Risky Business Podcast Summary

Episode: Risky Biz Soap Box: Push Security's Browser-First Twist on Identity Security
Host: Patrick Gray
Guests:

• Adam Bateman, Co-Founder & CEO, Push Security
• Luke Jennings, Head of Research, Push Security
  Release Date: May 15, 2025

Introduction

In this special soapbox edition of the Risky Business podcast, host Patrick Gray delves into the innovative approaches of Push Security, an identity security company redefining how organizations monitor and protect user identities within their digital environments. Sponsored entirely by Push Security, this episode features an insightful conversation with Adam Bateman, Co-Founder and CEO, and Luke Jennings, Head of Research, offering listeners a deep dive into the complexities of modern identity threats and Push's cutting-edge solutions.

Understanding Push Security's Browser-First Approach

Patrick Gray begins by outlining the core functionality of Push Security. Unlike traditional identity security solutions that primarily analyze Single Sign-On (SSO) logs, Push employs a browser extension to monitor all user accounts accessed through the browser—the primary ingress point for identity information today.

Adam Bateman emphasizes the necessity of browser visibility:
"Push can monitor the browser for all accounts that a user in your environment is using... the browser is the ingress point for identity information these days. The fact we don't have visibility there is kind of nuts." (00:00)

This comprehensive monitoring allows Push to detect not only SSO misuse but also unauthorized access to various SaaS applications, automation platforms, and more, providing a holistic view of an organization's identity landscape.

Evolving Threat Landscape: Beyond Traditional SSO Attacks

Adam Bateman discusses the shifting tactics of attackers who, as defenses around primary SSO credentials strengthen, pivot to exploiting other applications with lower friction points.

"Attackers are starting to move out to other applications on the side. So we're seeing people directly phish things like Postman directly and then use that to get access to loads of API tokens..." (03:08)

Luke Jennings adds that modern phishing attacks have become more sophisticated, often circumventing traditional email gateways by leveraging legitimate services or hybrid attack vectors:
"We've seen some very interesting hybrid attacks where email is technically the delivery vector, but there's other legitimate services involved..." (04:19)

Examples include:

• Evil Jinx: A popular phishing kit that facilitates one-time passcodes and steals authentication tokens. Push can detect such threats by analyzing user interactions within the browser.
  "Being in the browser puts you in a pretty unique position to inspect things at various different levels..." (07:16)
• Jotform Exploits: Attackers exploit contact forms to engage sales processes, ultimately redirecting users to malicious servers through legitimate-looking forms.

Push Security's Detection and Response Capabilities

Patrick inquires about Push's capabilities in detecting and responding to sophisticated phishing attempts. Adam explains Push's dual approach:

1. Set-and-Forget Blocking: Most users deploy Push for automated blocking of malicious attempts without manual intervention.
   "We can see network traffic, JavaScript libraries, local storage, cookies, and more to effectively hunt across the browsers..." (12:12)

2. Advanced Hunting and Detection: For security teams seeking deeper insights, Push offers tools akin to "EDR for the browser," enabling detailed investigations into user activities and potential breaches.
   "We're building towards putting advanced hunting capabilities in the hands of more advanced teams towards the end of the year..." (14:36)

Notable Features:

• Comprehensive Telemetry: Push captures detailed browser interactions, enabling the tracing of phishing attempts from initiation to execution.
• No-Code Detection Builds: Future enhancements will allow security teams to create custom detections rapidly without extensive coding.

Market Adoption and Customer Insights

Adam Bateman highlights Push's broad and diverse customer base, spanning various sectors beyond the initially targeted SaaS-native companies. Financial services, known for their stringent security requirements, are significant adopters:
"Financial has been a really big one for us. They just care a lot about security, they invest a lot in security, and there's a lot of attacks." (30:32)

Other notable customers include:

• Charities and Local Organizations: Demonstrating Push's versatility across different organizational sizes and industries.
• Crypto Exchanges and Fintech: These sectors benefit from Push's ability to protect against high-value identity attacks.

Addressing OAuth Phishing and Future Developments

The conversation shifts to the emerging threat of OAuth phishing, where attackers exploit OAuth grants to gain extensive access across services. Patrick probes Push's current and future strategies to combat this:

Luke Jennings explains Push's backend integrations with major IDPs like Google and Microsoft, which help identify and flag risky OAuth permissions:
"We analyze the permissions and highlight ones that are risky... we'll probably do more in the browser as well with that in future." (25:06)

Adam Bateman elaborates on the need for visibility in diverse OAuth implementations, especially as more SaaS applications adopt OAuth beyond traditional IDPs:
"We're seeing OAuth connections between apps that don't involve the major IDP... so we're seeing OAuth sprawl increasing." (26:04)

Future Plans:

• Enhanced Browser Contextual Analysis: Understanding the context in which OAuth grants occur to better identify malicious intents.
• Comprehensive OAuth Tracking: Utilizing the standard nature of OAuth protocols to implement generic detection mechanisms within the browser.

Notable Saves and Real-World Impact

Adam shares success stories where Push has preemptively identified and mitigated critical security threats:
"We've had people reporting bugs to us saying, hey, there's a bug in the platform... turned out to be a big configuration issue where someone had dragged someone into a different OU, disabling MFA for many accounts." (31:45)

Such instances underscore Push's role in uncovering hidden vulnerabilities and ensuring robust identity security across organizations.

Conclusion

The episode concludes with Patrick Gray and the Push Security team emphasizing the growing complexity of identity security in today's digital landscape. Push's browser-first approach offers unparalleled visibility and protection against evolving phishing tactics, making it an indispensable tool for modern organizations.

"It's like when we used to have an external network perimeter... Now, it's about understanding the sprawling identity attack surface." – Adam Bateman (33:06)

Adam and Luke express optimism about future developments, including advanced detection tools and broader OAuth protection, positioning Push Security at the forefront of identity security innovation.

Patrick Gray wraps up the discussion:
"We've established that your tech is in some pretty important places. Can you think of a really great save that a customer's come to you and said, my God, one of our users tried to enter X into Y..." (31:25)

Key Takeaways

• Browser Visibility is Crucial: Monitoring browser activities provides comprehensive insights into user identities and potential threats.
• Evolving Threats Demand Advanced Solutions: As SSO defenses improve, attackers exploit other applications, necessitating flexible and robust security measures.
• Proactive Detection and Response: Push Security not only blocks threats but also equips security teams with tools for in-depth investigations and custom detections.
• Diverse and Growing Customer Base: From financial services to local organizations, Push's solutions cater to a wide array of industries facing identity security challenges.
• Future-Proofing Security Measures: Ongoing developments aim to address emerging threats like OAuth phishing, ensuring Push remains a critical component in identity security strategies.

Notable Quotes:

• "Push can monitor the browser for all accounts that a user in your environment is using... the browser is the ingress point for identity information these days." — Patrick Gray (00:00)

• "Attackers are starting to move out to other applications on the side... phish things like Postman directly." — Adam Bateman (03:08)

• "We're in a pretty unique position there. We get to the point where everything's been decoded, the DOM has been decoded..." — Luke Jennings (07:44)

• "We're much more focused on how do we stop the company or how do we protect the company from attackers, specifically around identity attacks." — Adam Bateman (11:49)

• "OAuth is a huge attack surface... it's the ability to write code effectively that runs and does anything you want with that access in future." — Luke Jennings (28:24)

This episode provides invaluable insights into the evolving landscape of identity security and showcases how Push Security's innovative browser-first approach is addressing modern challenges with efficacy and foresight. Whether you're an information security professional or simply interested in the intricacies of digital identity protection, this discussion offers a comprehensive understanding of the current and future state of identity security.