Content library

Take a look at our content library to learn how to manage SaaS without slowing down the business.

Latest content
SaaS sprawl isn't a problem (If you completely change your approach)
Books & Whitepapers

SaaS sprawl isn't a problem (If you completely change your approach)

Employees using a new work app used to be the final step of the software-onboarding process. Now it's the first. SaaS vendors bypass IT and security and hook employees with free apps and trials. This has led to sensitive data on shadow SaaS applications (more on this later) that is accessible via unmanaged cloud accounts (accounts that aren’t protected by SSO or logged into via social login accounts). Attackers exploit this unmonitored attack surface with new takes on old techniques that are going undetected. Employees self-adopting apps might sound like a security nightmare, but it doesn’t have to be. Security teams need to regain visibility and control over company data and how it’s secured.

Read more
A Phisher’s Guide to Slack
Books & Whitepapers

A Phisher’s Guide to Slack

Unlike phishing via email, IM apps and the messages within them are typically more trusted by employees, making social engineering via Slack a juicy target.

Read more
SaaS Attacks Report
Books & Whitepapers

SaaS Attacks Report

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. Our goal at Push is simple — to reduce the risk of using SaaS apps at work. Doing this well means building controls that are easy to use, easy to understand — and ultimately effective. These controls need to be effective against the most common techniques that are likely to cause real damage. To talk about this, we need to have a shared understanding of what these techniques are. To get that conversation going, we’ve pulled together all the techniques we're aware of and we've even added a bunch of new ones.

Read more
The no-jargon guide to solving shadow SaaS
Books & Whitepapers

The no-jargon guide to solving shadow SaaS

SaaS vendors have changed how software is adopted into a business. Now, the majority of SaaS vendors build their products on a product-led growth model - which simply means they want users (your employees) to self-adopt their apps, start using them (and integrating with your data to do so), and become a useful tool for the employee. This change has turned the product-adoption process on its head - leaving security and IT teams blind to which apps sensitive company data is flowing into. How do you make sure your data stays secure in this new software-adoption flow? In this book, we’ll offer some practical guidance on how to manage supply chain risk without slowing down the business.

Read more
SaaS Security Solution Evaluation Guide
Books & Whitepapers

SaaS Security Solution Evaluation Guide

If you’re looking for a solution to find and secure SaaS, including employee-adopted work apps, you’re probably navigating a sea of SaaS management solution vendor websites to try to determine which products to evaluate. There are SSPMs, CSPMs, CASBs, legacy tools with a few SaaS security features, and modern tools that don’t quite fit into either category, and even within each subcategory, products vary widely on capabilities, coverage, and depth. It’s a daunting task. Our latest e-book aims to help you hone in on which solutions might be the best to consider for your specific needs, objectives, and environment.

Read more
BlueHat 2023 - SaaS Cyber Kill Chain
Video

BlueHat 2023 - SaaS Cyber Kill Chain

Luke Jennings, Push's VP of R&D, explores the evolution of cyber attacks and the impact of the remote working and SaaS revolution on the cyber kill chain.

He discusses the new SaaS cyber kill chain for modern, fully SaaS native organizations and the surprising number of attacks possible without touching company-owned endpoints or infrastructure.

Luke discusses how initial access, lateral movement, and persistence methods have changed in a world with no internal infrastructure. He also introduces the open-source SaaS attacks matrix as a tool for both red and blue teams navigating this new landscape.

Read more
Shared Security - Compromising an Organization without Touching the Network
Video

Shared Security - Compromising an Organization without Touching the Network

In this episode of Shared Security Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint or network. Luke talks about his recent SaaS attack research, why SaaS based attacks are different than traditional network based attacks, the SaaS attack matrix which can be used by both red and blue teams, and why its important that this research is shared and talked about in the cybersecurity community.

Read more
Pain in the SaaS - Talk at WithSecure
Video

Pain in the SaaS - Talk at WithSecure

Luke Jennings, Vice President of R&D at Push Security, gives a talk about new SaaS attack techniques at WithSecure Conference

Read more
Securing employee-adopted SaaS apps
Video

Securing employee-adopted SaaS apps

SaaS vendors are bypassing your vetting processes and getting employees hooked with free apps and trials. Attackers are targeting this new shadow attack surface with new takes on old techniques. In this webinar, Jacques will cover:

  • Why the traditional gated approach for onboarding new software no longer works.

  • How to adapt your approach to meet the challenges and enable your business.

  • Share insights about other teams that have embraced app self-adoption and kept a handle on risks.

Read more
Understanding the New SaaS Cyber Kill Chain
Video

Understanding the New SaaS Cyber Kill Chain

This talk will consider what a new SaaS cyber kill chain looks like for modern organizations that are fully SaaS native without any concept of an internal network, and the surprising number of attacks that are possible without touching company owned endpoints or infrastructure. In this webinar, you will:

  • Discover how most organizations are already hybrid SaaS and are increasingly SaaS-native

  • Learn what the cyber kill chain looks like when applied to SaaS-native organizations

  • Understand both new variations of old attacks and brand new attack techniques against SaaS-native organizations

  • Discover how SaaS opens up serious persistence challenges even in traditional endpoint compromise scenarios

  • Learn what the SaaS attacks matrix is and how it can benefit your red and blue teams

Read more
Convex Insurance
Customer story

Convex Insurance

Push helped Convex Insurance enhance their identity security and gain control of shadow SaaS, closing a gap left by traditional CASB solutions.

Read more
Inductive Automation
Customer story

Inductive Automation

Push helped Inductive find and secure shadow accounts and apps with high-fidelity data in a way that didn’t interfere with employees’ productivity.

Read more
Upvest
Customer story

Upvest

Upvest partnered with Push to achieve a scalable and user-centric way to secure SaaS apps and reduce third-party risks across a complex ecosystem of integrations and apps.

Read more
Subscribe to get updates from Push
The latest news, articles, and resources, sent to your inbox weekly