Identity is the new perimeter. Attackers are no longer hacking into your organization—they’re logging in with compromised credentials. Push Security is countering this shift with a browser-based Identity Threat Detection and Response (ITDR) platform that allows SecOps teams to detect and stop attackers that are targeting their identity attack surface.
With the rise of identity-based attacks, Push Security offers real-time visibility across identities, apps, accounts, and authentication methods, while enforcing browser-level security controls to prevent and detect identity threats that other tools can’t see.
Dan K Anderson, a CISO and vCISO with deep expertise in identity and access management, emphasizes the growing significance of identity-based security:
“In today’s threat landscape, attackers are going for the path of least resistance, and that’s often through stolen credentials. The days of defending just the network perimeter are over—identity is the new battlefield. Push Security’s browser-based ITDR solution is vital because it secures the frontlines of where these identity threats are emerging, providing unparalleled visibility and control where it’s needed most.”
Push Security empowers organizations to protect their identity attack surface by proactively preventing and detecting identity-based breaches before they occur.
Push Security, founded in 2022, is addressing a fundamental shift in cyberattack methods—from targeting traditional endpoints and networks to exploiting identities and credentials. As attackers capitalize on the expanded attack surface created by user identities on cloud-based services and SaaS apps, Push Security steps in with a browser-based agent that monitors workforce identities in real-time, including identities on unmanaged apps. Generating identity security telemetry from browser data is what sets Push apart from other ITDR products that rely on IdP logs alone.
This unique telemetry provides real-time detection of identity-based threats, risky user behaviors, and enables Push to enforce security controls directly in the browser, stopping attacks at the point of impact.
Push Security provides out-of-the-box controls that address the most common identity attack techniques, such as phishing, adversary-in-the-middle (AitM) toolkits, infostealer malware, credential stuffing, password spraying, and session hijacking. The platform is ready to go right out of the box, making it easy to deploy and integrate into existing security environments.
Quote from the CEO or founder:
“The Snowflake breach earlier this year was the WannaCry moment for identity-related attacks. It showed us that attackers are taking advantage of complex and vulnerable identity attack surfaces. They no longer need 0 day exploits or EDR evading malware to achieve their goals, instead all they need is a valid set of credentials or a session token. We were the first ITDR solution to use the browser as a telemetry source and control point, and since then we’ve been busy building new detection use cases and response functionality so that our customers can detect and stop identity-related attacks before their user accounts are compromised. Push customers love the visibility Push provides across their identity attack surface and are now able to detect and defeat AitM phishing toolkits, credential stuffing attacks and session hijacking using stolen session tokens.”
– Adam Bateman, Co-founder and CEO, Push Security
Quote from a customer:
“Push does for identity what CrowdStrike did for the endpoint.” – Geoff Belknap, Deputy CISO, Microsoft
The recent Snowflake breach, alongside incidents involving Okta and MGM Resorts, highlight the critical need for organizations to have better visibility and control over their identity attack surface. Push Security stands out as the first ITDR solution to recognize the browser as the natural ingress point for all identity-related activities, making it the most effective telemetry source and control point for detecting and preventing identity-based attacks.
Unlike other ITDR platforms that rely solely on IdP logs and funnel them into a secondary SIEM-like platform for detection use cases, Push stands out by generating its own telemetry directly from the browser. This browser data offers the most comprehensive and context-rich source for monitoring your entire identity attack surface.
By being in the browser, Push can observe web pages as the user sees them, inspect the app code, source code, HTTP requests and responses as well as IP connections. It also allows Push to see how users are interacting with the web pages, for example if they’re clicking on links, typing text or entering a password.
Many indicators of identity attacks may not appear in IdP logs alone, but they can be detected when browser telemetry is included in your monitoring. Push also allows you to enrich this browser data with IdP data, giving you the best of both worlds for a more robust defense.
Identity attacks, particularly those using stolen credentials, are now the leading cause of security breaches worldwide. According to IBM’s 2024 Threat Intelligence Index, 30% of all breaches involved the use of valid credentials to gain unauthorized access to corporate networks. Additionally, a report from Crowdstrike found that 80% of cyberattacks involve compromised credentials. As organizations expand their use of cloud services and SaaS applications, they face an increasingly complex and unmonitored identity attack surface, which presents attackers with numerous opportunities to exploit.
Without comprehensive visibility into their identity ecosystem, organizations are vulnerable to attackers who can leverage compromised credentials to move laterally through systems, escalate privileges, and execute malicious activities such as data theft, ransomware deployment, or operational disruption.
Two significant shifts have compounded the identity security challenge:
- The rise of cloud-based environments and decentralized IT management: As organizations adopt more SaaS applications and rely on cloud infrastructure, employees create more digital identities, many of which go unmonitored. Traditional perimeter-based security controls are no longer enough to protect this expanding identity attack surface.
- The increasing difficulty of traditional attacks: As cybersecurity tools evolve, attackers are finding it more difficult to exploit vulnerabilities in networks and endpoints. Instead, they are shifting focus to identity attacks, using stolen credentials as the quickest and easiest way to infiltrate an organization’s systems.
Traditional tools like MFA, SSO, and EDR only partially address the problem, as attackers can still bypass these defenses using sophisticated techniques like phishing, session hijacking, or adversary-in-the-middle toolkits. Push Security’s browser-based ITDR solution fills the gap by providing continuous monitoring and control at the point where identities are most vulnerable.
Recommendations
- Treat your identity attack surface as the primary area for defense—it is now where most breaches happen.
- Gain full visibility and control over all identities, including those in unmanaged apps, to secure your organization’s access points.
- Leverage browser-based telemetry, like Push Security, to detect and prevent identity-based attacks in real time.
Call to Action
Push Security provides a unique ITDR solution for managing the identity as the new perimeter. By offering continuous visibility, automated guidance, and behavioral nudges, Push Security helps organizations reduce risk and maintain compliance without disrupting productivity.
Learn how Push Security can transform your identity security strategy—
Visit https://pushsecurity.com/demo/ to schedule a free demo and explore their capabilities. Twitter @PushSecurity #SaaSsecurity #shadowIT #cloudsecurity
About the Author
Dan K. Anderson, Winner Top Global CISO of the year 2023
Dan currently serves as a vCISO and On-Call Roving reporter for Cyber Defense Magazine. BSEE, MS Computer Science, MBA Entrepreneurial focus, CISA, CRISC, CBCLA, C|EH, PCIP, and ITIL v3.
Dan’s work includes consulting premier teaching hospitals such as Stanford Medical Center, Harvard’s Boston Children’s Hospital, University of Utah Hospital, and large Integrated Delivery Networks such as Sutter Health, Catholic Healthcare West, Kaiser Permanente, Veteran’s Health Administration, Intermountain Healthcare and Banner Health.
Dan has served in positions as President, CEO, CIO, CISO, CTO, and Director, is currently CEO and Co-Founder of Mark V Security, and Cyber Advisor Board member for Graphite Health.
Dan is a USA Hockey level 5 Master Coach. Current volunteering by building the future of Cyber Security professionals through University Board work, the local hacking scene, and mentoring students, co-workers, and CISO’s.
Dan lives in Littleton, Colorado and Salt Lake City, Utah linkedin.com/in/dankanderson
