In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.

Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up.

It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it.

There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it’s enrolled into your SSO, are you sure that’s how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable?

This is a fun one!

This episode is also available on Youtube.