SaaS Attack Matrix: Understand how modern attackers operate | Learn more →

Ready to help

What is Push?


Push protects your digital work life by finding security risks with the online apps you use and helping you resolve any issues that could lead to account compromise or data loss. Push makes it easy to do the right thing.

Push’s job is to sit quietly in the background and only notify you if we find something like:

  • An easily guessable or shared password on apps you use for work.

  • A password you use that’s been exposed in a data breach.

  • A mail forwarding rule that sends company information to an external email address, which can be an indicator that your work account has been compromised by an attacker.

  • Missing multi-factor authentication protection (MFA) from an important work account like Microsoft 365 or Google.

When we have a security recommendation for you, we’ll share it in short, easy-to-understand messages sent by the Push chatbot in Slack or Microsoft Teams, and/or shared directly in your browser, depending on your organization’s Push configuration. Whenever we can, we make it easy to take action on our recommendations in one click.

Push also helps your security team understand whether company data is stored securely in online apps by keeping an inventory of what employees log into using their work accounts. These can include common productivity SaaS apps like Dropbox and Trello as well as technical apps like GitHub and Postman or those that store customer data like Hubspot and Salesforce.

Push also checks for risky or untrustworthy apps in use at your company so your security team can take action to remove them.

This information helps protect your organization and the people it serves, such as customers, patients, or clients, against having their data stolen and their lives disrupted by a breach.

How does it work?

Push uses a browser extension to observe employee logins to online work accounts that use a username and password. Note that Push only collects data about your work account, not for your personal accounts.

If Push finds an issue with the passwords associated with these logins, we flag them for your security team. If your administrator has configured Push to work directly with employees, the Push chatbot will also message you directly to help you resolve the issue.

ChatOps message - weak password - docs

Push also integrates with your company’s primary work platform, either Microsoft 365 or Google Workspace, to inventory apps you log into with a social login, such as Sign In with Google and Sign In with Microsoft.

This integration also:

  • Checks for MFA usage across the company.

  • Finds any external mail forwarding rules that can be a sign of a compromised email account.

  • Collects the third-party integrations you create using your Microsoft or Google work account, such as calendar and file-sharing extensions or other tools.

If your company uses the Push chatbot, we may also message you to sign up for MFA, verify that an external mail forwarding rule is legitimate, or ask you if you are still using an old third-party integration you may have forgotten about. We’ll only message you when necessary.

Privacy and security

The sole reason Push exists is to improve security, so protecting your data is a top priority. We make considerable efforts to secure your personal information and we aim for full transparency on how we gather and use your information within our service.

Learn more about how we protect your information in Your privacy.

How to set up Push

Setup is simple. Your security or IT administrator will either install Push’s browser extension automatically for you, or ask you to install it yourself by clicking a link sent via email or chat message.

Learn more about installing the browser extension in Enroll your browser.