[{"data":1,"prerenderedAt":414},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":36,"navbar-about-highlight":108,"navbar-resource-highlight":182,"faq-page":226,"faq-data":261},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"query":14,"data":15,"variations":20,"lastUpdated":21,"firstPublished":22,"testRatio":23,"createdBy":24,"lastUpdatedBy":25,"folders":26,"meta":27,"rev":35},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner","1c6207a5f24948ab82d4a0b17f251193","published",[],{"type":16,"url":17,"text":18,"link":19},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,1,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2","jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":28,"lastPreviewUrl":29,"breakpoints":30,"hasAutosaves":34},"data","",{"xsmall":31,"small":32,"medium":33},320,640,768,true,"ga0kpxjhh76",{"createdDate":37,"id":38,"name":39,"modelId":40,"published":13,"stageModifiedSincePublish":6,"query":41,"data":42,"variations":97,"lastUpdated":98,"firstPublished":99,"testRatio":23,"createdBy":100,"lastUpdatedBy":101,"folders":102,"meta":103,"rev":107},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":43,"text":44,"url":29,"blocks":45,"state":93},"ewrererw","testrfesssssssssss",[46,73,81],{"@type":47,"@version":48,"id":49,"component":50,"responsiveStyles":63},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":51,"tag":51,"options":52,"isRSC":62},"TopBannerContent",{"text":53,"ctaText":54,"url":55,"mainText":56,"cta":59},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks","Save Your Spot","https://pushsecurity.com/webinar/state-of-browser-security",{"content":57,"fontSize":58},"\u003Cp>Meet Push's browser security experts at BlackHat 2026.\u003C/p>","text-base",{"content":60,"fontSize":58,"url":61},"\u003Cp>Book a meeting →\u003C/p>","https://pushsecurity.com/events/blackhat-2026-meeting",null,{"large":64},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":70,"marginBottom":70,"fontSize":71,"fontWeight":72},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"@type":47,"@version":48,"id":74,"component":75,"responsiveStyles":79},"builder-a2e1f4b9f30b464bb814d7f5de5b0aa7",{"name":76,"options":77,"isRSC":62},"Custom Code",{"code":78,"scriptsClientOnly":6},"\u003Cstyle>\n  .top-banner.bg-web-orange{background:rgb(114, 79, 255);}\n\u003C/style>\n",{"large":80},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":82,"@type":47,"tagName":83,"properties":84,"responsiveStyles":88},"builder-pixel-o503s4fpvk","img",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":89},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},"block","hidden","none",{"deviceSize":94,"location":95},"large",{"path":29,"query":96},{},{},1783541846936,1774968080803,"ST0tXQM8slWpFrmioqKHmENB2qe2","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"kind":104,"lastPreviewUrl":105,"hasLinks":6,"breakpoints":106,"hasErrors":6,"hasAutosaves":6},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"kyujw1aptq",[109,145],{"createdDate":110,"id":111,"name":112,"modelId":113,"published":13,"stageModifiedSincePublish":6,"query":114,"data":115,"variations":138,"lastUpdated":139,"firstPublished":140,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":141,"meta":142,"rev":144},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":116,"type":117,"testimonialLink":118,"testimonial":119},{},"testimonial","/customer-stories/inductive-automation",{"@type":120,"id":121,"model":117,"value":122},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79",{"query":123,"folders":124,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":128,"variations":132,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":135,"rev":137},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":129,"jobTitle":130,"quote":126,"image":131},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,{"kind":28,"lastPreviewUrl":29,"breakpoints":136,"hasAutosaves":34},{"small":32,"medium":33},"e8bsg4qrgtu",{},1776247404986,1776247404973,[],{"breakpoints":143,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"g9lqcuxphw7",{"createdDate":146,"id":147,"name":148,"modelId":113,"published":13,"meta":149,"stageModifiedSincePublish":6,"query":151,"data":152,"variations":178,"lastUpdated":179,"firstPublished":180,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":181,"rev":144},1776255761419,"05a9322735fc427db12e2740e4302300","Report: 2026 Browser Attack Techniques",{"breakpoints":150,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":153,"link":172,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":155},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":156,"folders":157,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":160,"variations":166,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":169,"rev":171},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":28,"lastPreviewUrl":29,"breakpoints":170,"hasAutosaves":34},{"small":32,"medium":33},"ulhc0im1hfo",{"text":173,"url":174},"Download now","/resources/browser-attacks-report","resource","Learn about the latest techniques being used in the wild.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9",{},1776255810913,1776255810900,[],[183,205],{"createdDate":184,"id":185,"name":148,"modelId":186,"published":13,"meta":187,"stageModifiedSincePublish":6,"query":189,"data":190,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":203,"rev":204},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":188,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":191,"link":199,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":192},{"query":193,"folders":194,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":195,"variations":196,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":197,"rev":171},[],[],{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":198,"hasAutosaves":34},{"small":32,"medium":33},{"text":173,"url":174},{},1776256937553,1776256937540,[],"xggsv10v1q9",{"createdDate":206,"id":207,"name":208,"modelId":186,"published":13,"stageModifiedSincePublish":6,"query":209,"data":210,"variations":220,"lastUpdated":221,"firstPublished":222,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":223,"meta":224,"rev":204},1776256949234,"ce043785b71b4ece98eac811ecf4ba10","inductive-automation",[],{"link":211,"type":117,"testimonial":212,"testimonialLink":118},{},{"@type":120,"id":121,"model":117,"value":213},{"query":214,"folders":215,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":216,"variations":217,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":218,"rev":137},[],[],{"author":129,"jobTitle":130,"quote":126,"image":131},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":219,"hasAutosaves":34},{"small":32,"medium":33},{},1776256974140,1776256974130,[],{"breakpoints":225,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":227,"id":228,"name":229,"modelId":230,"published":13,"stageModifiedSincePublish":6,"query":231,"data":237,"variations":250,"lastUpdated":251,"firstPublished":252,"testRatio":23,"createdBy":253,"lastUpdatedBy":254,"folders":255,"meta":256,"rev":260},1770805016052,"5b9c2e3152c7438f8102077ec849847d","faq","400f68df542849138c13606ceda5d29b",[232],{"@type":233,"property":234,"operator":235,"value":236},"@builder.io/core:Query","urlPath","is","/faq",{"themeId":6,"seoDescription":238,"seoTitle":239,"title":229,"inputs":240,"blocks":241,"url":236,"state":247},"Frequently asked questions about Push Security","Frequently asked questions",[],[242],{"id":243,"@type":47,"tagName":83,"properties":244,"responsiveStyles":245},"builder-pixel-al1itk9mbhi",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},{"large":246},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},{"deviceSize":94,"location":248},{"path":29,"query":249},{},{},1776853961826,1770805597467,"SfUPqW5tkibIPby49keNFMdHFTr1","1tFwRM8zgOWiXsUuFAhARAWMDRz1",[],{"kind":257,"lastPreviewUrl":258,"breakpoints":259,"hasAutosaves":6},"page","https://app.stg.pushsecurity.com/faq?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=faq-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.faq-page=5b9c2e3152c7438f8102077ec849847d&builder.overrides.5b9c2e3152c7438f8102077ec849847d=5b9c2e3152c7438f8102077ec849847d&builder.overrides.faq-page:/faq=5b9c2e3152c7438f8102077ec849847d&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"ceuxvr8xk5o",[262,309,346,380],{"createdDate":263,"id":264,"name":265,"modelId":266,"published":13,"stageModifiedSincePublish":6,"query":267,"data":268,"variations":300,"lastUpdated":301,"firstPublished":302,"testRatio":23,"createdBy":253,"lastUpdatedBy":303,"folders":304,"meta":305,"rev":308},1770806389392,"3da6d2a0d507439dbd7615d1f4051642","Why organizations need a browser security tool like Push","626282c0700648a5b2f3cac8d32a2f18",[],{"category":269},{"questions":270,"categoryIntro":298,"categoryHeading":299},[271,274,277,280,283,286,289,292,295],{"answer":272,"question":273},"\u003Cp>The browser has become the new endpoint. Employees log into cloud apps, move data, build products, and interact with customers. It’s where work happens.&nbsp;\u003C/p>\n\u003Cp>It’s also how attackers get in now. While traditional security tools still focus on endpoints and networks, the browser remains a blind spot: full of risk, but largely unmonitored. This is a visibility and control gap, and attackers are exploiting it. It's why modern organizations need a browser security tool.\u003C/p>\n","Why has the browser become the primary attack surface for modern organizations?",{"question":275,"answer":276},"What is a browser-based attack, and why do many tools miss them?","\u003Cp>A browser-based attack targets users through their web browser to \u003Ca href=\"https://pushsecurity.com/blog/6-browser-based-attacks-every-security-team-should-be-prepared-for\" rel=\"noopener noreferrer\" target=\"_blank\">compromise business apps and data\u003C/a>. Instead of attacking an organization's network or endpoints, attackers go after the cloud and SaaS applications employees access daily. They log in, steal data, and monetize it through extortion or lateral movements.\u003C/p>\u003Cp>Unfortunately, many \u003Ca href=\"https://pushsecurity.com/blog/introducing-push-detections/\" rel=\"noopener noreferrer\" target=\"_blank\">traditional security tools were built for a different era\u003C/a>. Email and network-layer defenses can intercept static phishing pages. However, modern attacks are far more sophisticated. Today's phishing uses dynamic code obfuscation, custom bot protection like CAPTCHA, and layered redirects across legitimate sites like Google Sites and Microsoft Dynamics. Attackers bypass email altogether by delivering \u003Ca href=\"https://pushsecurity.com/blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack\" rel=\"noopener noreferrer\" target=\"_blank\">spear-fishing links via LinkedIn\u003C/a>, Slack, and malvertising. Proxy-based solutions will only see garbled JavaScript without the context of what's actually happening in the user's browser.\u003C/p>\u003Cp>The result is that most organizations are unknowingly relying on blocking known-bad sites. It's a wildly ineffective strategy when attackers rotate their infrastructure constantly. Detecting and stopping browser-based attacks requires visibility from inside the browser itself, where you can observe what users actually see and interact with in real time.\u003C/p>",{"question":278,"answer":279},"How does Push respond to common browser attacks?","\u003Cp>Push takes a fundamentally different approach to browser attacks than traditional security tools. Instead of playing an endless game of cat-and-mouse with attackers over domains and detection signatures, Push focuses on behaviors that attackers simply can't change. The Push Security platform detects and \u003Ca href=\"https://pushsecurity.com/blog/introducing-push-detections\" rel=\"noopener noreferrer\" target=\"_blank\">blocks browser attacks\u003C/a> by observing login behavior and browser context.\u003C/p>\u003Cp>For \u003Ca href=\"https://pushsecurity.com/blog/detecting-and-blocking-phishing-attacks-in-the-browser\" rel=\"noopener noreferrer\" target=\"_blank\">phishing attacks in the browser\u003C/a>, Push essentially domain-binds passwords. It's similar to what passkeys do. Push pins your password to its legitimate domain and prevents it from being entered into any webpage on any other domain. No phishing page, no matter how sophisticated or obfuscated, can steal credentials if your password never enters it. This single behavior-based detection stops credential phishing before it happens. Push still inspects webpages to detect cloned login pages and malicious phishing toolkits. This gives admins visibility into unsuccessful attacks targeting users, but the password itself is the kill switch.\u003C/p>\u003Cp>For attacks like \u003Ca href=\"https://pushsecurity.com/help/how-does-push-detect-attacks-like-clickfix-and-filefix/\" rel=\"noopener noreferrer\" target=\"_blank\">ClickFix and FileFix\u003C/a>, Push detects malicious payloads being copied to a user's clipboard. These attacks trick users into running commands by disguising them as CAPTCHA challenges or error-fixing prompts. But, the malicious script being copied is the tell. Push can warn users or block the page entirely before they paste anything dangerous.\u003C/p>\u003Cp>Across all these attacks, Push blocks the malicious behavior and gives you full visibility into what happened. You get detailed timelines, screenshots of the attack pages, blast radius analysis showing which other accounts are at risk, and all the context you need to investigate and remediate quickly.\u003C/p>\u003Cp>Read the guide on \u003Ca href=\"https://pushsecurity.com/blog/guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks/\" rel=\"noopener noreferrer\" target=\"_blank\">how to use Push controls to protect your users from modern browser threats\u003C/a>.\u003C/p>",{"question":281,"answer":282},"How does Push Security's browser extension handle end user security when using software as a service?","\u003Cp>Push Security deploys a \u003Ca href=\"https://pushsecurity.com/help/what-is-the-push-browser-extension-and-what-does-it-do\" rel=\"noopener noreferrer\" target=\"_blank\">secure browser extension\u003C/a> that provides real-time detection and response at the layer where users work and attackers operate: the browser. The extension monitors employee interactions with SaaS applications, performing password security checks locally (without sending passwords anywhere), detecting MFA registration status, and identifying login methods (password, SSO, OIDC). Push provides in-browser guidance to help employees secure their accounts and can enforce security controls like blocking leak, weak, and reused passwords or detecting phishing attempts. Think of Push as EDR, but in the browser. It sits in the background and protects users at the point of access without disrupting productivity.\u003C/p>",{"question":284,"answer":285},"What are the core security functions Push performs?","\u003Cp>Push's core security functions include: (1) Real-time browser-based threat detection—respond to AiTM phishing kits, session hijacking, malicious extensions, credential theft, and defend against endpoint compromise that occurs through browser-based attack methods; (2) Browser-native response capabilities such as blocking attacks and enforcing controls at the point of access; (3) Shadow SaaS and shadow AI discovery to see all apps accessed in the browser; (4) Attack surface hardening to detect weak, reused, and leaked passwords plus MFA gaps; (5) Browser telemetry for investigation that provides unique visibility into browser activity for security teams.\u003C/p>",{"question":287,"answer":288},"How does Push improve my visibility?","\u003Cp>Push improves visibility by monitoring the browser layer where EDR, DLP, and SSE tools have no visibility. It shows what happens inside browser sessions, tabs, and extensions directly, almost like how a user would. It also gives visibility into which SaaS apps end users access.\u003C/p>",{"answer":290,"question":291},"\u003Cp>For third-party apps, Push monitors how employees access them, identifies security issues, and enforces controls even without admin access. You can use Push Security to get ahead of \u003Ca href=\"https://pushsecurity.com/blog/investigating-and-responding-to-a-third-party-data-breach-using-push\" rel=\"noopener noreferrer\" target=\"_blank\">third party breaches\u003C/a> so you’re not stuck having to react after the fact.\u003C/p>","How does Push help to secure third party applications?",{"question":293,"answer":294},"What security category does Push Security work in?","\u003Cp>Push works in the \u003Ca href=\"https://pushsecurity.com/\" rel=\"noopener noreferrer\" target=\"_blank\">browser-based detection and response\u003C/a> category, often positioned as \"EDR, but in the browser.\" There is an overlap with other categories like enterprise browser security.\u003C/p>",{"question":296,"answer":297},"How do you guide users to make and use secure passwords? Is Push able to show applications that are behind SSO vs. applications accessed with a password?","\u003Cp>Push guides users through in-browser prompts at the point of login when security issues are detected. When an employee creates a new account, Push can prompt them to set a strong, unique password and enable MFA. If an employee tries to use a weak, reused, or leaked password, Push can warn or block them and guide them to improve it. \u003Ca href=\"https://pushsecurity.com/blog/introducing-strong-password-enforcement/\" rel=\"noopener noreferrer\" target=\"_blank\">Push checks for strong passwords\u003C/a> locally in the browser against breach lists (via Have I Been Pwned k-anonymized hashes) without sending passwords anywhere. Push can also detect if employees are using a password manager. Yes, Push clearly distinguishes between authentication methods—showing which apps are accessed via SSO (SAML, OIDC), password login, or social login. This visibility helps administrators understand where SSO should be implemented and identify accounts with weaker authentication methods.\u003C/p>","\u003Cp>Everything we build starts with how attackers actually operate in the wild, not how the market happens to be segmented or what other tools claim to cover. Today, the browser is where real attacks play out, where credentials are stolen, sessions are hijacked, and access is abused. That's why Push exists. Solving these problems requires operating at the browser layer itself, because it's the only place with the visibility and control needed to stop modern attacks as they happen. And right now, there are few security problems more urgent than the ones unfolding there.\u003C/p>\n","Why organizations need a browser security tool like Push.",{},1775661188741,1770806831110,"ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"kind":28,"lastPreviewUrl":306,"breakpoints":307,"hasAutosaves":6},"https://pushsecurity.com/faq?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=faq-data&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.faq-data=3da6d2a0d507439dbd7615d1f4051642&builder.overrides.3da6d2a0d507439dbd7615d1f4051642=3da6d2a0d507439dbd7615d1f4051642&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"v1q6iq9pyn",{"createdDate":310,"id":311,"name":312,"modelId":266,"published":13,"stageModifiedSincePublish":6,"query":313,"data":314,"variations":339,"lastUpdated":340,"firstPublished":341,"testRatio":23,"createdBy":253,"lastUpdatedBy":303,"folders":342,"meta":343,"rev":308},1770806880777,"e5734d3210a244bfb1192f383a498d15","How Push detects and responds to new security gaps attacks and zero-day threats",[],{"category":315},{"questions":316,"categoryHeading":338},[317,320,323,326,329,332,335],{"answer":318,"question":319},"\u003Cp>Most account takeover incidents don’t “break” MFA, they work around it by targeting users in the browser. Phishing is the most common path. Instead of crude emails alone, attackers use convincing, browser-based phishing pages that trick users into entering credentials or approving MFA challenges in real time. Once successful, the attacker gains access as the legitimate user.\u003C/p>\u003Cp>Another common technique involves infostealer malware stealing active session tokens from the browser. With a valid session token, attackers can access accounts without needing to bypass MFA at all, because MFA has already been satisfied.\u003C/p>\u003Cp>Credential stuffing is also widely used. Attackers test large volumes of stolen credentials against multiple applications, looking for accounts where MFA isn’t enforced consistently. These gaps are especially common in SaaS sprawl and shadow apps.\u003C/p>\u003Cp>To prevent \u003Ca href=\"https://pushsecurity.com/blog/how-to-prevent-account-takeover-with-push/\" rel=\"noopener noreferrer\" target=\"_blank\">account takeover\u003C/a>, organizations should enforce MFA across all employee accounts and monitor for suspicious authentication activity. Understanding \u003Ca href=\"https://pushsecurity.com/help/understanding-mfa-status\" rel=\"noopener noreferrer\" target=\"_blank\">employee MFA status\u003C/a> helps identify gaps in your security posture.\u003C/p>","How are MFA attacks used to take over accounts?",{"answer":321,"question":322},"\u003Cp>With malicious \u003Ca href=\"https://pushsecurity.com/blog/an-investigation-guide-for-assessing-app-to-app-oauth-integration-risk\" rel=\"noopener noreferrer\" target=\"_blank\">OAuth integrations\u003C/a>, attackers trick users into granting access to attacker-controlled apps by abusing the OAuth consent flow. \u003Ca href=\"https://pushsecurity.com/blog/consentfix\" rel=\"noopener noreferrer\" target=\"_blank\">ConsentFix\u003C/a> is particularly dangerous because it doesn't require a password or MFA at all.&nbsp;\u003C/p>\u003Cp>\u003Ca href=\"https://pushsecurity.com/help/how-does-push-detect-stolen-credentials\" rel=\"noopener noreferrer\" target=\"_blank\">Stolen credentials\u003C/a> remain a powerful complement to this strategy. When attackers phish credentials or deploy infostealer malware, they acquire passwords and session tokens that can be monetized immediately or sold to other threat actors. Automated tools test stolen passwords across hundreds of apps. Most go undetected because the target apps either lack MFA entirely or have \"ghost logins\". These are local accounts that accept passwords with no second factor required.\u003C/p>\u003Cp>Browser-based attacks are one of the paths of least resistance for cybercriminals.\u003C/p>","How do threat actors use malicious OAuth integrations and stolen credentials?",{"answer":324,"question":325},"\u003Cp>Employees often adopt AI tools faster than security teams can track them. \u003Ca href=\"https://pushsecurity.com/blog/what-push-data-reveals-about-the-state-of-shadow-ai\" rel=\"noopener noreferrer\" target=\"_blank\">Push's own telemetry across customer environments\u003C/a> shows the average organization has 16 AI apps, 17 AI browser extensions, and 17 AI OAuth integrations in active weekly use across its workforce. Most of these are unapproved with 38% of file uploads to AI tools coming from shadow accounts that sit outside enterprise controls. Traditional network-based security controls have very limited visibility there. However, Push gives admins visibility into every AI interaction their workforce touches.\u003C/p>\u003Cp>Push captures live telemetry directly from the browser to identify every AI-native and AI-enhanced application users access. Security teams can see which corporate identities are connected to which tools. They're able to see how data flows between tools and which new AI apps emerge across environments in real time.\u003C/p>\u003Cp>With visibility, governance becomes straightforward. Push enables AI classification. To manage AI risk, apps can be categorized by sensitivity, purpose, and policy status. For tools you choose to allow, you can deploy custom in-browser banners requiring users to read and acknowledge your acceptable use policy before proceeding. This creates an auditable trail that moves policy to an active control embedded in the workflow itself.\u003C/p>\u003Cp>Push blocks \u003Ca href=\"https://pushsecurity.com/solution/achieve-security-outcomes/secure-ai\" rel=\"noopener noreferrer\" target=\"_blank\">shadow AI\u003C/a> tools deemed non-compliant or too risky directly in the browser. This prevents users from accessing the site or submitting data in the first place. This provides an immediate, powerful way to stop data exfiltration and enforce a hard line on unacceptable risk. Push is able to \u003Ca href=\"https://pushsecurity.com/resources/ai-starts-browser\" rel=\"noopener noreferrer\" target=\"_blank\">find every single AI interaction in your environment starts in the browser\u003C/a>.\u003C/p>","How does Push help to secure organizations that use GenAI apps?",{"answer":327,"question":328},"\u003Cp>Push detects threats before account compromise by monitoring for attack indicators directly in the browser where identity attacks unfold. This includes: detecting phishing kits and browser-native attacks (like ConsentFix) in real-time, preventing credential reuse on suspicious sites, identifying malicious browser extensions, blocking weak password creation, detecting session hijacking attempts, and stopping credentials from being entered on fraudulent sites. Push's browser extension operates at the session level, giving defenders visibility into attacker behavior as it happens. This happens before credentials are stolen or accounts are compromised. Recently, Push Security detected and blocked \u003Ca href=\"https://pushsecurity.com/blog/installfix\" rel=\"noopener noreferrer\" target=\"_blank\">InstallFix\u003C/a>. It's a novel browser-based attack technique surfaced through Push's agentic threat hunting pipeline before any other vendor. It exploits clipboard-based installation workflows to deliver malware while bypassing email gateways and endpoint signatures entirely. This is related to \u003Ca href=\"https://pushsecurity.com/blog/consentfix\" rel=\"noopener noreferrer\" target=\"_blank\">ConsentFix\u003C/a>, which Push also discovered and blocked.\u003C/p>","How does Push detect \"left of boom\" threats to prevent breaches or mitigate the impacts of attacks?",{"answer":330,"question":331},"\u003Cp>Push discovers \u003Ca href=\"https://pushsecurity.com/solution/achieve-security-outcomes/secure-shadow-saas\" rel=\"noopener noreferrer\" target=\"_blank\">shadow SaaS\u003C/a> by monitoring all browser activity in real-time. When employees access any cloud application through their browser (whether it's a new signup or existing account) Push captures the activity and identifies the app, even if it's unmanaged by IT, not integrated with SSO, on a free tier, or being tested without approval. Administrators receive real-time notifications when new applications are discovered. Unlike CASB solutions that rely on network traffic analysis or API integrations, Push operates at the browser layer where work actually happens, providing comprehensive visibility into shadow SaaS regardless of network location or device management status. This is particularly important as employees increasingly work from personal devices and access apps outside corporate network controls.\u003C/p>","How does Push help me discover shadow applications in my environment?",{"answer":333,"question":334},"\u003Cp>Yes. When browser extension visibility is enabled, Push enumerates every extension installed across the employee browser estate. This shows which extensions each employee has, how they were installed, and what permissions each one holds. \u003C/p>\u003Cp>Across Push's customer base, 46.76% of installed extensions have permission combinations sufficient for account takeover, which is what makes visibility the foundation for any meaningful extension control. From the same view, you can block extensions globally, build explicit allowlists, and monitor for ownership transfers, permission escalations, and delisting events that often precede a supply-chain compromise. In comparison, typical \u003Ca href=\"https://pushsecurity.com/blog/why-browser-extension-risk-scoring-wont-predict-your-next-breach\" rel=\"noopener noreferrer\" target=\"_blank\">extension risk scoring won't predict your next breach\u003C/a>.\u003C/p>","Can Push see other browser extensions employees have installed?",{"answer":336,"question":337},"\u003Cp>Push deploys as a browser extension, which means it works on personal and contractor devices that sit outside MDM. Employees can self-enroll through a managed landing page, optionally gated behind conditional access for BYOD scenarios. Once installed, Push observes corporate identity activity wherever it happens — across personal browsers, contractor laptops, Chromebooks, and agentic browsers — and surfaces the same phishing, session hijacking, credential reuse, and shadow SaaS signals it sees on managed endpoints. Here's how to \u003Ca href=\"https://pushsecurity.com/solution/achieve-security-outcomes/secure-bring-your-own-device\" rel=\"noopener noreferrer\" target=\"_blank\">secure BYOD with Push\u003C/a>.\u003C/p>","How does Push protect employees on BYOD and unmanaged devices?","How Push detects and responds to new security gaps, attacks, and zero-day threats.",{},1780925982928,1770806989638,[],{"breakpoints":344,"lastPreviewUrl":345,"kind":28,"hasErrors":6,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"https://app.stg.pushsecurity.com/faq?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=faq-data&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.faq-data=e5734d3210a244bfb1192f383a498d15&builder.overrides.e5734d3210a244bfb1192f383a498d15=e5734d3210a244bfb1192f383a498d15&builder.options.locale=Default",{"createdDate":347,"id":348,"name":349,"modelId":266,"published":13,"stageModifiedSincePublish":6,"query":350,"data":351,"variations":373,"lastUpdated":374,"firstPublished":375,"testRatio":23,"createdBy":303,"lastUpdatedBy":303,"folders":376,"meta":377,"rev":308},1771017398908,"ebe5810be49b4fe8a53a0af419912e30","How Push Security compares to different security tools",[],{"category":352},{"questions":353,"categoryHeading":372},[354,357,360,363,366,369],{"question":355,"answer":356},"What data and control can Push provide for administrators? How does it compare to antivirus or EDR?","\u003Cp>Push provides administrators with full visibility into user activity, attacker behavior, and session-level risk in the browser. This includes: all apps being accessed (managed and shadow), account security posture (password strength, MFA status, leaked credentials), authentication methods, browser extensions and their permissions, suspicious browser activity, phishing attempts, session hijacking, and real-time security events. Administrators can enforce controls like blocking attacks, preventing credential reuse, detecting malicious extensions, and guiding users through in-browser prompts. Unlike antivirus/EDR which focus on endpoint processes and file-based threats, Push operates at the browser layer where modern work happens. EDR sees processes; Push sees browser sessions, SaaS interactions, and identity-based attacks. Push complements EDR by providing browser telemetry that endpoint tools cannot observe. Think of Push as \u003Ca href=\"https://pushsecurity.com/blog/push-plus-endpoint-security\" rel=\"noopener noreferrer\" target=\"_blank\">EDR in the browser\u003C/a>.\u003C/p>",{"question":358,"answer":359},"How does Push Security integrate with SIEMs and other data collection tools?","\u003Cp>Push integrates with SIEMs and security tools through a REST API and webhooks. You can configure webhooks to send Push events (security detections, new app discoveries, account findings, browser threats, etc.) to any \u003Ca href=\"https://pushsecurity.com/help/audience/administrators/docs/connect-to-siem-or-soar/\" rel=\"noopener noreferrer\" target=\"_blank\">SIEM or SOAR platform\u003C/a>. The Events page in the admin console shows all events with their attributes to help you plan integrations. Push recently added the ability to select specific event types to send via webhooks, and offers integrations with platforms like Microsoft Sentinel. Push uses standard JSON format and includes signature verification for webhook security. You can also query Push data programmatically via the REST API for custom integrations and automation, enabling you to aggregate browser telemetry with other security signals for comprehensive threat detection and response.\u003C/p>",{"answer":361,"question":362},"\u003Cp>The Push browser extension is compatible with: Google Chrome, Microsoft Edge, Firefox, Safari, Brave, Opera, Arc, Island, Prisma Access, Comet, Atlas, and Dia. The most current list can be found at \"\u003Ca href=\"https://pushsecurity.com/help/what-browsers-does-push-support\" rel=\"noopener noreferrer\" target=\"_blank\">What browsers does Push support\u003C/a>?\"\u003C/p>","What browsers does Push work with?",{"answer":364,"question":365},"\u003Cp>Push and ZScaler serve different but complementary security functions. ZScaler is a Secure Service Edge (SSE) platform providing network-level security including Secure Web Gateway, CASB, and Zero Trust Network Access—it inspects traffic and enforces policies at the network layer. Push is a browser-based detection and response platform operating at the browser/session layer where users actually work and where most modern attacks occur. While ZScaler focuses on network traffic inspection, Push provides visibility into what happens inside browser sessions, tabs, and SaaS interactions—areas where network tools are blind. Push detects browser-native threats like phishing kits, malicious extensions, session hijacking, and identity attacks that bypass network controls. Push complements ZScaler by providing browser telemetry and session-level security that network-layer tools cannot observe, particularly for shadow SaaS accessed from unmanaged devices or personal browsers.\u003C/p>","How does Push compare against ZScaler?",{"answer":367,"question":368},"\u003Cp>CrowdStrike Falcon focuses on endpoint detection and response (EDR), providing visibility into processes, files, and OS-level activity on endpoints. Push Security provides browser-based detection and response with visibility into browser sessions, SaaS interactions, and identity attacks. CrowdStrike sees: malware, suspicious processes, file activity, kernel-level threats. Push sees: phishing attempts in the browser, credential reuse, password security, session hijacking, malicious browser extensions, shadow SaaS access, and identity-based attack techniques. To an EDR tool, everything the browser does appears as a single process—it cannot see inside browser sessions or distinguish between legitimate user activity and browser-based attacks. Push operates at the browser layer, providing the granular visibility and context that EDR cannot capture. Together, CrowdStrike and Push provide defense-in-depth: CrowdStrike protects the endpoint; Push protects the browser where modern work and attacks occur.\u003C/p>","What does Crowdstrike see versus Push Security?",{"question":370,"answer":371},"Is Push Security compatible integrating with other security tools?","\u003Cp>Yes, Push Security integrates with other security platforms through its REST API and webhook capabilities. Push can send security events, browser-based detections, and findings to security products via webhooks, allowing you to aggregate Push's browser security telemetry with threat detection capabilities. You can configure which events to send, set up authentication, and use Push's API for programmatic queries. The integration enables you to correlate browser-based attacks detected by Push (phishing, session hijacking, shadow SaaS, malicious extensions) with other security signals, create custom detections, and automate response workflows. Push's browser telemetry provides unique session-level data that complements other tool's endpoint and network visibility—creating a more complete picture of your security posture across endpoints, networks, and browsers.\u003C/p>","How Push Security compares to different security tools.",{},1780691002599,1771017602827,[],{"lastPreviewUrl":378,"breakpoints":379,"kind":28,"hasErrors":6,"hasAutosaves":6},"https://app.stg.pushsecurity.com/faq?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=faq-data&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.faq-data=ebe5810be49b4fe8a53a0af419912e30&builder.overrides.ebe5810be49b4fe8a53a0af419912e30=ebe5810be49b4fe8a53a0af419912e30&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},{"createdDate":381,"id":382,"name":383,"modelId":266,"published":13,"stageModifiedSincePublish":6,"query":384,"data":385,"variations":407,"lastUpdated":408,"firstPublished":409,"testRatio":23,"createdBy":303,"lastUpdatedBy":303,"folders":410,"meta":411,"rev":308},1771017729177,"a67955c9751d4e3dab6f47df7f4ebeac","How to use Push Security",[],{"category":386},{"questions":387,"categoryHeading":406},[388,391,394,397,400,403],{"question":389,"answer":390},"How does Push handle data and privacy?","\u003Cp>The Push browser agent is designed to inspect and process only information that is related to browser threat detection &amp; response. Get a much more detailed description of \u003Ca href=\"https://pushsecurity.com/help/audience/administrators/docs/install-the-browser-extension/#what-data-is-collected\" rel=\"noopener noreferrer\" target=\"_blank\">the data we collect\u003C/a>, our \u003Ca href=\"https://pushsecurity.com/legal/privacy/\" rel=\"noopener noreferrer\" target=\"_blank\">privacy policy\u003C/a>, and \u003Ca href=\"https://pushsecurity.com/legal/subprocessors/?subprocessor=processor\" rel=\"noopener noreferrer\" target=\"_blank\">sub-processors\u003C/a>.\u003C/p>",{"answer":392,"question":393},"\u003Cp>No. The Push browser extension analyzes passwords as they are entered as a way to enforce controls or protect them from phishing attacks, and we take a salted partial hash that is only accessible to the extension for future checks. Passwords are never stored and never leave the browser. Still curious about how the \u003Ca href=\"https://pushsecurity.com/help/10065/#start\" rel=\"noopener noreferrer\" target=\"_blank\">Push browser extension securely analyzes passwords\u003C/a>? Take the link for a deeper dive into it.\u003C/p>","Will Push record all of our employees' passwords?",{"answer":395,"question":396},"\u003Cp>Push delivers immediate protection with out-of-the-box detections and controls for a range of attack types. Within minutes, you can defend your workforce against phishing, ATO with stolen credentials, and session hijacking, while enforcing essential security measures like MFA and strong, unique passwords. On \u003Ca href=\"https://pushsecurity.com/help/what-browsers-does-push-support\" rel=\"noopener noreferrer\" target=\"_blank\">our list of compatible browsers\u003C/a>, we include links to managed deployment methods.\u003C/p>\u003Cp>Most \u003Ca href=\"https://pushsecurity.com/customer-stories\" rel=\"noopener noreferrer\" target=\"_blank\">Push customers deploy to over 1k users\u003C/a> in under an hour, all during normal office hours, with zero downtime. Push is built for seamless, enterprise-ready implementation.\u003C/p>","How long does Push take to set up?",{"question":398,"answer":399},"How do you deploy and manage the Push Security browser extension across an organization?","\u003Cp>Push offers multiple deployment methods to \u003Ca href=\"https://pushsecurity.com/help/audience/administrators/docs/install-the-browser-extension#installation-options\" rel=\"noopener noreferrer\" target=\"_blank\">install the Push extension\u003C/a>: (1) Managed deployment via MDM, Google Admin Console, or Microsoft Group Policy (recommended); (2) Email enrollment; (3) Self-enrollment landing page.\u003C/p>",{"question":401,"answer":402},"What is Push Security's impact to network performance?","\u003Cp>Push has minimal network impact. This is because the extension is lightweight and operates locally in the browser. This reflects our commitment to maintaining a high-performant solution.\u003C/p>",{"question":404,"answer":405},"Does Push help with AI regulatory compliance?","\u003Cp>Yes, Push security helps with AI regulatory compliance. AI regulations across the EU, US, and UK converge on five obligation categories that most organizations can't meet without browser-layer visibility into how employees actually use AI tools — AI inventory, AI literacy, data governance, phishing-resistant authentication, and third-party AI risk. Push discovers AI apps, extensions, and OAuth integrations in active use across the workforce; delivers in-browser policy banners that double as auditable AI-literacy controls; monitors data exposure to AI tools; enforces MFA; and tracks third-party AI access at the identity layer. Here's how Push \u003Ca href=\"https://pushsecurity.com/blog/browser-visibility-and-control-can-achieve-ai-compliance\" rel=\"noopener noreferrer\" target=\"_blank\" style=\"font-size: 14px;\">supports specific AI compliance regulations\u003C/a> including the EU AI Act, DORA, NYDFS Part 500, HIPAA, and the UK Data Use and Access Act, with penalty figures and capability mappings for each.\u003C/p>","How to use Push Security.",{},1780926124422,1771018010912,[],{"lastPreviewUrl":412,"kind":28,"breakpoints":413,"hasErrors":6,"hasAutosaves":6},"https://app.stg.pushsecurity.com/faq?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=faq-data&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.faq-data=a67955c9751d4e3dab6f47df7f4ebeac&builder.overrides.a67955c9751d4e3dab6f47df7f4ebeac=a67955c9751d4e3dab6f47df7f4ebeac&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},1784196749700]