Push Security

?? Introducing a SaaS attack matrix of networkless SaaS attack techniques - This is how attackers can own a company without touching the endpoint or the network - These networkless attacks bypass EDR and network detection We hope this helps defenders better understand the threats they face. ?? #Pentesters #Redteams We’d love to some comments or contributions for things you've tried on GitHub! Links in ?? #security #infosec #SaaSsecurity #supplychainsecurity

?? From popular request to reality, our app banners feature now supports adding custom in-browser messages to any URL you like ?? This gives Push customers even more options to guide end-users to do the right thing when using apps in the browser. Adding banners to specific URLs gives security teams more flexibility and is great for things like: ? Reminding employees not to store credentials or sensitive information on internal wikis. ? Requiring acknowledgement of your security policies when using high-value code repos. ? Asking employees not to share sensitive information when using GenAI tools during an unauthenticated session. Or anything else you can think of! See how it works below ?? Want to see more? Try Push for free or book a demo here: https://lnkd.in/eF_2TvZs

Super stoked to announce I'm joining Push Security! ?? I'm jumping in with a team that's doing some seriously cool stuff in security. We're not just patching holes, we're building the future of how companies stop those sneaky identity-based attacks. Push Security is doing things differently, using some seriously smart tech to create security that just works, without getting in anyone's way. Plus, admins get killer visibility into what's happening in the browser – and since around 90% of user activity happens there, that's kind of a big deal! We're talking about building the foundation for proactive security, the next big thing. Imagine a world where phishing links get nuked before a bad actor even sends them. That's what we're making happen—and smart companies are already seeing the results. I'm hyped to be part of this ride, helping build tech that's going to totally change the game. It's not just about fixing problems, it's about shaping what's next. ?? ??? ?

The number one reason security startups fail is the lack of strong "Why now?". In my view, there are three types of “Why now?” in security that enable the creation of new companies: 1. A new technology makes it possible to solve problems in a meaningfully new way which makes new solutions better by definition. This one is the most commonly discussed "Why now?" but also the weakest because most companies won't replace their tools until and unless they have no other choice. I am not aware of any company in security that became big just using new tech, and without any of the other two types of "Why now?". 2. Change in infrastructure makes old approaches insufficient or completely irrelevant in the new world. This one is very strong and applies to all industries. 3. Change in adversary behavior pushes companies to look for new ways to defend their environments. This one is also very strong and is unique to security. Every successful security company is an outcome of one or more of these "Why now?" (the biggest companies are the result of either infra or adversary behavior change). For example, - Okta: infrastructure shift - Crowdstrike: shift in adversary behavior - Palo Alto: shift in infrastructure which caused a shift in adversary behavior - Zscaler: shift in infrastructure - Duo Security: new technology and shift in adversary behavior - Abnormal/Material: change in infrastructure and adversary behavior For more on this, check out today's issue of Venture in Security. Thanks to Push Security for supporting this issue!

It was a pleasure to talk through the latest in identity attack research today - but tomorrow the fireworks really start. My session at Enterprise Security Risk Management tomorrow focuses exclusively on AI Operators, and why these will shortly be driving identity attacks and the early phases of account takeover. Don't miss it! (or do, but send me a nice message and a packet of crisps)

Some things are just REALLY hard to find Like my golf ball off the first tee. Or attackers in your SaaS... Well search no longer - Push has you covered for both! Come visit us at Cyber Engage in Oxford on Tuesday, or the Enterprise Security summit in London on Wednesday, and pick up the last golf ball you'll ever need. And if you don't like golf, fear not - we got you covered. Drop a comment below with something you want us to brand up - if it's not illegal we'll consider it!

?? //O ?? I'm excited and proud to announce that today is my first day at Push Security. Massive thank you to Adam Bateman //O and Alex Henshall for keeping me in mind as the team continues to grow. The challenge and opportunity presented by the issue of sprawling identity management and protection in the cloud is one I was eager to pick up. Modern problems require novel solutions, and Push's browser based approach is unique yet simple enough to be applied agnostically across all modern browsers. It's also incredible that such a small team built an Enterprise ready product that is effective at scale so quickly. Additional thanks to Kevin Arsenault for the opportunity, and to John Creaton for being the best in the business! Enough of this, let's get going!!!! (Live look below of the Push team introducing our approach to CISO's ?? )

The 2025 CrowdStrike Global Threat Report landed last week and it’s had quite a clear swing towards identity and SaaS attacks, with attackers focusing on initial access (in particular logging in with compromised credentials). Infostealers, AITM phishing, help desk scams and vishing were all cited as ways attackers are achieving account takeover, fuelling an increase in: ?? Initial access broker activity, growing 50% YOY ?? Valid account abuse, responsible for 35% of cloud-related incidents It’s no surprise when considering that attackers can profit just by logging into SaaS services and dumping the data. But they can also use SaaS as a platform for lateral movement to connected SaaS/cloud, spread to user endpoints and their networks, or target third-parties and end-customers downstream. My personal highlight was seeing the report acknowledge that ?????????????????? ???????????? ???? ???????? ???????????????????????? ???????? ?????? ???????????? ???????????? ?? ?????????????? ?????????????? ????????????????????. This is SO refreshing after seeing so many MDR/XDR vendors trying to bolt SaaS compromises on the end of the end of their endpoint- and network-centric attack chains. I thought the attached diagram was really helpful for visualising this. This year’s top recommendation? Secure the entire identity ecosystem. My blog from October last year where I discussed changes to the kill chain for SaaS attacks ?? https://lnkd.in/ed4siRRu

Is it that time again already? We’re back with this month’s newsletter. So grab a coffee and settle in for this month’s news from the world of identity attacks ???? This time, we're sharing a follow-up on our research into OpenAI Operator and how it can be leveraged by attackers to conduct credential stuffing attacks at-scale ?? We're also covering the month's headline identity stories, including a massive new infostealer password dump, and attackers continuing to breach Jira tenants with stolen creds. If you're into identity attack research, it's probably the best thing you can do with your Friday. So what are you waiting for???

This is what every day at work should look like! Amazing clients, world leading research, and spending time with genuinely awesome colleagues. Want in on the action? Push Security is hiring fast - come join us https://lnkd.in/ee_PH4Yu