly with employees to remove any integrations they’ve tried, but aren’t actively using anymore to reduce your attack surface.

Example third-party integrations: July 22 blog
See all your third-party integrations in one place to understand which users have given third parties access to their data.

Click here to check out an interactive demo.

Solve problems at scale with ChatOps

You’ve probably heard us mention ChatOps before. Simply finding security issues alone isn’t useful; you need clear, actionable next steps. For a lot of security issues, those next steps will inevitably require, or benefit from, something from the user.

For example, if you find a user is using the same password to log in to Microsoft 365 as 6 other, perhaps less reputable platforms, you might like to ask the user to update their password…

…or register for MFA….

…or remove that dodgy third-party integration…

…or a million other things. You could do this yourself but with ChatOps, Push can find these issues and fix them without you lifting a finger.

And we’re already seeing the impact. For example, we mentioned earlier you can use ChatOps to deploy our browser extension - customers that have already done this have seen over 80% of employees set up without any action needed from the security/IT teams. It’s great to see the ChatOps concept be so effective and over time we’ll be tweaking how, when, and what we message users to improve even further!

Alongside this, in response to your feedback, we’ve got a fresh update for how you set up and monitor ChatOps that gives you full control over which employees are active for ChatOps, and which topics we should speak to employees about. Check it out:

Example ChatOps page: July 22 release post
Use the new ChatOps screen to control which users can receive messages, which topics users will be messaged about, and which messages have been sent.

All these features are available now so log in to your account to give them a go. New users can sign up for free by heading to pushsecurity.com and clicking "Try it free."

Subscribe to get updates from Push
The latest news, articles, and resources, sent to your inbox