Risky Business News: In-Depth Look at Push Security’s New Stolen Credentials Detection Feature

Release Date: December 1, 2024

In this episode of Risky Business News, host Catalyn Campano engages in a comprehensive discussion with Jacques Law, co-founder and Chief Product Officer of Push Security. Sponsored by Push Security, the episode delves into the nuances of identity-based cyber threats, the evolution of phishing techniques, and the innovative solutions Push Security is bringing to the forefront of cybersecurity.

1. Introduction to Push Security and Identity-Based Attacks

Catalyn Campano (00:06):
"Hello, this is Catalyn Campano and this is a Risky Business news sponsored interview with Jacques Law, co-founder and chief product officer of Push Security."

Catalyn sets the stage by introducing Jacques Law and Push Security, emphasizing the company’s focus on combating identity-based attacks through a browser extension designed to detect and prevent credential thefts and phishing attempts.

2. The Evolution of Phishing Kits and Identity-Based Threats

Catalyn shares a personal anecdote highlighting the evolution of phishing kits, specifically the transition to reverse proxy-based phishing kits like Modelshka, which can bypass multifactor authentication (MFA).

Catalyn Campano (00:25):
"The most read article I ever had was an article that basically described the researchers' work on a tool called Modelshka which was basically a phishing kit that could bypass multifactor authentication."

This story underscores the increasing sophistication of phishing attacks and the necessity for advanced detection mechanisms.

Jacques Law (02:27):
"Phishing kits today are very bespoke. They change the actual behavior of the source website significantly... they implement specific techniques to bypass existing controls."

Jacques elaborates on how modern phishing kits adapt to evade traditional security measures, making detection more challenging.

3. Push Security's Detection Methods and the Pyramid of Pain

Jacques introduces the concept of the Pyramid of Pain, explaining how Push Security prioritizes detection strategies that target user behavior over specific phishing kit signatures.

Jacques Law (02:27):
"From there you could detect specific signatures of the tool a little bit above. From there you can actually detect very generic things that the tool is doing."

By focusing on the fundamental behavior of phishing attacks—such as users entering credentials on fake login pages—Push Security enhances its ability to prevent breaches effectively.

4. Tackling Detection Evasion and Enhancing Prevention

The conversation shifts to the prevention-focused approach of Push Security, emphasizing proactive measures over reactive detections.

Catalyn Campano (06:19):
"So you're more like on the prevention side than the detection. Your product is more useful for the prevention, right?"

Jacques Law (06:28):
"Typically customers are rolling out the product inside very like a monitor mode for the first month... then you put it into blocking mode and you can actually block virtually all phishing attacks."

This strategy ensures that organizations not only detect but also prevent credential theft by enforcing unique SSO passwords and blocking suspicious activities.

5. Introduction of the Stolen Credential Detection Feature

One of the significant highlights is Push Security’s new Stolen Credential Detection feature, which enhances the accuracy of threat intelligence feeds.

Jacques Law (11:37):
"We're just calling it stolen credential detection. We like to be descriptive."

Jacques explains how this feature filters out false positives by cross-referencing leaked credentials against actual user data, ensuring that only verified breaches are flagged.

Catalyn Campano (09:52):
"Most of these breached password Databases are 90% are just old, very old stuff."

This acknowledgment of the limitations of traditional threat feeds reinforces the necessity for more precise detection mechanisms.

6. The Role and State of Multifactor Authentication (MFA)

The discussion turns to Multifactor Authentication (MFA), its effectiveness, and the challenges surrounding its implementation.

Catalyn Campano (12:50):
"I'm interested for a company that handles identity attacks at the browser level, what's your stance on the state of multifactor authentication..."

Jacques Law (12:50):
"There's very little one can disagree that it is a super effective thing to do... but user pushback against this as a control."

Jacques emphasizes the importance of implementing phishing-resistant MFA methods and highlights the complexity organizations face in managing MFA across numerous applications.

7. Push Security’s MFA Guardrails Feature

To address MFA challenges, Push Security has developed MFA Guardrails, a feature that enforces MFA across applications that may not natively support it.

Jacques Law (15:56):
"One of the new features that we've just launched is called MFA guardrails... enforce MFA on that app."

This tool prompts users to enroll in MFA when accessing applications lacking native MFA support, thereby enhancing overall security.

Catalyn Campano (16:25):
"I'm curious to know... can push help me at least secure it in some way?"

Jacques confirms that Push Security provides visibility and enforcement capabilities, even for legacy applications that do not originally support MFA.

8. The Perception of Identity Security in the Cybersecurity Industry

Jacques addresses the broader perception of identity security, noting its critical yet often underappreciated role in the cybersecurity landscape.

Jacques Law (18:28):
"There is this kind of perception that identity security is not a very sexy area... it's the oldest security control there was."

He argues that despite being a cornerstone in preventing breaches, identity security lacks the spotlight and innovation seen in other areas like network security or application security.

Catalyn Campano (19:29):
"Exactly. It's either your networking gear or some phishing, but that's how they always get in."

This sentiment reflects a common industry oversight, where foundational security measures are not given due attention.

9. Conclusions and Future Insights

In wrapping up, both Catalyn and Jacques underscore the necessity for greater focus and innovation in identity security to keep pace with evolving threats.

Jacques Law (20:53):
"It's not dumb if it works. And it really is working today."

This concluding thought reinforces the effectiveness of Push Security’s approach and the importance of continual advancement in identity-based threat prevention.

Key Takeaways:

• Push Security is at the forefront of combating sophisticated identity-based attacks through innovative browser-based solutions.

• The evolution of phishing kits necessitates advanced detection and prevention strategies that focus on user behavior and credential management.

• The introduction of the Stolen Credential Detection feature significantly reduces false positives, enhancing the reliability of threat intelligence.

• MFA remains a critical, yet challenging, component of identity security, with Push Security’s MFA Guardrails offering a proactive solution for enforcement.

• Identity security is a fundamental yet underrepresented area in the cybersecurity industry, requiring increased focus and resources.

This episode provides invaluable insights for cybersecurity professionals seeking to enhance their organization's defenses against identity-based threats, emphasizing the need for proactive and intelligent security measures.