[{"data":1,"prerenderedAt":1204},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":36,"navbar-about-highlight":108,"navbar-resource-highlight":182,"product-page-v-2":226,"allCustomerStories":409,"video-carousel":1099},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"query":14,"data":15,"variations":20,"lastUpdated":21,"firstPublished":22,"testRatio":23,"createdBy":24,"lastUpdatedBy":25,"folders":26,"meta":27,"rev":35},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner","1c6207a5f24948ab82d4a0b17f251193","published",[],{"type":16,"url":17,"text":18,"link":19},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,1,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2","jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":28,"lastPreviewUrl":29,"breakpoints":30,"hasAutosaves":34},"data","",{"xsmall":31,"small":32,"medium":33},320,640,768,true,"ga0kpxjhh76",{"createdDate":37,"id":38,"name":39,"modelId":40,"published":13,"stageModifiedSincePublish":6,"query":41,"data":42,"variations":97,"lastUpdated":98,"firstPublished":99,"testRatio":23,"createdBy":100,"lastUpdatedBy":101,"folders":102,"meta":103,"rev":107},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":43,"text":44,"url":29,"blocks":45,"state":93},"ewrererw","testrfesssssssssss",[46,73,81],{"@type":47,"@version":48,"id":49,"component":50,"responsiveStyles":63},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":51,"tag":51,"options":52,"isRSC":62},"TopBannerContent",{"text":53,"ctaText":54,"url":55,"mainText":56,"cta":59},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks","Save Your Spot","https://pushsecurity.com/webinar/state-of-browser-security",{"content":57,"fontSize":58},"\u003Cp>Meet Push's browser security experts at BlackHat 2026.\u003C/p>","text-base",{"content":60,"fontSize":58,"url":61},"\u003Cp>Book a meeting →\u003C/p>","https://pushsecurity.com/events/blackhat-2026-meeting",null,{"large":64},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":70,"marginBottom":70,"fontSize":71,"fontWeight":72},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"@type":47,"@version":48,"id":74,"component":75,"responsiveStyles":79},"builder-a2e1f4b9f30b464bb814d7f5de5b0aa7",{"name":76,"options":77,"isRSC":62},"Custom Code",{"code":78,"scriptsClientOnly":6},"\u003Cstyle>\n  .top-banner.bg-web-orange{background:rgb(114, 79, 255);}\n\u003C/style>\n",{"large":80},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":82,"@type":47,"tagName":83,"properties":84,"responsiveStyles":88},"builder-pixel-o503s4fpvk","img",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":89},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},"block","hidden","none",{"deviceSize":94,"location":95},"large",{"path":29,"query":96},{},{},1783541846936,1774968080803,"ST0tXQM8slWpFrmioqKHmENB2qe2","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"kind":104,"lastPreviewUrl":105,"hasLinks":6,"breakpoints":106,"hasErrors":6,"hasAutosaves":6},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"kyujw1aptq",[109,145],{"createdDate":110,"id":111,"name":112,"modelId":113,"published":13,"stageModifiedSincePublish":6,"query":114,"data":115,"variations":138,"lastUpdated":139,"firstPublished":140,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":141,"meta":142,"rev":144},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":116,"type":117,"testimonialLink":118,"testimonial":119},{},"testimonial","/customer-stories/inductive-automation",{"@type":120,"id":121,"model":117,"value":122},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79",{"query":123,"folders":124,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":128,"variations":132,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":135,"rev":137},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":129,"jobTitle":130,"quote":126,"image":131},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,{"kind":28,"lastPreviewUrl":29,"breakpoints":136,"hasAutosaves":34},{"small":32,"medium":33},"e8bsg4qrgtu",{},1776247404986,1776247404973,[],{"breakpoints":143,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"g9lqcuxphw7",{"createdDate":146,"id":147,"name":148,"modelId":113,"published":13,"meta":149,"stageModifiedSincePublish":6,"query":151,"data":152,"variations":178,"lastUpdated":179,"firstPublished":180,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":181,"rev":144},1776255761419,"05a9322735fc427db12e2740e4302300","Report: 2026 Browser Attack Techniques",{"breakpoints":150,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":153,"link":172,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":155},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":156,"folders":157,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":160,"variations":166,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":169,"rev":171},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":28,"lastPreviewUrl":29,"breakpoints":170,"hasAutosaves":34},{"small":32,"medium":33},"ulhc0im1hfo",{"text":173,"url":174},"Download now","/resources/browser-attacks-report","resource","Learn about the latest techniques being used in the wild.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9",{},1776255810913,1776255810900,[],[183,205],{"createdDate":184,"id":185,"name":148,"modelId":186,"published":13,"meta":187,"stageModifiedSincePublish":6,"query":189,"data":190,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":203,"rev":204},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":188,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":191,"link":199,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":192},{"query":193,"folders":194,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":195,"variations":196,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":197,"rev":171},[],[],{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":198,"hasAutosaves":34},{"small":32,"medium":33},{"text":173,"url":174},{},1776256937553,1776256937540,[],"xggsv10v1q9",{"createdDate":206,"id":207,"name":208,"modelId":186,"published":13,"stageModifiedSincePublish":6,"query":209,"data":210,"variations":220,"lastUpdated":221,"firstPublished":222,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":223,"meta":224,"rev":204},1776256949234,"ce043785b71b4ece98eac811ecf4ba10","inductive-automation",[],{"link":211,"type":117,"testimonial":212,"testimonialLink":118},{},{"@type":120,"id":121,"model":117,"value":213},{"query":214,"folders":215,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":216,"variations":217,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":218,"rev":137},[],[],{"author":129,"jobTitle":130,"quote":126,"image":131},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":219,"hasAutosaves":34},{"small":32,"medium":33},{},1776256974140,1776256974130,[],{"breakpoints":225,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":227,"id":228,"name":229,"modelId":230,"published":13,"stageModifiedSincePublish":6,"query":231,"data":237,"variations":397,"lastUpdated":398,"firstPublished":399,"testRatio":23,"screenshot":400,"createdBy":401,"lastUpdatedBy":402,"folders":403,"meta":404,"rev":408},1768996260885,"35a9159019824514911f127177027fef","Product","8664f138e46a4dde818fca29fea925e7",[232],{"@type":233,"property":234,"operator":235,"value":236},"@builder.io/core:Query","urlPath","is","/product",{"seoDescription":238,"themeId":6,"title":239,"inputs":240,"seoTitle":241,"jsCode":242,"blocks":243,"url":236,"state":394},"Rich browser telemetry. Controls that act instantly. Autonomous agents that never stop hunting. The most powerful AI-native security tool in the browser.","Product V2",[],"AI-Native Browser Security Platform","var __awaiter=function(e,n,t,r){return new(t||(t=Promise))((function(o,i){function a(e){try{l(r.next(e))}catch(e){i(e)}}function u(e){try{l(r.throw(e))}catch(e){i(e)}}function l(e){var n;e.done?o(e.value):(n=e.value,n instanceof t?n:new t((function(e){e(n)}))).then(a,u)}l((r=r.apply(e,n||[])).next())}))},__generator=function(e,n){var t,r,o,i,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:u(0),throw:u(1),return:u(2)},\"function\"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function u(i){return function(u){return function(i){if(t)throw new TypeError(\"Generator is already executing.\");for(;a;)try{if(t=1,r&&(o=2&i[0]?r.return:i[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,i[1])).done)return o;switch(r=0,o&&(i=[2&i[0],o.value]),i[0]){case 0:case 1:o=i;break;case 4:return a.label++,{value:i[1],done:!1};case 5:a.label++,r=i[1],i=[0];continue;case 7:i=a.ops.pop(),a.trys.pop();continue;default:if(!(o=a.trys,(o=o.length>0&&o[o.length-1])||6!==i[0]&&2!==i[0])){a=0;continue}if(3===i[0]&&(!o||i[1]>o[0]&&i[1]\u003Co[3])){a.label=i[1];break}if(6===i[0]&&a.label\u003Co[1]){a.label=o[1],o=i;break}if(o&&a.label\u003Co[2]){a.label=o[2],a.ops.push(i);break}o[2]&&a.ops.pop(),a.trys.pop();continue}i=n.call(e,a)}catch(e){i=[6,e],r=0}finally{t=o=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,u])}}};function main(){return __awaiter(this,void 0,void 0,(function(){return __generator(this,(function(e){return Builder.isServer,Builder.isBrowser,[2]}))}))}var _virtual_index=main();return _virtual_index",[244,255,274,307,316,345,374,382,389],{"@type":47,"@version":48,"id":245,"component":246,"responsiveStyles":252},"builder-b0edb08ee35847a288a512fbefb1a6e5",{"name":247,"tag":247,"options":248,"isRSC":62},"ProductHero",{"title":249,"description":250,"image":251,"videoId":29},"\u003Cp>The most powerful \u003C/p>\u003Cp>\u003Cstrong style=\"color: rgb(255, 72, 36);\">AI-native \u003C/strong>security tool in the browser\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","\u003Cp>Rich browser telemetry. Controls that act instantly. Autonomous agents that never stop hunting. All from a single browser extension.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F51911c1aed4e45b6a21678f186049bdd",{"large":253},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingBottom":254,"marginBottom":254},"0px",{"@type":47,"@version":48,"id":256,"component":257,"responsiveStyles":272},"builder-9d7a0e445b00455194b91b2f06e91a28",{"name":258,"tag":258,"options":259,"isRSC":62},"AgenticDetectionEngine",{"card1":260,"card2":263,"card3":266,"card4":269},{"title":261,"subtext":262},"Hypothesis Development","\u003Cp>To identify emerging threats, Push's AI agents combine threat intelligence, human-led research, and AI-derived analysis of attacker adaptations to develop hypotheses for new hunts.\u003C/p>",{"title":264,"subtext":265},"Threat Hunting","\u003Cp>Push’s privacy-preserving architecture, powered by the Push browser agent, captures trillions of browser events, providing the hunting ground for Push’s AI agents. With this historical context and rich metadata of user interactions and DOM events, agents test hypotheses for new detections and tune out false positives.\u003C/p>",{"title":267,"subtext":268},"Autonomous Analysis","\u003Cp>When a hunt looks promising, agents deploy the full suite of analyst tools to investigate further, analyzing files, scripts, images, and domain intelligence to rapidly evaluate threats and return a verdict.\u003C/p>\n",{"title":270,"subtext":271},"Autonomous Detection Engineering","\u003Cp>With this analysis complete, agents trained on Push’s internal knowledge base and detection libraries develop new detections.\u003C/p>",{"large":273},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":275,"component":276,"responsiveStyles":305},"builder-fc986ea9d7e543f389f66c82781ca0c6",{"name":277,"tag":277,"options":278,"isRSC":62},"SecopsStack",{"heading":279,"content":280,"line1":281,"line2":287,"line3":293,"line4":299},"The modern SecOps stack","\u003Cp>Tools focused on the endpoint, network, and inbox are foundational. But attackers opened a new front inside the browser session, a layer those tools weren't built to inspect.\u003C/p>\n",{"label1":282,"label2":283,"content":284,"link":285},"Cloud services","CNAPP, ITDR & Email","\u003Cp>Your CNAPP and ITDR platforms secure your cloud infrastructure and your IdP, but not the browser session. Push secures access to your cloud resources via the browser.\u003C/p>",{"openInNewTab":34,"url":286},"/blog/push-plus-cloud-security",{"label1":288,"label2":289,"content":290,"link":291},"Browsers","Push Security","\u003Cp>Push Security provides blue teams with net-new visibility of browser-based attacks to complement your existing threat detection &amp; response stack.\u003C/p>",{"url":292,"openInNewTab":34},"/resources/product-brochure",{"label1":294,"label2":295,"content":296,"link":297},"Endpoints","EDR","\u003Cp>EDR doesn’t provide security in the browser layer. Push works alongside your EDR deployment to give you protection at the new layer for attackers.\u003C/p>",{"openInNewTab":34,"url":298},"/blog/push-plus-endpoint-security",{"label1":300,"label2":301,"content":302,"link":303},"Network","SSE","\u003Cp>Proxy based solutions like SSE, SWG, and CASB, see traffic, not what your users see. Push provides in-tab visibility into page structure, scripts, and user interaction.\u003C/p>",{"openInNewTab":34,"url":304},"/blog/push-plus-network-security",{"large":306},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":308,"component":309,"responsiveStyles":314},"builder-88d5019724df4b3b9ca56261352e9a51",{"name":310,"tag":310,"options":311,"isRSC":62},"WhyPush",{"heading":312,"subtext":313},"Hear what people are saying about Push","\u003Cp>Today’s security leaders know that defending the browser is key to the future of cyber defense. \u003C/p>",{"large":315},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":317,"component":318,"responsiveStyles":343},"builder-dce6bd38533a44bc8cf64d3267ab64b1",{"name":319,"tag":319,"options":320,"isRSC":62},"UsingPush",{"heading":321,"subsections":322},"Using the Push Platform",[323,328,333,338],{"heading":324,"content":325,"image":326,"imageDescription":327},"Stop attacks","\u003Cp>\u003Cstrong>Secure your organization via the browser.\u003C/strong>\u003C/p>\u003Cp>Detect and block in-browser threats in real time: phishing kits, token theft, and session hijacking. Push inspects page structure, content, and user interaction to spot cloned logins, malicious scripts, and credential misuse as the user sees them.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F64bf0069bca54712ad07b8443b15d613","Stop attacks image",{"heading":329,"content":330,"image":331,"imageDescription":332},"Investigate faster","\u003Cp>\u003Cstrong>Detect and respond like never before.\u003C/strong>\u003C/p>\u003Cp>Reconstruct what happened, fast. Push captures page loads, click paths, credential use, and token activity to build user/session timelines, revealing attacker behavior, blast radius, and OAuth exposure.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ffebef747913045fab3b55f87e318914f","Browser detection table",{"heading":334,"content":335,"image":336,"imageDescription":337},"Protect users","\u003Cp>\u003Cstrong>Gaps are everywhere,&nbsp;and attackers are looking for them.\u003C/strong>\u003C/p>\u003Cp>Close common gaps before they're abused. Push flags missing MFA, password reuse, non-SSO logins, shadow apps, and risky extensions, then guides users to remediate or enforces policy in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F25958911f74d446897d0bfaa9ee4185d","Phishing danger detected",{"heading":339,"content":340,"image":341,"imageDescription":342},"Secure AI use","\u003Cp>\u003Cstrong>Your users are already using AI. Now you can see exactly how.\u003C/strong>\u003C/p>\u003Cp>See real user activity inside AI tools: what’s typed, pasted, uploaded, and authorized. From shadow AI apps to agent access and extensions, you get a clear view of where data is going and what’s being exposed, along with controls to act immediately.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Faf2ff5470b574587b6a2498f98edc34d","AI dashboard",{"large":344},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":346,"component":347,"responsiveStyles":371},"builder-88f21980e70f4612b0ffaa30035b4aed",{"name":348,"tag":348,"options":349,"isRSC":62},"OneWeekGraph",{"sectionHeading":350,"curvePoints":351,"sectionSubtext":370},"One week in and already ahead of attackers",{"curvePoint1":352,"curvePoint2":359,"curvePoint3":363},{"heading":353,"subtext1":354,"subtext2":355,"graphic":356},"Day Zero","Rapid deployment via MDM, to every browser","Our record: 100k users in 1 hour during normal office hours.",{"imageAltText":357,"url":358},"Browser icons","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F69f0f35eefa54852b8e9dbe4891a0bcb",{"heading":360,"subtext1":361,"subtext2":362},"Day One","Instant protection and insights for your users","Stop phishing, session theft, and malware delivery from day 1",{"heading":364,"subtext1":365,"subtext2":366,"graphic":367},"Week One","Operationalize with 1st class IdP & SIEM integrations","Harness the power of browser telemetry to fix vulnerabilities and respond to incidents.",{"url":368,"imageAltText":369},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9c9b34b1dd13482e9969a6d0ff681e55?format=webp","Service integration icons","\n",{"large":372},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"pointerEvents":373},"auto",{"@type":47,"@version":48,"id":375,"component":376,"responsiveStyles":380},"builder-13c02078886c4f50a5f680fbe9049a1c",{"name":377,"tag":377,"options":378,"isRSC":62},"ProductOutcomes",{"sectionHeading":379},"How security teams use Push",{"large":381},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":383,"component":384,"responsiveStyles":387},"builder-40c4203f62064e5ca721118cb7bbc66b",{"name":76,"options":385,"isRSC":62},{"code":386,"scriptsClientOnly":6},"\u003Cstyle>\n      /*-- Hero Styling --*/\n      .max-w-\\[848px\\] {\n          max-width: 990px;\n      }\n\n    @media (min-width: 640px) {\n        .sm\\:\\[\\&\\>span\\]\\:block>span {\n            display: block;\n        }\n\n        .sm\\:\\[\\&\\>span\\]\\:block>span:nth-of-type(3) {\n            display: none;\n        }\n    }\n\n  /*-- Resizing the Research-led Bigger Picture --*/\n\n  @media (max-width: 768px) {\n      .root[data-v-251be4c5] .grid.grid-cols-4  {\n      display: block;\n      }\n\n      .root[data-v-251be4c5] .grid.grid-cols-4 > div:first-child {\n      display: flex;\n      justify-content: center;\n      padding-top: 1rem;\n    }\n\n    .root[data-v-251be4c5] .grid.grid-cols-4 .col-2 {\n      text-align: center;\n      padding: 0 1.5rem 0.5rem;\n      margin-top: 3rem;\n    }\n  }\n\n  @media (max-width: 500px) {\n    .builder-f5cb79a594a34780971adea9d8c1d010.builder-block .root[data-v-251be4c5] .grid.grid-cols-4 .col-2 {\n      margin-top: 1rem;\n      padding: 0 0 0.5rem;\n    }\n  }\n\u003C/style>\n",{"large":388},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":390,"@type":47,"tagName":83,"properties":391,"responsiveStyles":392},"builder-pixel-3x6jc31kndw",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},{"large":393},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},{"deviceSize":94,"location":395},{"path":29,"query":396},{},{},1780931742705,1768996546191,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd37e991acf9148549e2657beae2c9aa1","SfUPqW5tkibIPby49keNFMdHFTr1","ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"lastPreviewUrl":405,"breakpoints":406,"hasLinks":6,"hasErrors":6,"kind":407,"hasAutosaves":6},"https://pushsecurity.com/product?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=product-page-v-2&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.product-page-v-2=35a9159019824514911f127177027fef&builder.overrides.35a9159019824514911f127177027fef=35a9159019824514911f127177027fef&builder.overrides.product-page-v-2:/product=35a9159019824514911f127177027fef&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"page","4j47cinmtwl",[410,572,693,849,985],{"createdDate":411,"id":412,"name":413,"modelId":414,"published":13,"stageModifiedSincePublish":6,"query":415,"data":418,"variations":562,"lastUpdated":563,"firstPublished":564,"testRatio":23,"screenshot":565,"createdBy":24,"lastUpdatedBy":402,"folders":566,"meta":567,"rev":571},1782496879262,"be1ebe46f8a14568940ee6ab5c83bb34","Te Herenga Waka–Victoria University of Wellington","989720d5a128470cb938ca12aedfef29",[416],{"@type":233,"property":234,"operator":235,"value":417},"/customer-stories/te-herenga-waka-victoria-university-of-wellington",{"themeId":6,"resourcesPageImage":419,"effectivePublishDate":420,"logo":421,"ogImage":419,"resourcesPageDescription":422,"indexPageDescription":423,"indexPageDesciption":424,"description":425,"resourcesPageTitle":426,"seoDescription":425,"title":427,"seoTitle":426,"blocks":428,"url":417,"state":559},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F493a92b20a2d48059cae31879ff4250a","Sat Nov 15 2025 00:00:00 GMT+0000 (Greenwich Mean Time)","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd8eba90763f942579e300bfbf5a3a55c","How the Victoria University of Wellington (VUW) leverages Push to govern AI tool usage and solve phishing problems.","Using Push, the Victoria University of Wellington (VUW) security team found a tool to govern AI tool usage across a diverse workforce, while also solving its phishing problem at the same time.","Push helped Inductive find and secure shadow accounts and apps with high-fidelity data in a way that didn't interfere with employees productivity.","How Te Herenga Waka–Victoria University of Wellington uses Push to block phishing. ","Customer Story: Te Herenga Waka–Victoria University of Wellington","dummy",[429,441,472,487,507,524,544,554],{"@type":47,"@version":48,"id":430,"meta":431,"component":433,"responsiveStyles":439},"builder-ffc6901f9c824caca8ff10696a6e59df",{"previousId":432},"builder-d24b4ac0dd42473296e916eb5192bacf",{"name":434,"tag":435,"options":436,"isRSC":62},"CS Hero","CustomerStoriesHero",{"heroTitle":426,"heroDescription":437,"heroLogo":421,"glowColor":438},"\u003Cp>With Push, the Victoria University of Wellington (VUW) security team found a tool to govern AI usage across a diverse workforce, while also solving its phishing problem at the same time.\u003C/p>","#5EBCB7",{"large":440},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":442,"meta":443,"component":445,"responsiveStyles":470},"builder-b24b29e998c5483e9daf828295627193",{"previousId":444},"builder-b79065fa8efd4eb68427e7648ec49e0c",{"name":446,"tag":447,"options":448,"isRSC":62},"CS Summary","CustomerStoriesSummary",{"summaryTitle":449,"summaryDescription":450,"summaryStat1":451,"summaryStat2":455,"summaryStat3":459,"summaryStat4":460,"stats":461},"About Victoria University of Wellington","\u003Cp>Victoria University of Wellington is a public research-intensive university in Wellington, New Zealand, with approximately 3,000 staff and faculty. A five-person security team manages a Microsoft-heavy environment with significant on-premises infrastructure and an in-house SOC with on-call coverage. Like most universities, VUW has to balance security with academic freedom. Blocking access to tools is a non-starter, so the team needed controls that could guide behavior without restricting it.\u003C/p>\n\u003Cp>\u003Cbr />\u003C/p>\n\u003Cp>\u003Cstrong style=\"color: rgb(255, 72, 36);\">Why Victoria University of Wellington chose Push:\u003C/strong>\u003C/p>\n\u003Cul>\n  \u003Cli>Existing tools offered binary choices — block or allow — but the university needed more granular guardrails that could surface policy when a tool is used without preventing access to AI or other applications.\u003C/li>\n  \u003Cli>Browser-based phishing was impacting up to 5 staff per month, and the team had no visibility into what was actually happening inside the browser session during an attack.\u003C/li>\n  \u003Cli>Both problems pointed to the same gap: Nothing in the stack could see or act inside the browser.\u003C/li>\n  \u003Cli>Push deployed to approximately 3,000 managed devices via group policy with no end-user problems and no service disruption.\u003C/li>\n\u003C/ul>\n",{"icon":452,"value":453,"gap":62,"extraValueText":29,"helpText":454},"faShieldCheck",1118,"Users protected",{"icon":456,"value":23,"gap":23,"extraValueText":457,"helpText":458},"faStopwatch","+","Hours saved per investigation",{"icon":29,"value":62,"extraValueText":29,"helpText":29},{"icon":29,"value":62,"extraValueText":29,"helpText":29},[462,467],{"formatValue":34,"icon":463,"value":464,"gap":465,"helpText":466,"extraValueText":29},"faUsers",3000,0,"Users protected by Push",{"formatValue":6,"icon":452,"value":468,"gap":465,"helpText":469,"extraValueText":29},5,"phishing attacks blocked per month",{"large":471},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginLeft":254},{"@type":47,"@version":48,"id":473,"meta":474,"component":476,"responsiveStyles":485},"builder-e9228a6b4aae4af5bbd2138ea231c02f",{"previousId":475},"builder-02be3f7cafb3473baa83d3132b6aa9f2",{"name":477,"tag":478,"options":479,"isRSC":62},"CS Quote Carousel","CustomerStoriesQuoteCarousel",{"quoteCarousel":480},[481],{"author":482,"jobTitle":483,"quote":484},"Leanne Gibson","CIO, Victoria University of Wellington","\u003Cp>The value of Push has been its ability to connect policy, education, and security into a single control — raising awareness across the university while demonstrably strengthening our prevention-first cyber approach.\u003C/p>",{"large":486},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingBottom":254},{"@type":47,"@version":48,"id":488,"meta":489,"component":491,"responsiveStyles":505},"builder-431038ad700345c58c520b460b532fa3",{"previousId":490},"builder-70d8cc0ef9894b2485588da68e6662fd",{"name":492,"tag":493,"options":494,"isRSC":62},"CS Quote Summary","CustomerStoriesQuoteSummary",{"theme":495,"sections":496,"title":503,"diagonalVariant":504},"dark-gradient",[497],{"text":498,"quotes":499},"\u003Ch3>\u003Cstrong>Two problems, one blind spot\u003C/strong>\u003C/h3>\u003Cp>University security teams face a constraint most enterprise security leaders don't: You can't block your way to safety.&nbsp;\u003C/p>\u003Cp>Restricting access to a tool, even one with genuine risk, runs into a culture of academic freedom and researcher autonomy that shapes every security decision. That tension has always existed, but the combination of rapidly evolving browser-based attacks and an explosion of new AI tools has made it significantly harder to manage.&nbsp;\u003C/p>\u003Cp>With the landscape shifting on a daily basis, VUW's security team needed to keep faculty and staff working securely without resorting to being overly restrictive.\u003C/p>\u003Cp>The symptoms of these challenges were obvious to VUW’s five-person security team, led by cybersecurity manager Stephen Shkardoon.\u003C/p>\u003Cp>They had identified two core security problems they needed to solve that at first seemed unrelated.\u003C/p>\u003Cp>The first was browser-based phishing. As many as five staff members a month were being impacted by phishing, most apparently through email. But the actual chain of events was largely invisible. The team could see that someone had been compromised, but they couldn't see how.&nbsp;\u003C/p>\u003Cp>\"They'd get infected with malware,\" Stephen explained. \"But we had too many infections to worry about root-causing every single one.\"&nbsp;\u003C/p>\u003Cp>Without visibility into what happened inside the browser, attackers arriving through malicious search results, ClickFix-style lures, or transient infrastructure left no trace the team could reach.\u003C/p>\u003Cp>The second problem was AI governance.&nbsp;\u003C/p>\u003Cp>A cross-functional working group was grappling with how to govern staff use of AI tools. Microsoft Copilot was the sanctioned option. ChatGPT and others occupied a grey area. The university developed a policy, but as Stephen put it, \"a published policy is not the same thing as people actually doing that.\"&nbsp;\u003C/p>\u003Cp>What the working group needed was a mechanism to surface the university’s AI policy at the exact moment someone was about to act against it, without blocking the tool.\u003C/p>\u003Cp>Stephen saw the connection. Both problems pointed to the same architectural gap: Nothing in the team’s existing stack could see or act inside the browser session. The phishing problem needed browser-layer visibility. The AI governance problem needed browser-layer controls.&nbsp;\u003C/p>\u003Cp>The same tool could solve both — if it existed.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[500],{"quote":501,"quoteBy":502},"\u003Cp>\u003Cstrong>So much phishing protection is just trying to train your users to be experts. I really don't like it.\u003C/strong>\u003C/p>","Victoria University of Wellington","Business Challenge","black-black",{"large":506},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":508,"meta":509,"component":511,"responsiveStyles":522},"builder-3e217e56e53c44d0ad38cd6b7875dcaa",{"previousId":510},"builder-d75d70b0f4cc47708c02ed0405dd39fd",{"name":492,"tag":493,"options":512,"isRSC":62},{"theme":513,"sections":514,"title":520,"diagonalVariant":521},"light-plain",[515],{"text":516,"quotes":517},"\u003Ch3>\u003Cstrong>The blunt instrument problem\u003C/strong>\u003C/h3>\u003Cp>VUW's large existing security stack, which includes Microsoft Defender and firewall-based IP blocking, offered binary options: block or allow. That worked for malware. It didn't work for AI governance at a university.\u003C/p>\u003Cp>Moreover, the AI working group wasn't asking to block everything. They needed a way to present a policy at the exact moment it mattered, then let the user get on with their day.&nbsp;\u003C/p>\u003Cp>\"We didn't see a tool in our existing toolbox that would let us do that really soft guidance,\" Stephen said. He envisioned something like a full-screen warning that describes the policy, links to it, and lets the user click accept and continue.\u003C/p>\u003Cp>The phishing picture had a similar gap. The team could see email-delivered threats through existing tools, but the browser session itself was a blind spot. Attacks arriving through malicious search results or ClickFix-style lures, which use transient infrastructure that disappears before it can be attributed, weren’t getting logged in any of their existing security tools. The compromises were happening, but the team couldn't see the attack chain.\u003C/p>\u003Cp>When Stephen discovered Push, he immediately recognized that he could solve both problems with one solution — protecting against modern browser-based attacks and helping to educate and enforce the university’s AI policies.\u003C/p>",[518],{"quote":519,"quoteBy":502},"\u003Cp>We have our firewalls which can block access to particular IP addresses, we have Defender which can block access to websites, but that’s really all they could do.\u003C/p>","Technical Challenge","black-white",{"large":523},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":525,"meta":526,"component":528,"responsiveStyles":541},"builder-55c1e27574cf483ab2e1fa302a748bf7",{"previousId":527},"builder-4c118b46a5a8450fa931b9eb5dd044af",{"name":492,"tag":493,"options":529,"isRSC":62},{"theme":495,"sections":530,"title":539,"diagonalVariant":540},[531,536],{"text":532,"quotes":533},"\u003Ch3>\u003Cstrong>A simple, silent deployment\u003C/strong>\u003C/h3>\u003Cp>The security team piloted Push first with the AI working group to help prove out the business case internally.&nbsp;\u003C/p>\u003Cp>After the successful pilot, broader deployment to approximately 3,000 managed devices via group policy was simple.&nbsp;\u003C/p>\u003Cp>\"We had literally no one even comment on it initially,\" Stephen said. \"That was exactly what we were going for.\"\u003C/p>\u003Cp>The team next implemented Push’s detection and response controls, starting in warn mode first, watching before blocking. A month in, with zero false positives, they switched to blocking with high confidence.&nbsp;\u003C/p>\u003Cp>\"Every single detection had been legitimate,\" Stephen said. \"We just switched it over to blocking. Without any fuss, without any hassle.\"\u003C/p>\u003Cp>Browser-layer policy guardrails went live across AI tools, plagiarism-checking services, and consumer file storage — surfacing university policy at the point of access. The AI working group now had granular telemetry on which tools staff were actually using and in what volumes in a level detail that existing logging tools couldn’t provide. Policy conversations that had previously relied on assumptions now had data behind them.\u003C/p>\u003Ch3>\u003Cstrong>The phishing problem, solved \u003C/strong>\u003C/h3>\u003Cp>Since implementing Push a year ago, browser-based phishing has gone from a monthly remediation task to a blocked-and-logged event.&nbsp;\u003C/p>\u003Cp>When a SharePoint-themed AiTM campaign began circulating across the higher education sector, appearing to originate from trusted contacts and harvesting credentials and MFA tokens in real time, VUW's staff weren't affected. Push had already intercepted the attacks.\u003C/p>\u003Cp>The visibility shift was just as significant as the prevention. Where the team previously had to guess at root causes, Push now surfaces the full attack chain: the initial lure, the page the user was served, and exactly where the detection fired. Stephen regularly uses Push's screenshot capability to show non-security stakeholders the actual phishing page a user encountered and the point at which Push intervened. This evidence resonates for the team far more than a log entry.\u003C/p>\u003Cp>\"The information we're getting from Push tells us: These people were clicking the links. They were going to interact with it, but Push had already served them the block page,\" Stephen said. \"Before, if we reported the number of phishing emails Microsoft blocked, it's thousands — who knows, tens of thousands. But that doesn't tell us who would have fallen for it. Push does.\"\u003C/p>",[534],{"quote":535,"quoteBy":502},"\u003Cp>The information we're getting from Push tells us: These people were clicking the links. They were going to interact with it, but Push had already served them the block page.\u003C/p>",{"text":537,"quotes":538},"\u003Ch3>\u003Cstrong>More than the sum of its parts\u003C/strong>\u003C/h3>\u003Cp>Once Push was in the browser, VUW's security team found it solved problems they'd been working around for years.\u003C/p>\u003Cp>Stolen credential detection was one example. When staff credentials surfaced in a breach dataset, the previous response was a mass email to potentially affected users suggesting they might want to consider changing their password. But the team worried that these messages were easy to ignore because the risk felt abstract.\u003C/p>\u003Cp>Push replaced that blanket notification with real-time detection at the point of login, cross-referenced against breach data, so the team now sends a targeted automated email only when a specific user actually logs in with a compromised credential.&nbsp;\u003C/p>\u003Cp>\"That actually fully solves a problem I didn't realize was going to be solved,\" Stephen said.\u003C/p>\u003Cp>The team also found that browser-layer telemetry from managed staff devices could inform network-level blocking decisions for their student population. When Push identifies a targeted phishing domain hitting staff, the team pushes that intelligence to their firewall. This protects students on the same network without the extension deployed to their devices.\u003C/p>\u003Cp>Push also feeds into VUW's SOC stack via Sentinel and FortiSOAR, integrating browser-layer telemetry into the same automated workflows the team uses for every other alert category.\u003C/p>\u003Ch3>\u003Cstrong>A different security conversation\u003C/strong>\u003C/h3>\u003Cp>Stephen now describes browser-based attacks as a solved problem for VUW.&nbsp;\u003C/p>\u003Cp>\"When I talk about where we should be focusing our security energy now, browser-based attacks aren't the area anymore,” he said.\u003C/p>\u003Cp>For a security team of five managing 3,000 users with an in-house SOC and limited budget, that shift in focus is the outcome that matters most. The team isn't spending hours per month on phishing remediation. The AI working group has real data instead of assumptions. And the security program can direct its energy to the problems that haven't been solved yet.\u003C/p>\u003Cp>\"I can't think of a tool that has been more cost-effective and time-saving than Push,\" Stephen said.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[],"Solution","white-black",{"large":542},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":543},"9px",{"@type":47,"@version":48,"id":545,"meta":546,"component":548,"responsiveStyles":552},"builder-8ad72920086a4a1394b76a12c32c7140",{"previousId":547},"builder-98812dfd03154d1e93f8878686c5d57d",{"name":549,"tag":550,"options":551,"isRSC":62},"CS Explore More","CustomerStoriesExploreMore",{},{"large":553},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":555,"@type":47,"tagName":83,"properties":556,"responsiveStyles":557},"builder-pixel-w3n5v1xj2z",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},{"large":558},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},{"deviceSize":94,"location":560},{"path":29,"query":561},{},{},1782742072653,1782509664888,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9b3fe06e96d843eda5fca1bee2059058",[],{"breakpoints":568,"winningTest":62,"originalContentId":569,"lastPreviewUrl":570,"hasErrors":6,"kind":407,"hasLinks":6,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"08b65992e49d4c2c9db231662879f089","https://pushsecurity.com/customer-stories/te-herenga-waka-victoria-university-of-wellington?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=customer-stories&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.customer-stories=be1ebe46f8a14568940ee6ab5c83bb34&builder.overrides.be1ebe46f8a14568940ee6ab5c83bb34=be1ebe46f8a14568940ee6ab5c83bb34&builder.options.locale=Default","aohah1lozu",{"createdDate":573,"id":569,"name":574,"modelId":414,"published":13,"query":575,"data":578,"variations":684,"lastUpdated":685,"firstPublished":686,"testRatio":23,"screenshot":687,"createdBy":24,"lastUpdatedBy":25,"folders":688,"meta":689,"rev":571},1762795321508,"Cribl",[576],{"@type":233,"property":234,"operator":235,"value":577},"/customer-stories/cribl",{"effectivePublishDate":420,"seoDescription":579,"seoTitle":580,"indexPageDescription":581,"resourcesPageTitle":580,"title":427,"ogImage":582,"indexPageDesciption":424,"resourcesPageDescription":579,"logo":582,"description":583,"themeId":6,"resourcesPageImage":584,"blocks":585,"url":577,"state":681},"How Cribl leverages Push to enhance proactive browser security.","Customer Story: Cribl","Using Push, Cribl confirmed and remediated unmonitored login paths across critical business apps — risks that had previously gone unquantified.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F790a9cc56084478592eae39f53790e4c","How Cribl leverages Push to enhance proactive browser security. ","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5542d0f63c334af3bfcb4fe02fba2921",[586,595,615,627,640,653,669,676],{"@type":47,"@version":48,"id":432,"meta":587,"component":589,"responsiveStyles":593},{"previousId":588},"builder-358a6779ad884910828de44db2f7109a",{"name":434,"tag":435,"options":590,"isRSC":62},{"heroTitle":580,"heroDescription":591,"heroLogo":592,"glowColor":438},"\u003Cp>Using Push, Cribl confirmed and remediated unmonitored login paths across critical business apps — risks that had previously gone unquantified.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F000dad7ce3904fa9959f4ac8bc0681c0",{"large":594},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":444,"meta":596,"component":598,"responsiveStyles":613},{"previousId":597},"builder-639f543377f343e1aeefd0da4c808dca",{"name":446,"tag":447,"options":599,"isRSC":62},{"summaryTitle":600,"summaryDescription":601,"summaryStat1":602,"summaryStat2":603,"summaryStat3":604,"summaryStat4":605,"stats":606},"About Cribl","\u003Cp>Cribl is an American company developing a data platform for information technology and security operations teams. Their solutions give organizations control and flexibility over their observability and security data.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cstrong style=\"color: rgb(255, 72, 36);\">Why Cribl chose Push:﻿\u003C/strong>\u003C/p>\u003Cul>\u003Cli>Cribl, a leader in data management for IT and security teams, wanted a security solution that could support its proactive approach to identity and browser security in a fast-moving, remote-first environment. Their goal was to enhance the security of identities and applications beyond what traditional IdP and SSO tools could cover, without slowing down their work.\u003C/li>\u003Cli>Push helped Cribl validate and quantify hard-to-detect risks, including misconfigured login pages for key business applications that were allowing a significant number of users to bypass SSO.\u003C/li>\u003Cli>The Cribl security team used Push's flexible, high-fidelity data to scale their existing detection and response workflows, reduce manual effort, and enforce policy with confidence, without introducing friction for end users.\u003C/li>\u003C/ul>",{"icon":452,"value":453,"gap":62,"extraValueText":29,"helpText":454},{"icon":456,"value":23,"gap":23,"extraValueText":457,"helpText":458},{"icon":29,"value":62,"extraValueText":29,"helpText":29},{"icon":29,"value":62,"extraValueText":29,"helpText":29},[607,611,612],{"formatValue":6,"icon":608,"value":609,"gap":465,"helpText":610,"extraValueText":29},"faBuildingFlag",2024,"Protected by Push since 2024",{"formatValue":34,"icon":452,"value":453,"gap":465,"helpText":454},{"formatValue":34,"icon":456,"value":23,"gap":465,"helpText":458,"extraValueText":457},{"large":614},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":475,"meta":616,"component":618,"responsiveStyles":625},{"previousId":617},"builder-c1e460bfc9dd4dd19a5eedad71702d9b",{"name":477,"tag":478,"options":619,"isRSC":62},{"quoteCarousel":620},[621],{"author":622,"jobTitle":623,"quote":624},"Alex Crusco","Staff Security Engineer","\u003Cp>We knew one of our biggest risks was tied to identity. Push was the only solution that could give us a true picture of that attack surface, connecting employee actions directly to the SaaS apps they use every day.\u003C/p>",{"large":626},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"paddingBottom":254},{"@type":47,"@version":48,"id":490,"meta":628,"component":630,"responsiveStyles":638},{"previousId":629},"builder-1cb31d58a3084cebae42a5a4cceec88b",{"name":492,"tag":493,"options":631,"isRSC":62},{"theme":495,"sections":632,"title":503,"diagonalVariant":504},[633],{"text":634,"quotes":635},"\u003Cp>As a remote-first company, Cribl empowers its employees with the flexibility to innovate quickly. This freedom, though, creates a common challenge for security teams in remote-first environments: the inherent difficulty in gaining deep visibility into the browser-based attack surface, even with a robust security stack.\u003C/p>\u003Cp>\"I threat-modeled every single thing that we could think of that could possibly go wrong, and identity was high on that list,\" said Alex Crusco, Staff Security Engineer at Cribl. \"There are many ways attackers can manipulate users and gain access without triggering traditional alerts.\"\u003C/p>\u003Cp>The team needed a solution that wouldn't slow the business down but could deliver concrete high-confidence data about identity hygiene and risky app behavior. \"Without the right data, this problem was just a theory,\" said Aaron Thummel, Senior Security Analyst. \"Push gave us the data to quantify the risk and drive real change. It's hard to get a security initiative off the ground without solid numbers to back it up.\"\u003C/p>",[636],{"quote":637,"quoteBy":574},"\u003Cp>Without the right data, this problem was just a theory. Push gave us the data to quantify the risk and drive real change. It's hard to get a security initiative off the ground without solid numbers to back it up.\u003C/p>\n",{"large":639},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":510,"meta":641,"component":643,"responsiveStyles":651},{"previousId":642},"builder-99a5a96c9ce04e3483b9e8156a81006c",{"name":492,"tag":493,"options":644,"isRSC":62},{"theme":513,"sections":645,"title":520,"diagonalVariant":521},[646],{"text":647,"quotes":648},"\u003Ch3>\u003Cstrong>Visibility limitations beyond the IdP\u003C/strong>\u003C/h3>\u003Cp>Before Push, the security team relied on correlating data from their IdP and other tools to investigate potential threats. This process was time-consuming, and it often lacked the browser-level context needed to trace incidents back to their source.\u003C/p>\u003Cp>\"I didn't have visibility into the browser before, so there was no way for me to determine what actually happened or how it started,\" explained Alex. \"It's more like backwards tracing, rather than, ‘How did it happen?’\"\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Ch3>\u003Cstrong>Validating hidden risks\u003C/strong>\u003C/h3>\u003Cp>Those limitations came into sharper focus when Cribl deployed Push. Early on, the team identified a misconfigured login page on a core business application that was still accessible, and in use.\u003C/p>\u003Cp>\"We found that a significant number of users were still logging in with just their username and password, bypassing SSO entirely,\" recalled Alex. \"Our team's diligence discovered this issue and, with the power of Push, addressed this hidden, previously unquantifiable risk.\"\u003C/p>\u003Cp>Equipped with this new telemetry, the team proactively reviewed login activity across other high-use apps. They discovered a similar misconfiguration on another widely used business platform, where password reuse and insecure login methods posed added risk. These discoveries confirmed what the team had long suspected, that some risks are only visible from inside the browser.\u003C/p>",[649],{"quote":650,"quoteBy":574},"We found that a significant number of users were still logging in with just their username and password, bypassing SSO entirely. With the power of Push, we addressed this hidden, previously unquantifiable risk.",{"large":652},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":527,"meta":654,"component":656,"responsiveStyles":667},{"previousId":655},"builder-7de0aae035ff4029ab392358a324e878",{"name":492,"tag":493,"options":657,"isRSC":62},{"theme":495,"sections":658,"title":539,"diagonalVariant":540},[659,664],{"text":660,"quotes":661},"\u003Cp>Cribl chose Push to build on their existing security strategy and extend protection into the browser, the control point where users interact with critical apps every day. Push’s browser extension gave the team real-time visibility into SaaS usage, authentication methods, and identity posture. Rather than introducing new overhead, Push enhanced the workflows the team already had in place.\u003C/p>\u003Ch3>\u003Cstrong>From manual triage to automated remediation \u003C/strong>\u003C/h3>\u003Cp>Initially, Cribl analysts manually triaged Push alerts. But as they operationalized the data, they began building their own automations, starting with a custom Slack bot that notifies employees about issues like password reuse, in line with Cribl’s culture of positive, proactive security engagement.\u003C/p>\u003Cp>This shift from manual investigation to structured automation saved the team hours of effort per incident.\u003C/p>\u003Cp>“Now we can focus our efforts elsewhere,” said Aaron.&nbsp;\u003C/p>\u003Cp>Push’s structured telemetry also gave the team the confidence to work cross-functionally, partnering with IT to deprecate risky login paths and fully enforce SSO where needed.\u003C/p>\u003Cp>Using Push, Cribl confirmed and remediated unmonitored login paths across critical business apps, risks that had previously gone unquantified.\u003C/p>",[662],{"quote":663,"quoteBy":574},"The shift from manual investigation to structured automation saved the team hours of effort per incident.",{"text":665,"quotes":666},"\u003Ch3>\u003Cstrong>Integration spotlight\u003C/strong>\u003C/h3>\u003Cp>As the Cribl team operationalized Push’s browser-native telemetry, they found it incredibly useful for detection, enrichment, and investigation. So useful, in fact, that they built official Cribl packs to help other teams get the same benefits, without needing to write custom code.\u003C/p>\u003Cp>The result:\u003C/p>\u003Cul>\u003Cli>\u003Ca href=\"https://packs.cribl.io/packs/cc-push-security\" rel=\"noopener noreferrer\" target=\"_blank\">Cribl Stream Pack for Push\u003C/a>: Easily ingest, normalize, and route Push telemetry to your SIEM, SOAR, or data lake—while reducing event volume and cost.\u003C/li>\u003Cli>\u003Ca href=\"https://packs.cribl.io/packs/cc-search-push-security\" rel=\"noopener noreferrer\" target=\"_blank\">Cribl Search Pack for Push\u003C/a>: Pre-built dashboards for Push detections, posture, and browser activity, enabling faster investigation and historical analysis.\u003C/li>\u003C/ul>\u003Cp>Both are available via the \u003Ca href=\"https://packs.cribl.io/\" rel=\"noopener noreferrer\" target=\"_blank\">Cribl Dispensary\u003C/a>, and designed to help security teams operationalize browser-based detection and response with minimal effort.\u003C/p>\u003Cp>This native integration is part of Push’s broader strategy to work with the tools security teams already use, and get powerful telemetry into their hands, fast.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[],{"large":668},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":543},{"@type":47,"@version":48,"id":547,"meta":670,"component":672,"responsiveStyles":674},{"previousId":671},"builder-2d869b1b36854de8b473c370c7afee8d",{"name":549,"tag":550,"options":673,"isRSC":62},{},{"large":675},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":677,"@type":47,"tagName":83,"properties":678,"responsiveStyles":679},"builder-pixel-vxbdxjekubo",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},{"large":680},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},{"deviceSize":94,"location":682},{"path":29,"query":683},{},{},1764673427456,1763395528235,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbca4c4ff8c1a421fa199a6bf3dee17af",[],{"winningTest":62,"originalContentId":690,"hasLinks":6,"lastPreviewUrl":691,"kind":407,"breakpoints":692,"hasAutosaves":34,"hasErrors":6},"ceec2869ab5c44b9ac568ee6e09b5e5e","https://app.stg.pushsecurity.com/customer-stories/cribl?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=customer-stories&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.customer-stories=08b65992e49d4c2c9db231662879f089&builder.overrides.08b65992e49d4c2c9db231662879f089=08b65992e49d4c2c9db231662879f089&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},{"createdDate":694,"id":695,"name":696,"modelId":414,"published":13,"query":697,"data":699,"variations":841,"lastUpdated":842,"firstPublished":843,"testRatio":23,"screenshot":844,"createdBy":24,"lastUpdatedBy":25,"folders":845,"meta":846,"rev":571},1759928101183,"9d3e1db8d71b44c097df0cecc0fca167","Inductive Automation",[698],{"@type":233,"property":234,"operator":235,"value":118},{"themeId":6,"seoDescription":700,"indexPageDescription":424,"resourcesPageDescription":700,"description":700,"title":427,"logo":701,"resourcesPageTitle":702,"indexPageDesciption":424,"seoTitle":702,"resourcesPageImage":703,"blocks":704,"url":118,"state":838},"Why Inductive Automation chose Push Security. ","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdab2eea9bfa746bebd4ac559e93b532d","Customer Story: Inductive Automation","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe48cc549e10f4ef3811a6fd0dcb88957",[705,714,743,755,769,784,794,825,833],{"@type":47,"@version":48,"id":706,"meta":707,"component":709,"responsiveStyles":712},"builder-ce3b478ca3d84bab908cb14ad7c1f4d1",{"previousId":708},"builder-9116cb4244a0433a8a8a04902f1a247d",{"name":434,"tag":435,"options":710,"isRSC":62},{"heroTitle":702,"heroDescription":711,"glowColor":438,"heroLogo":701},"\u003Cp>Inductive Automation, a software company for high-tech manufacturing, needed a way to reduce the security risks associated with unmanaged cloud identities, apps, and integrations.\u003C/p>",{"large":713},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":715,"meta":716,"component":718,"responsiveStyles":741},"builder-c6d6db7d467c40708cba33dea7daf2be",{"previousId":717},"builder-48915b18a7ed4fc9a21ec0b2f7ffea58",{"name":446,"tag":447,"options":719,"isRSC":62},{"summaryTitle":720,"summaryDescription":721,"summaryStat1":722,"summaryStat2":724,"summaryStat3":728,"summaryStat4":731,"stats":736},"About Inductive Automation","\u003Cp>Inductive Automation,&nbsp;a software company for high-tech manufacturing, needed a way to reduce the security risks associated with unmanaged cloud identities, apps, and integrations.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cstrong style=\"color: rgb(255, 72, 36);\">Why Inductive Automation chose Push:﻿\u003C/strong>\u003C/p>\u003Cul>\u003Cli>Push helped Inductive find and secure shadow accounts and apps with high-fidelity data that didn’t interfere with employees’ productivity.\u003C/li>\u003Cli>Inductive was able to consolidate tools with Push and close a gap in their identity security program, all while improving their return on investment in SSO and their password manager.\u003C/li>\u003Cli>Inductive got complete visibility across their SaaS identities, apps, and integrations, allowing them to consolidate tools and stop chasing false positives from previous solutions.\u003C/li>\u003C/ul>",{"icon":463,"value":723,"extraValueText":457,"helpText":454,"gap":62},360,{"icon":725,"value":48,"extraValueText":29,"gap":726,"helpText":727},"faDollar",3,"Tools consolidated",{"icon":456,"value":468,"extraValueText":729,"helpText":730,"gap":23},"mins","Time to deploy",{"icon":732,"value":733,"extraValueText":734,"helpText":735},"faUserChart",99,"%","Uptake on deployment",[737,738,739,740],{"formatValue":34,"icon":463,"value":723,"gap":23,"extraValueText":457,"helpText":454},{"formatValue":34,"icon":725,"value":48,"gap":62,"extraValueText":29,"helpText":727},{"formatValue":34,"icon":456,"value":468,"gap":23,"extraValueText":729,"helpText":730},{"formatValue":34,"icon":732,"value":733,"gap":23,"extraValueText":734,"helpText":735},{"large":742},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":744,"meta":745,"component":747,"responsiveStyles":753},"builder-0801e2e4d31d4ba18490d1d2c4798ebb",{"previousId":746},"builder-da89546ce7e349818e03a7da8bc8a778",{"name":477,"tag":478,"options":748,"isRSC":62},{"quoteCarousel":749},[750],{"author":129,"jobTitle":751,"quote":752},"Chief Information Security Officer, Inductive Automation","\u003Cp>With Push, we loved the UI/UX and we loved the founders’ vision. We got a tool that was better quality and we reduced another vendor, so that’s always a win.\u003C/p>",{"large":754},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":756,"meta":757,"component":759,"responsiveStyles":767},"builder-8f8905bcdee541acb28b223c64cff2bb",{"previousId":758},"builder-ed504b3dd2c2473e9f977a455c82f267",{"name":492,"tag":493,"options":760,"isRSC":62},{"theme":495,"sections":761,"title":503,"diagonalVariant":504},[762],{"text":763,"quotes":764},"\u003Cp>As the software partner to critical industries in 100 countries, including nuclear power, water systems, pharmaceutical manufacturing and data centers, Inductive Automation deeply values security.&nbsp;\u003C/p>\u003Cp>Over the past decade, Inductive has built a security team that prioritizes nimble solutions to complex problems while supporting a business that has scaled rapidly, with 30 percent growth year-over-year for multiple years. Inductive’s workforce is also highly skilled, with about 70 percent of the company in technical roles.\u003C/p>\u003Cp>To secure identities and apps in the cloud, Inductive needed an approach that would not disrupt their velocity while also closing the security gaps for a long tail of powerful apps and integrations.\u003C/p>",[765],{"quote":766,"quoteBy":696},"An issue with our software could cause downstream effects that have massive ramifications.",{"large":768},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":770,"meta":771,"component":773,"responsiveStyles":782},"builder-ddb6030401ab4311b8ce1bc5abdde4fc",{"previousId":772},"builder-6db6a18a48334bb6b91dbd6c5e19342d",{"name":492,"tag":493,"options":774,"isRSC":62},{"theme":513,"sections":775,"title":781,"diagonalVariant":521},[776],{"text":777,"quotes":778},"\u003Cp>With a strong strategy around centralizing identity via SSO, Inductive’s security team were paying close attention to the explosion of third-party apps and integrations that could access critical business systems and data while flying under the radar.\u003C/p>\u003Cp>I was always worried about the gaps, like what about the apps that don’t have SSO or don’t have MFA?” Jason said. “Everything, every major breach you read of, goes back to identity in some way. So protecting those identities is just like a foundational component of a modern security program. You can’t protect what you don’t know. So if you have people spinning up apps with weak passwords and no MFA, and you don’t even know that app exists. I mean, it’s just a massive potential issue for you.\"\u003C/p>\u003Cp>With Inductive’s culture of experimentation and innovation, the security team embraces a “guardrails, not gates” approach. So legacy cloud access security broker (CASB) solutions were a poor fit for multiple reasons.\u003C/p>\u003Cp>“So we really wanted to wrap our heads around what people were doing in a way that wasn’t heavy and draconian,” Jason said. “We didn’t want to proxy all traffic and decrypt it all and break sessions. And, you know, weaken some of the fundamental security of internet browsing so we could get that visibility and then cause performance impacts as a result.”\u003C/p>\u003Cp>Other market solutions were so niche, they only tackled part of the problem, and for a while, Waits’ team used two tools in order to manage OAuth apps and to find and secure shadow SaaS and accounts.\u003C/p>\u003Cp>But the solutions didn’t “spark joy,” he said. They relied on data sources like email that were prone to false positives — what Jason calls “chasing ghosts.”\u003C/p>\u003Cp>They started looking for a modern solution that could validate their security controls across a portfolio of managed apps while finding and fixing issues on the unmanaged ones, too.\u003C/p>\u003Cp>“We were trying to look at the lightest way we could get that visibility, and wrap our heads around this problem in a way that's very user-friendly,” he said. \u003C/p>",[779],{"quote":780,"quoteBy":696},"\u003Cp>We didn’t want to proxy all traffic and decrypt it all and break sessions. And, you know, weaken some of the fundamental security of internet browsing so we could get that visibility and then cause performance impacts as a result.\u003C/p>","Technical challenge",{"large":783},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":785,"meta":786,"component":788,"responsiveStyles":792},"builder-9599d92cf81b4ecc944727ae0fa96b4e",{"previousId":787},"builder-717c8aa9eea04fdd9da96d5c24cd1e64",{"name":789,"tag":789,"options":790,"isRSC":62},"PageDescription",{"description":791},"\u003Cp>Modern phishing has changed a lot in the past decade or so. MFA-bypassing&nbsp;Attacker-in-the-Middle (AitM) kits are table stakes — anyone can pick up a copy of Evilginx and immediately blow past most email and network security solutions on the market.&nbsp;&nbsp;\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>But the most sophisticated attacks — the ones that usually hit the headlines in the form of major breaches — are doing much more than this. The latest generation of fully customized AitM phishing kits are dynamically obfuscating the code that loads the web page, implementing bot protection through custom CAPTCHA, and using runtime anti-analysis features, making them increasingly difficult to detect by the tools most enterprises are using to combat the problem.&nbsp;\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cstrong style=\"color: rgb(249, 173, 44);\">Read our analysis of how modern phishing tools and techniques have changed the game — and what security teams can do to level the playing field.  \u003C/strong>\u003C/p>",{"large":793},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":795,"meta":796,"component":798,"responsiveStyles":823},"builder-e702b1bf1c7248a19f9edb3b157481c2",{"previousId":797},"builder-ffdb35908521490b84d21cd36c87f29d",{"name":492,"tag":493,"options":799,"isRSC":62},{"theme":495,"sections":800,"title":539,"diagonalVariant":540},[801,806,809,812,815,818],{"text":802,"quotes":803},"\u003Cp>Inductive chose Push after a competitive vendor review. With Push, the Inductive team was able to get rid of two other security tools, saving budget and time. With high-fidelity data from Push’s browser activity detection approach, they now confidently rely on Push as the source of truth for their cloud app portfolio.\u003C/p>\u003Cp>“We’re not mandated to do a bunch of bogus compliance stuff. So we don’t buy tools to check boxes. Everything we do, we do it to solve a problem,” Jason said. “But the whole ‘Does it spark joy?’ is my benchmark. So with Push, we loved the UI/UX and we loved the founders’ vision. We got a tool that was better quality and we reduced another vendor, so that’s always a win.”\u003C/p>",[804],{"quote":805,"quoteBy":696},"We got a tool that was better quality and we reduced another vendor, so that’s always a win.",{"text":807,"quotes":808},"\u003Ch3>Broad visibility across apps and OAuth integrations\u003C/h3>\u003Cp>By providing broader visibility with more accurate data across cloud identity, third-party cloud apps, and OAuth integrations, Push helps Inductive get a complete picture of their ecosystem.&nbsp;\u003C/p>\u003Cp>Push helped Inductive find and secure apps used only in pockets of the organization and get them managed centrally.\u003C/p>",[],{"text":810,"quotes":811},"\u003Ch3>Automated remediation\u003C/h3>\u003Cp>“Automation is in our name,” said Jason, so Push’s automated remediation workflows were a huge draw.&nbsp;\u003C/p>\u003Cp>Push’s use of a Slackbot to directly engage end-users to help them make simple but meaningful security improvements was a perfect fit for Inductive’s culture. This approach offloads Inductive’s security team while also being more effective: “It’s not someone from the security team reaching out and saying, ‘Hey, what are you doing?!’ It feels less accusatory if it’s a Slackbot,” Jason said. It’s also a much more scalable solution for their 4-person team.\u003C/p>",[],{"text":813,"quotes":814},"\u003Ch3>Easy deployment\u003C/h3>\u003Cp>With Inductive’s managed Chrome browser program, they were able to deploy the Push browser extension to 99 percent of their devices in 5 minutes in the middle of a regular workday. The deployment was so seamless that they received no help desk requests, Jason said.\u003C/p>",[],{"text":816,"quotes":817},"\u003Ch3>Return on investment\u003C/h3>\u003Cp>Push also helps Inductive improve their return on investment in a recent migration to a new enterprise password manager and an ongoing emphasis on centrally managing apps via SSO. They use Push’s detection of shadow apps and accounts, as well as its password manager detection capabilities, to close the gaps they find.\u003C/p>",[],{"text":819,"quotes":820},"\u003Ch3>A foundational source of truth\u003C/h3>\u003Cp>Push has become a trusted source of truth for Inductive’s cloud portfolio, providing the foundation for their vendor risk management program.\u003C/p>\u003Cp>“We have a cybersecurity strategy we’re implementing company-wide with a big identity component. So being able to validate that is just super critical. Otherwise it’s all a paper policy,” Jason said. “We don’t like to say we’re going to do something. We like to do it and&nbsp;validate&nbsp;that we are doing it. It only takes one little incident, one little crack, so staying on top of this is just really important for us.”\u003C/p>",[821],{"quote":822,"quoteBy":696},"We have a cybersecurity strategy we’re implementing company-wide with a big identity component. So being able to validate that is just super critical. Otherwise it’s all a paper policy.",{"large":824},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":826,"meta":827,"component":829,"responsiveStyles":831},"builder-1d0bbf6cc53e4641b5fee22e518bf8e9",{"previousId":828},"builder-cb724ebb498e4d0c811fad38906e9ab7",{"name":549,"tag":550,"options":830,"isRSC":62},{},{"large":832},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":834,"@type":47,"tagName":83,"properties":835,"responsiveStyles":836},"builder-pixel-0q128zxmwed",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},{"large":837},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},{"deviceSize":94,"location":839},{"path":29,"query":840},{},{},1764673408653,1760696983767,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ffd740e1fb14b4218a5c28b23f3d328d3",[],{"hasLinks":6,"lastPreviewUrl":847,"originalContentId":690,"breakpoints":848,"kind":407,"winningTest":62,"hasAutosaves":34},"https://app.stg.pushsecurity.com/customer-stories/inductive-automation?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=customer-stories&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.customer-stories=9d3e1db8d71b44c097df0cecc0fca167&builder.overrides.9d3e1db8d71b44c097df0cecc0fca167=9d3e1db8d71b44c097df0cecc0fca167&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},{"createdDate":850,"id":851,"name":852,"modelId":414,"published":13,"query":853,"data":856,"variations":977,"lastUpdated":978,"firstPublished":979,"testRatio":23,"screenshot":980,"createdBy":24,"lastUpdatedBy":25,"folders":981,"meta":982,"rev":571},1754571334372,"3d9a9922aa394c27b2847b3fd7101841","Upvest",[854],{"@type":233,"property":234,"operator":235,"value":855},"/customer-stories/upvest",{"seoTitle":857,"seoDescription":858,"indexPageDescription":859,"title":860,"logo":861,"themeId":6,"resourcesPageDescription":858,"indexPageDesciption":862,"description":858,"resourcesPageTitle":857,"resourcesPageImage":863,"blocks":864,"url":855,"state":974},"Customer Story: Upvest","Why Upvest chose Push Security.","Upvest partnered with Push to achieve a scalable and  user-centric way to secure SaaS apps and reduce third-party risks across a complex ecosystem of integrations  and apps.","upvest","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F07979505bdc841c3b807c4355147a770","Upvest partnered with  Push to achieve a scalable and  user-centric way to secure SaaS apps and reduce third-party risks across a complex ecosystem of integrations  and apps.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F1e030d40870f4ac0917f0cf7c166a441",[865,871,897,907,918,937,964,969],{"@type":47,"@version":48,"id":708,"component":866,"responsiveStyles":869},{"name":434,"tag":435,"options":867,"isRSC":62},{"heroTitle":857,"heroDescription":868,"heroLogo":861,"glowColor":438},"\u003Cp>Upvest, a cloud-native German fintech, needed a scalable and user-centric way to secure SaaS apps and reduce third-party risks from a complex ecosystem of OAuth integrations.\u003C/p>",{"large":870},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":717,"component":872,"responsiveStyles":895},{"name":446,"tag":447,"options":873,"isRSC":62},{"summaryTitle":874,"summaryDescription":875,"summaryStat1":876,"summaryStat2":878,"summaryStat3":882,"summaryStat4":886,"stats":888},"About Upvest","\u003Cp>Upvest is a financial technology startup that provides Investment API infrastructure to financial organizations and neobanks. Upvest is headquartered in Berlin, Germany, and was founded in 2017.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cstrong style=\"color: rgb(255, 72, 36);\">Why Upvest chose Push:﻿\u003C/strong>\u003C/p>\u003Cul>\u003Cli>Upvest, a fintech company that provides investment infrastructure to financial organizations, needed a way to secure the cloud identities, apps, and third-party integrations that make up their core infrastructure as a SaaS-first organization.\u003C/li>\u003Cli>Push helped Upvest get high-fidelity data on their SaaS estate while engaging with users directly in the browser to guide their security choices.\u003C/li>\u003Cli>Upvest now has a unique source of telemetry to use for automating the management of SaaS and identifying security issues.\u003C/li>\u003C/ul>",{"icon":463,"value":877,"extraValueText":457,"helpText":454,"gap":62},180,{"icon":879,"value":23,"extraValueText":880,"gap":726,"helpText":881},"faClock","hour","Proof of concept setup",{"icon":883,"value":884,"extraValueText":29,"helpText":885},"faEarth",2017,"Founded in Berlin, Germany",{"icon":452,"value":726,"extraValueText":457,"helpText":887},"Regulations complied with",[889,892,893],{"formatValue":6,"icon":608,"value":890,"gap":465,"extraValueText":29,"helpText":891},2022,"Protected by Push since 2022",{"formatValue":34,"icon":463,"value":877,"gap":465,"extraValueText":457,"helpText":454},{"formatValue":34,"icon":879,"value":23,"gap":894,"extraValueText":880,"helpText":881},4,{"large":896},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":746,"component":898,"responsiveStyles":905},{"name":477,"tag":478,"options":899,"isRSC":62},{"quoteCarousel":900},[901],{"author":902,"jobTitle":903,"quote":904},"Sebastien Jeanquier","Chief Security Officer","\u003Cp>Being a regulated entity, we need to have considered everything from a regulatory standpoint, a compliance standpoint, a pure security standpoint, and a data protection standpoint... this was going to represent an almost existential problem for us in the future if we didn’t tackle it now.\u003C/p>",{"large":906},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":758,"component":908,"responsiveStyles":916},{"name":492,"tag":493,"options":909,"isRSC":62},{"theme":495,"sections":910,"title":503,"diagonalVariant":504},[911],{"text":912,"quotes":913},"\u003Cp>Operating in the highly regulated German financial services environment, Upvest has carefully built a culture of security throughout its workforce.\u003C/p>\u003Cp>“Security is all of our responsibility and we democratize it to every department in the company,” explains Sebastien Jeanquier, chief security officer at Upvest.\u003C/p>\u003Cp>When Jeanquier joined the financial technology startup five years ago with a background in security consulting and penetration testing, he had a rare opportunity to build a security program from the ground up based on what he’d learned from years of red teaming.\u003C/p>\u003Cp>“I really wanted to move somewhere where I was going to be able to build as greenfield as possible to take what I saw as the best practices from every security domain,” he says.\u003C/p>\u003Cp>As a cloud-native company, Upvest must demonstrate security mastery of its entire cloud ecosystem in order to meet internal requirements and regulatory standards. In seeking out a tool to secure cloud apps and identities, Upvest needed a solution that would meet its high standards and fit its user-centric culture.\u003C/p>",[914],{"quote":915,"quoteBy":852},"Security is all of our responsibility and we democratize it to every department in the company.",{"large":917},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":772,"component":919,"responsiveStyles":935},{"name":492,"tag":493,"options":920,"isRSC":62},{"theme":513,"sections":921,"title":781},[922,927,932],{"text":923,"quotes":924},"\u003Ch3>\u003Cstrong>Meeting a high bar for security and regulatory compliance\u003C/strong>\u003C/h3>\u003Cp>Operating in Germany and the EU, Upvest holds multiple banking licenses with BaFin, Germany’s financial regulator, and is bound to Germany’s strict privacy standards, in addition to GDPR, so finding technical solutions that support these regulations is paramount.\u003C/p>\u003Cp>“Our original product was in the blockchain space. We’ve since pivoted into the more traditional finance space. But if anything, our security requirements and our compliance and regulatory controls actually have only gone up,” Jeanquier explains.\u003C/p>\u003Cp>For Upvest’s security team, a top-of-mind goal was how to get their arms around the full portfolio of cloud identities, SaaS apps, and OAuth integrations that represented core business assets.\u003C/p>\u003Cp>“Being a regulated entity, it means that we need to be able to demonstrate the fact that we have considered everything from a regulatory standpoint, a compliance standpoint, a pure security standpoint, and a data protection standpoint,” says Jeanquier. “And so shadow IT is something that we were keen to get ahead of. We’re SaaS native. We don’t have any other applications internally. And so this was going to represent an almost existential problem for us in the future if we didn’t tackle it now.”\u003C/p>",[925],{"quote":926,"quoteBy":852},"We’re SaaS native. We don’t have any other applications internally. And so this was going to represent an almost existential problem for us in the future if we didn’t tackle it now.",{"text":928,"quotes":929},"\u003Ch3>\u003Cstrong>Challenge of managing third-party integrations\u003C/strong>\u003C/h3>\u003Cp>The Upvest team was particularly concerned about the potential for a fast-growing tangle of OAuth integrations. They had been looking for solutions that would allow them to quickly see and take action on these third-party app integrations.\u003C/p>\u003Cp>“Any user can go to pretty much any service and grant it access into your environment,” Jeanquier says. “And unless you’re keeping tabs on it, it’s very easy for some really small application run by three people somewhere to just request excessive access. It's that supply chain risk that could end up resulting in a lot more compromises than we would otherwise see if we were being attacked directly.”\u003C/p>\u003Cp>The Upvest security team was also focused on finding and securing any non-SSO identities in their environment, which could pose a significant risk if an offboarded employee retained access to business systems or data.\u003C/p>\u003Cp>The team quickly found that existing tools such as Google Workspace weren’t purpose-built for the kind of context and scalability they needed in order to make efficient and informed security decisions about their SaaS accounts and third-party integrations.\u003C/p>\u003Cp>“We could have dug down and written some custom tooling to try and identify what's being used by whom, and doing a regular batch job of trying to identify what they're doing,” says Jeanquier. “But I didn’t really see any good solution for tackling this at scale.”\u003C/p>",[930],{"quote":931,"quoteBy":852},"Unless you’re keeping tabs on it, it’s very easy for some really small application run by three people somewhere to just request excessive access. It's that supply chain risk that could end up resulting in a lot more compromises.",{"text":933,"quotes":934},"\u003Ch3>\u003Cstrong>Desire to preserve a positive security culture\u003C/strong>\u003C/h3>\u003Cp>The team also needed a solution that would fit their company culture. They didn’t want to limit the possibilities for employee innovation by outright blocking access to apps and integrations.\u003C/p>\u003Cp>But they needed to be able to monitor for excessively permissioned, untrustworthy apps and remove them — while communicating security best practices to employees.\u003C/p>\u003Cp>“It’s really about trying to engender as much as possible that culture of awareness,” Jeanquier says. “Awareness not just for our end-users, but also for us as a team across both security and IT, and trying to encourage as much as possible our processes to be followed.”\u003C/p>",[],{"large":936},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":797,"component":938,"responsiveStyles":962},{"name":492,"tag":493,"options":939,"isRSC":62},{"theme":495,"sections":940,"title":539},[941,944,949,952,957],{"text":942,"quotes":943},"\u003Cp>Upvest chose Push because the product provided a unique browser agent-based approach to solving the problem of shadow SaaS and identities, while also aligning strongly with Upvest’s security culture.\u003C/p>\u003Cp>As an early customer, Jeanquier also embraced the opportunity to provide input on product direction and use cases.\u003C/p>\u003Cp>“We very much shared the vision of what it is we were trying to tackle in terms of a security challenge in the modern-day SaaS world,” he says.\u003C/p>",[],{"text":945,"quotes":946},"\u003Ch3>\u003Cstrong>Meeting employees where they work\u003C/strong>\u003C/h3>\u003Cp>With Push, the Upvest security team was able to maintain their user-centric approach to security by getting the rich contextual information they needed on the apps, accounts, and third-party OAuth integrations being used across their workforce — without having to resort to outright blocking.\u003C/p>\u003Cp>Push’s guardrails features, including the ability to communicate security policy directly with employees using&nbsp;that appear in the browser, were a perfect fit for Upvest. These messages help reinforce security policy and prompt secure behavior right at the point of access: The app signup or login screens.\u003C/p>\u003Cp>“You can write as much policy as you want, but ultimately users are going to jump over the lowest hurdle,” Jeanquier says. “The Push browser extension gives you a seat on the user's side where you can start to enforce some of these best practices.”\u003C/p>",[947],{"quote":948,"quoteBy":852},"You can write as much policy as you want, but ultimately users are going to jump over the lowest hurdle. Push gives you a seat on the user's side where you can start to enforce some of these best practices.",{"text":950,"quotes":951},"\u003Ch3>\u003Cstrong>A scalable way to meet regulatory requirements\u003C/strong>\u003C/h3>\u003Cp>To balance Upvest’s user-centric security culture with their stringent regulatory requirements, they also needed a scalable way to reliably identify and review every cloud app used across the business — without getting in employees’ way.\u003C/p>\u003Cp>Push provides them with insights into not just which apps and integrations are being used, but also the specific details about which users, which accounts, which login methods, and how recently a login was observed. This context allows Upvest to quickly act on newly adopted apps that aren’t approved for use, and to have a complete picture of their estate when performing app reviews to meet compliance standards.\u003C/p>\u003Cp>“Because of the regulatory landscape, it won’t fly for you to suddenly decide that you want to use a specific file-sharing app for something. And that you just go and log in and start using that for company data,” Jeanquier says. “The regulatory requirements mandate that we have assessed every app from the perspective of data protection, confidentiality requirements, assessed the vendor themselves, and so on.”\u003C/p>",[],{"text":953,"quotes":954},"\u003Ch3>\u003Cstrong>Shedding light on shadow IT and non-SSO identities\u003C/strong>\u003C/h3>\u003Cp>Push’s use of a browser agent was also a key differentiator for Upvest because the approach provides a high-fidelity source of information.\u003C/p>\u003Cp>“From my perspective, I think a lot of value comes from the browser extension. There is a lot that you can do both in terms of passive guardrailing as well as active education that can only happen at the browser level.”\u003C/p>\u003Cp>Upvest was able to monitor employee SaaS account creation and logins in real time and identify apps in use across the business that were not approved or had not been reviewed by the security team. The Push browser agent also supplied the login methods used to access these accounts, so that the Upvest team could track their SSO coverage and identify non-SSO apps. This was information they otherwise had no way of collecting.\u003C/p>",[955],{"quote":956,"quoteBy":852},"Because of the regulatory landscape, it won’t fly for you to suddenly decide that you want to use a specific file-sharing app for something.",{"text":958,"quotes":959},"\u003Ch3>\u003Cstrong>Essential building block for security operations\u003C/strong>\u003C/h3>\u003Cp>With a focus on agility and efficiency, the Upvest security team also sees the telemetry provided by Push as a valuable input to their security operations and automation efforts.\u003C/p>\u003Cp>They are currently exploring how to use Push’s&nbsp;REST API and webhooks&nbsp;to build detections for security incidents and to automate basic SaaS and account management tasks.\u003C/p>\u003Cp>“Push is uniquely positioned to be able to expose certain actions and practices to us as a team which could then allow us to say, okay on the basis of this particular type of action which we consider to be a very strong signal, let us know and we’ll do something off the back of that using some automated workflows,” explains Jeanquier.\u003C/p>\u003Cp>“This kind of automated security orchestration is the way forward with regards to orchestrating very specific and rapid responses to very clear-cut security signals.”\u003C/p>",[960],{"quote":961,"quoteBy":852},"This kind of automated security orchestration is the way forward with regards to orchestrating very specific and rapid responses to very clear-cut security signals.",{"large":963},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":828,"component":965,"responsiveStyles":967},{"name":549,"tag":550,"options":966,"isRSC":62},{},{"large":968},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":970,"@type":47,"tagName":83,"properties":971,"responsiveStyles":972},"builder-pixel-v99tvydsiy",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},{"large":973},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},{"deviceSize":94,"location":975},{"path":29,"query":976},{},{},1764673376391,1754571937914,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F17710b7416ff49c59d08560c9aabb2c3",[],{"lastPreviewUrl":983,"breakpoints":984,"kind":407,"hasLinks":6,"hasAutosaves":34},"https://app.stg.pushsecurity.com/customer-stories/upvest?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=customer-stories&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.customer-stories=3d9a9922aa394c27b2847b3fd7101841&builder.overrides.3d9a9922aa394c27b2847b3fd7101841=3d9a9922aa394c27b2847b3fd7101841&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},{"createdDate":986,"id":690,"name":987,"modelId":414,"published":13,"query":988,"data":991,"variations":1091,"lastUpdated":1092,"firstPublished":1093,"testRatio":23,"screenshot":1094,"createdBy":24,"lastUpdatedBy":25,"folders":1095,"meta":1096,"rev":571},1749126907543,"Convex",[989],{"@type":233,"property":234,"operator":235,"value":990},"/customer-stories/convex",{"themeId":6,"indexPageDescription":992,"resourcesPageDescription":993,"seoTitle":994,"seoDescription":993,"logo":995,"indexPageDesciption":424,"description":993,"resourcesPageTitle":994,"title":427,"resourcesPageImage":996,"blocks":997,"url":990,"state":1088},"Convex Insurance chose Push to close the gap left by traditional CASB solutions, enabling them to enhance their identity security and gain control of shadow SaaS at the same time.","Why Convex Insurance chose Push Security. ","Customer Story: Convex Insurance","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F25b3ec2a3c714329a945a4701bf15bae","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F46b15e4e61394b28963f940a70f7259c",[998,1004,1023,1033,1045,1056,1078,1083],{"@type":47,"@version":48,"id":588,"component":999,"responsiveStyles":1002},{"name":434,"tag":435,"options":1000,"isRSC":62},{"heroTitle":994,"heroDescription":1001,"heroLogo":995,"glowColor":438},"\u003Cp>Convex Insurance chose Push to close the gap left by traditional CASB solutions, enabling them to enhance their identity security and gain control of shadow SaaS at the same time.\u003C/p>",{"large":1003},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":597,"component":1005,"responsiveStyles":1021},{"name":446,"tag":447,"options":1006,"isRSC":62},{"summaryTitle":1007,"summaryDescription":1008,"summaryStat1":1009,"summaryStat2":1012,"summaryStat3":1013,"summaryStat4":1015,"stats":1017},"About Convex Insurance","\u003Cp>Convex Insurance is an international specialty insurer founded in 2019 and operating in Bermuda, London, and Luxembourg. Convex provides underwriting for complex specialty risks, including in the areas of energy, commercial property, crisis management, and aerospace.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cstrong style=\"color: rgb(255, 72, 36);\">Why Convex chose Push:﻿\u003C/strong>\u003C/p>\u003Cul>\u003Cli>Convex Insurance, an international specialty insurer, needed a way to secure identities on cloud apps — including apps not on SSO.\u003C/li>\u003Cli>Push helped Convex get a unified view across both their identity security posture and their estate of third-party apps and OAuth integrations.\u003C/li>\u003Cli>Convex was able to get reliable data in order to put further weight behind their security policies. The security team was also able to use Push’s automated self-remediation ChatOps workflows to reduce the manual effort of fixing issues.\u003C/li>\u003C/ul>",{"icon":452,"value":1010,"gap":62,"extraValueText":457,"helpText":1011},1000,"Number of apps",{"icon":879,"value":23,"gap":726,"extraValueText":880,"helpText":881},{"icon":883,"value":726,"extraValueText":457,"helpText":1014},"Locations protected",{"icon":452,"value":1016,"extraValueText":29,"helpText":454},1750,[1018,1019,1020],{"icon":452,"value":1010,"extraValueText":457,"helpText":1011,"formatValue":34},{"icon":879,"value":23,"extraValueText":880,"helpText":881,"formatValue":34,"gap":48},{"icon":452,"value":1016,"extraValueText":29,"helpText":454,"formatValue":34,"gap":465},{"large":1022},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":617,"component":1024,"responsiveStyles":1031},{"name":477,"tag":478,"options":1025,"isRSC":62},{"quoteCarousel":1026},[1027],{"author":1028,"jobTitle":1029,"quote":1030},"Michael Earl","Security Operations Lead","\u003Cp>With Push, suddenly we had the potential of installing something into our estate that would give us even better information to make decisions about our SaaS and identity security posture so we could get a unified picture of the risks.\u003C/p>",{"large":1032},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":629,"component":1034,"responsiveStyles":1043},{"name":492,"tag":493,"options":1035,"isRSC":62},{"theme":495,"sections":1036,"title":503,"diagonalVariant":504},[1037],{"text":1038,"quotes":1039},"\u003Cp>As a specialty insurer handling complex requirements, Convex Insurance relies on security solutions that provide the flexibility their workforce needs in order to deliver services in areas as diverse as crisis management, marine cargo, renewable energy, and satellite launches in multiple countries and territories.\u003C/p>\u003Cp>“At Convex, we embrace the role that our staff play in helping secure the business and we empower them to make good decisions while providing them with the information they need to do that,” says Michael Earl, security operations lead at Convex.\u003C/p>\u003Cp>Convex has also welcomed the use of cloud apps to supercharge productivity, with employees using a large number of SaaS apps, from the mundane to the obscure.&nbsp;\u003C/p>\u003Cp>However, the widespread use of cloud apps posed a challenge for the Convex security team in getting a unified view across their app estate and identity posture. Existing tools provided a lot of data, but it was a time-consuming process to glean the insights the team needed to effectively enforce security policies.\u003C/p>\u003Cp>The potential blindspot of unmanaged apps and identities was a concern and led to hard conversations among the security team.\u003C/p>",[1040],{"quote":1041,"quoteBy":1042},"If we have a breach at a third party that some of our users are signed up to, we need to immediately understand where we have accounts and data so we can take appropriate steps.","Convex Insurance",{"large":1044},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":642,"component":1046,"responsiveStyles":1054},{"name":492,"tag":493,"options":1047,"isRSC":62},{"theme":513,"sections":1048,"title":520,"diagonalVariant":521},[1049],{"text":1050,"quotes":1051},"\u003Ch3>\u003Cstrong>CASB approach was time-consuming\u003C/strong>\u003C/h3>\u003Cp>Early attempts to solve the challenge of getting full visibility of both identity posture and their app estate were time-consuming.\u003C/p>\u003Cp>This entailed combing through CASB logs to identify visited URLs and HTTP methods, as well as evidence of POST data and transferred bytes. Then the security team would try to infer if employees were using unsanctioned applications or storing data where it wasn’t approved to go. “It was quite a manual exercise,” Michael says.&nbsp;\u003C/p>\u003Cp>That spotty evidence made it hard for the security team to have informed conversations with end-users.&nbsp;\u003C/p>\u003Cp>“When you have a conversation with an employee, you want to make sure you have the proper information on whether they were actually using an app so you don’t put someone on the defensive when they were just doing their job,” Michael says.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Ch3>\u003Cstrong>Seeking visibility of non-SSO cloud identities\u003C/strong>\u003C/h3>\u003Cp>At the same time, the team was looking for additional ways to get the visibility they needed for securing non-SSO cloud identities. In particular, they were worried about identities that could exist on unmanaged apps.\u003C/p>\u003Cp>“In our industry, it is the SaaS apps that are not SSO-integrated that are potentially the biggest danger,” says Alistair McGlinchy, IT security engineer at Convex.\u003C/p>\u003Cp>“So if a third party has their password database attacked and there has been any password reuse, an attacker can password-spray and get to the point where MFA is the only blocker for somebody trying to authenticate.”\u003C/p>",[1052],{"quote":1053,"quoteBy":1042},"In our industry, it is the SaaS apps that are not SSO-integrated that are potentially the biggest danger.",{"large":1055},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":655,"component":1057,"responsiveStyles":1076},{"name":492,"tag":493,"options":1058,"isRSC":62},{"theme":495,"sections":1059,"title":539,"diagonalVariant":540},[1060,1065,1068,1073],{"text":1061,"quotes":1062},"\u003Cp>Convex chose Push initially to help them further secure identities on a large catalog of cloud apps. In learning more about the product, they realized Push would also give them a unique unified view of both identity posture and their third-party apps and OAuth integrations — even unsanctioned or “shadow” apps.\u003C/p>\u003Cp>“Other than you guys, we just didn’t have any awareness of anything in the market that matched the level of intelligence that Push can provide about how our employees use passwords,” Michael says. “ And then we learned about all the additional features, like you can see where all of your apps are integrated and what people are doing with them.\u003C/p>\u003Cp>You’ve got this nice unified view of all of the OAuth scopes and things that people have been granting. The product works. It ticks all the boxes, really.”\u003C/p>",[1063],{"quote":1064,"quoteBy":1042},"The product works. It ticks all the boxes, really.",{"text":1066,"quotes":1067},"\u003Ch3>\u003Cstrong>Easy deployment\u003C/strong>\u003C/h3>\u003Cp>Setting up a proof of concept was a 1-hour video call, Alistair recalls.&nbsp;\u003C/p>\u003Cp>“It was one of the more straightforward onboarding and trial experiences that we’ve had, and that’s continued post-procurement as well,” Michael says.\u003C/p>\u003Cp>The team was able to select a test group and deploy the Push browser extension via MDM. The Convex team also appreciated Push’s support for Google Workspace and alternative identity providers.\u003C/p>",[],{"text":1069,"quotes":1070},"\u003Ch3>\u003Cstrong>Immediate value\u003C/strong>\u003C/h3>\u003Cp>During the trial, the security team found high-risk password reuse among their own IT team.\u003C/p>\u003Cp>Armed with this information, they could follow up with employees directly — or use Push’s automated self-remediation ChatOps workflows to facilitate that conversation without it feeling awkward for either party.\u003C/p>\u003Cp>“As far as we’re concerned, it is better coming from an automated platform,” Michael says. “We’re a small team, so we don’t have a lot of time to manually follow up on every possible issue. We absolutely need tools that both detect and notify about the problem and facilitate the remediation steps.”\u003C/p>\u003Cp>They were also able to identify non-SSO apps with heavy usage and restrict their use, as well as gauge their employees’ use of AI and LLM tools.\u003C/p>",[1071],{"quote":1072,"quoteBy":1042},"It was one of the more straightforward onboarding and trial experiences that we’ve had, and that’s continued post-procurement as well.",{"text":1074,"quotes":1075},"\u003Ch3>\u003Cstrong>Putting more weight behind security policies\u003C/strong>\u003C/h3>\u003Cp>With the data provided by the Push platform, the Convex security team now has the evidence they need to be able to reinforce security policies for their cloud estate.\u003C/p>\u003Cp>“It gives us all the information that we need to attack the problem and provide even better security for our business,” Michael says.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[],{"large":1077},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"@type":47,"@version":48,"id":671,"component":1079,"responsiveStyles":1081},{"name":549,"tag":550,"options":1080,"isRSC":62},{},{"large":1082},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":1084,"@type":47,"tagName":83,"properties":1085,"responsiveStyles":1086},"builder-pixel-0k7riop8z896",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},{"large":1087},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},{"deviceSize":94,"location":1089},{"path":29,"query":1090},{},{},1764673394915,1749126936428,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F10953d20c9db4987ac26800a13bcbf48",[],{"breakpoints":1097,"hasLinks":6,"lastPreviewUrl":1098,"kind":407,"hasAutosaves":34,"hasErrors":6},{"xsmall":31,"small":32,"medium":33},"https://app.stg.pushsecurity.com/customer-stories/convex?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=customer-stories&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.customer-stories=ceec2869ab5c44b9ac568ee6e09b5e5e&builder.overrides.ceec2869ab5c44b9ac568ee6e09b5e5e=ceec2869ab5c44b9ac568ee6e09b5e5e&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",[1100,1119,1136,1153,1170,1187],{"createdDate":1101,"id":1102,"name":1103,"modelId":1104,"published":13,"stageModifiedSincePublish":6,"query":1105,"data":1106,"variations":1112,"lastUpdated":1113,"firstPublished":1114,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":1115,"meta":1116,"rev":1118},1753178645778,"5449fa4538394c349e095425c5d11836","Phil Beyer","d7293847ee82498daac1405b43442f51",[],{"title":1103,"description":1107,"subTitle":1108,"thumbnail":1109,"vimeoId":1110,"duration":1111},"I really like how Push approaches things. With Push, I get a platform that let's me know about the stuff I should really worry about.","Head of Security, Flex","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F59c53c6fef43465aaba78eb58a3453dc","1102046942","1:57 min",{},1781184589439,1753178667228,[],{"lastPreviewUrl":29,"breakpoints":1117,"kind":28,"hasErrors":6,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"szow10att3",{"createdDate":1120,"id":1121,"name":1122,"modelId":1104,"published":13,"stageModifiedSincePublish":6,"query":1123,"data":1124,"variations":1130,"lastUpdated":1131,"firstPublished":1132,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":1133,"meta":1134,"rev":1118},1753178561135,"dc289e14fe9348248692186620322f2c","Josh Lemos",[],{"thumbnail":1125,"vimeoId":1126,"subTitle":1127,"description":1128,"title":1122,"duration":1129},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33ad464e24f34c82906a0a38468c971c","1102047122","CISO","Push gives me the security context I need in the browser without requiring everyone to converge on a single enterprise browser platform.","2:10 min",{},1781184612619,1753178598901,[],{"kind":28,"breakpoints":1135,"lastPreviewUrl":29,"hasErrors":6,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":1137,"id":1138,"name":1139,"modelId":1104,"published":13,"stageModifiedSincePublish":6,"query":1140,"data":1141,"variations":1147,"lastUpdated":1148,"firstPublished":1149,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":1150,"meta":1151,"rev":1118},1753178508341,"502211493fb74b12b5e02179bac81918","Ash Devata",[],{"thumbnail":1142,"vimeoId":1143,"title":1139,"subTitle":1144,"description":1145,"duration":1146},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6e3400d3b113480eb4309a7509d72ef2","1102047399","CEO, GreyNoise","We love the product and use it every day. When an employee clicks on a link and opens a browser session, that's where Push is.","2:15 min",{},1781184654879,1753178537654,[],{"kind":28,"lastPreviewUrl":29,"breakpoints":1152,"hasErrors":6,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":1154,"id":1155,"name":129,"modelId":1104,"published":13,"stageModifiedSincePublish":6,"query":1156,"data":1157,"variations":1164,"lastUpdated":1165,"firstPublished":1166,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":1167,"meta":1168,"rev":1118},1753178281400,"429b3b67348348b2ada89563e90359a0",[],{"vimeoId":1158,"thumbnail":1159,"description":1160,"subTitle":1161,"title":1162,"duration":1163},"1102047623","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fca9487bd90e1496ba915b2356236d85a","Push has actually been one of our favorite vendors to work with. We're thrilled with the feature direction and are extremely excited for the future.","CISO, Inductive Automation","Jason Waits ","2:01 min",{},1781184679341,1753178396316,[],{"kind":28,"breakpoints":1169,"lastPreviewUrl":29,"hasErrors":6,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":1171,"id":1172,"name":1173,"modelId":1104,"published":13,"stageModifiedSincePublish":6,"query":1174,"data":1175,"variations":1181,"lastUpdated":1182,"firstPublished":1183,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":1184,"meta":1185,"rev":1118},1753095741593,"709549a39cfa4d7ea37af7a1df16a366","Myke Lyons",[],{"subTitle":1176,"description":1177,"title":1173,"thumbnail":1178,"vimeoId":1179,"duration":1180},"CISO, Cribl","Push is giving us the ability to play a better, more interactive role model for users in the browser, while allowing people to choose their own path.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F849139d92f174c78b647c7d3a9d45c4c","1102047806","2:06 min",{},1781184694852,1753095780459,[],{"kind":28,"breakpoints":1186,"lastPreviewUrl":29,"hasErrors":6,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":1188,"id":1189,"name":1190,"modelId":1104,"published":13,"stageModifiedSincePublish":6,"query":1191,"data":1192,"variations":1198,"lastUpdated":1199,"firstPublished":1200,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":1201,"meta":1202,"rev":1118},1753093796185,"3faab6414c4d49b8b35162589933c4c9","Ross McKerchar",[],{"title":1190,"description":1193,"subTitle":1194,"vimeoUrl":1195,"vimeoId":1195,"thumbnail":1196,"duration":1197},"Being in the browser gives a unique view that enables security teams to observe attacks that you otherwise can't.","Investor","1102048247","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F29861ccc980b472da4a531c3ce31efe7","3:03",{},1781184712982,1753093910375,[],{"kind":28,"breakpoints":1203,"lastPreviewUrl":29,"hasErrors":6,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},1784196750388]