Attackers don't hack in, they log in

The push browser agent is designed to inspect and process only information that is related to identity and identity infrastructure security. This means that the agent doesn't request or inspect potentially sensitive business data that your employees upload, link, enter into apps, or that is otherwise available in apps.

The agent does analyze data that is related to identities in the browser and will report that information back to your Push app tenant if it is a work identity (or if you have configured Push to report identities for any domain). In terms of PII, we keep this data to the minimum basic account information (names and email address) needed for security context.

Where we process sensitive identity information (such as a user's password) we don't ever allow that data to leave the local browser context. We immediately analyze and forget, or convert these sensitive values to fingerprints (using k-anonymized hashes of the sensitive values) so we can compare them in future (for example to check if passwords are shared). Even these fingerprint values aren't sent back to your Push app tenant - instead we report back the results of local comparisons done in the browser.

Detecting attacker tools and techniques requires inspecting certain aspects of web apps - this may include things like URL patterns, the page DOM, server headers, or inspecting local data. In these cases we are looking for regex-like matches or generating signatures that we can use for comparisons. We only report back the result of these comparisons and matches done in the local browser context.

You can get a much more detailed description of the data we collect here.

All data that you send to Push via the browser agent or the API integrations is stored in the EU, primarily in AWS Ireland (eu-west-1 for all the cloud engineers). Storing data in the most regulated region means it is easier to satisfy a broad set of privacy requirements including GDPR without the complexity of data export rules and provisions that change frequently.

We're a security company, so as you can imagine, we take data protection very seriously. Many of us at Push used to be security consultants working in both red and blue teams, and we practice what we preach.

Push is SOC2 and Cyber Essentials certified and GDPR compliant. You can read more about our privacy and security practices on our security portal page here.

A copy of our Information Security Policy can be provided on request, and our security team gets very excited about discussing the controls we implement beyond compliance requirements.

No. We use a shortened salted hash of each password. It's checked in the browser and never leaves it. Find out more here.

The sole reason we exist is to improve security, so it goes without saying that protecting your personal data is a top priority. At Push, we have a few fundamental principles:

• The data you send to Push (whether via the extension or API) is yours, remains yours, and is deleted when you close your account with us.
• We do not sell our users' data. We aren't a data broker, we don't sell your personal information to data brokers, and we especially don't sell your information to other companies that want to spam you with marketing emails. We are not ad-funded, don't show ads in any of our Services, and never will.
• We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you throughout the operation of our services.
• We store personal information for only as long as we have reason to keep it.
• We make considerable efforts to secure your personal information; we practice what we preach throughout our service.
• We have no interest in making money by selling or sharing your personal information with anyone else.
• We aim for full transparency on how we gather, use, and share your personal information.

You can review our full privacy policy here.

Before you deploy the browser agent, it is by default configured to monitor logins into work applications where your corporate email domain name is being used. That prevents any personal accounts from being monitored by Push.

The Push browser agent is deployed as a browser extension using any MDM, Google Admin console, Microsoft Group Policy, or manual enrollment. This agent observes employee logins and signups to cloud accounts using federated and unfederated identities. The browser extension then actively interrogates the collected data to detect common attack techniques, block phishing attempts, enforce end-user security controls, and uncover account security issues.

Push uses a browser agent to collect browser data and generate telemetry.

Browser data is the broadest, most contextual data source for monitoring your entire identity attack surface for indicators of attack and finding vulnerabilities. Other data sources such as IdP and work app logs provide rich data into a narrow set of identities and apps. Network and email data provides very limited insight into identity security as well as being prone to false positives.

The Push browser agent not only performs passive observation, but also active interrogation. This enables you to detect attack techniques and tools so you can protect all identities, whether they are in your IdP system or not.

Finally, the browser agent also allows you to apply controls in the right place and at the right time. Push's set-and-forget guardrails can block, warn or guide employees so you have one less problem to worry about.

Google Chrome, Microsoft Edge, Firefox, Safari, Brave, Opera, Arc. Find out more here.

You can deploy the Push browser extension using managed browser configuration, an existing MDM solution (such as Jamf or Microsoft Intune), or through a Group Policy if you have an Active Directory environment. Or, if you prefer, you can prompt employees to self-enroll via email or chat message by sending them a unique enrollment link. Find out more here.

Obviously we're going to tell you it's really quick and easy to deploy Push. So here's a real-world customer example:

Inductive Automation deployed the Push browser agent to 99 percent of their devices in 5 minutes in the middle of a regular workday. According to Jason their CISO, the deployment was so seamless that they received no help desk requests. You can read more about how Inductive Automation uses Push here.

No, if the extension is installed using device management software, the extension can be deployed so that it cannot be removed from their browser.

Push's users range from small-but-capable security teams in growing cloud-native/networkless businesses, right up to advanced SOC teams and IAM teams in large enterprises.

What they all have in common is that they recognize the growing risk of attacks against their workforce identities and want to reduce it.

We're a team of ex red teamers and incident responders, so as you can imagine we analyze attacks by threat actors such as Scattered Spider and APT29 as well as research new identity attack techniques yet to be seen in the wild. For example, here's our research into SaaS-native attack techniques.

Today, Push helps you defend your workforce identities against:

• Phishing
• Adversary-in-the-Middle (e.g. Evilginx)
• Browser-in-the-Browser (e.g. EvilnoVNC)
• Credential stuffing
• Brute force attacks / password spraying
• Consent phishing
• Business email compromise
• Account takeover / hijacking
• Account-to-account lateral movement
• Shadow workflows

Other ITDR platforms don't generate their own telemetry. Instead they tap into your IdP logs and pull them into a secondary SIEM-like platform from where you can develop and run detection use cases.

Push is different because it generates its own telemetry from the browser that can be used to detect identity attacks. The browser data Push collects is the broadest, most contextual data source for monitoring your entire identity attack surface. Many indicators of identity attacks will not be visible in IdP logs alone, but they can be detected when you incorporate browser telemetry into your monitoring.

Push still allows you to further enrich the browser data with data from your IdPs so you can have the best from both worlds.

Our mission is to defend your organization against identity attacks as they are now responsible for the majority of all breaches. While Push is a browser-based identity solution, our focus is not on securing the browser itself. We use browser data because gives us the broadest and most contextual source for monitoring your full identity attack surface, detecting identity attack techniques and uncovering identity vulnerabilities.

Enterprise browsers can be likened to a new secure operating system, Push on the other hand can be likened to EDR but for identities. For organizations with a locked-down environment it can make sense to force employees to use a single mandated enterprise browser so their activities can be monitored and controlled. However, rolling them out across the organization is a big migration project. On the other hand, Push can quickly be deployed so you can enforce common-sense security controls in any browser and stop attacks against workforce identities.

Push defends all your identities, whether they're in your IdP or not. Push customers are often surprised by the number of non-SSO identities their employees have. These can be on apps employees have signed up to themselves and haven't told IT about yet, or even on apps that have been onboarded to SSO.

By giving you visibility of all your employees' cloud apps and identities, Push can help you get as many of your apps as possible behind SSO. Unfortunately, not all apps support SAML SSO or OIDC SSO, and many that do will charge you more for it. Push defends all the identities on apps where it's impossible or impractical to use SSO, so every workforce identity is protected against identity attacks.

While Push is definitely not a CASB, it can still discover all the apps your employees are using, and gives you visibility of the identities they use to access these apps. Because Push uses browser data to work at an identity and application level it enables you to see how securely your employees are using each app, harden identities that are vulnerable to identity attacks and detect attacks against workforce identities. This isn't possible with a CASB as they work at the network layer and infer cloud app usage from users visiting websites.

SSPM solutions that integrate directly with cloud applications can provide rich visibility of users, identities and vulnerabilities. However, they are limited to supporting a small number of apps that directly integrate with the SSPM solution and even then, they are totally dependent on the app vendor making useful security data accessible via API. Push uses browser data because it provides far broader coverage across all identities and apps so you can monitor and defend your whole identity attack surface.

Yes. Our research has shown that about two thirds of common thick clients redirect to the browser for login, and most are used in-browser for administrative functions.

No. When you assign licenses to employees it does not automatically start messaging employees on Slack or Teams.

Push allows you to completely customize the ChatOps rollout so you can decide what types of issues will generate messages/alerts and who in your business will receive them.

We're constantly refining all aspects of how we interact with your employees to make sure we're giving them the right guidance at the right time with the minimum amount of messages.

Push directly integrates with Microsoft 365, Google Workspace and Okta to further enrich the data collected in the browser. Any other IdP system logs can be ingested into your SIEM/XDR solution alongside Push's data to give you comprehensive coverage across your identity attack surface.