Push Security – a company that is simplifying SaaS security for modern IT and cybersecurity teams – announced it has raised $15 million in Series A funding. GV (Google Ventures) led the funding with participation from Decibel and notable angels, including Dug Song (co-founder and former CEO at Duo Security) and Tray.io (co-founder and CEO Rich Waldron). GV General Partner Karim Faris and Jon Oberheide, co-founder and former CTO of Duo Security, have joined the board.
There are hundreds of teams and over 50,000 users depending on Push Security to uncover any employee-owned SaaS deployed within the business and quickly remediate critical security vulnerabilities exposed by SaaS use. And the company has seen a 14 times increase in revenue in the first quarter of this year.
According to Push’s data, unchecked SaaS usage has increased significantly in the past year – which led to growing costs and security risks for enterprises:
– Since its launch last year in July 2022, Push has added nearly 500 SaaS apps.
– 41% of Microsoft 365 and 55 percent of Google Workspace app integrations were only used by a single employee.
– 23% of Microsoft integrations and 17 percent of Google integrations granted access to high-risk assets and data such as email, calendar, and shared drives.
– Only one-third of Microsoft app integrations were approved by IT via OAuth. The other two-thirds were provisioned directly by employees with no IT oversight or visibility.
Push Security is now launching a host of new features to help security teams take control of their SaaS portfolio:
– Browser-based SaaS account discovery tool – Since it is the only platform to operate in the browser, Push enables a deeper, more complete assessment of user accounts employees have created that could be vulnerable to password guessing, credential stuffing, have been exposed as part of a prior breach, or are missing important security controls such as MFA.
– Just-in-time notifications empowering user-led compliance – Alerts are directed to security teams and employees through Slack and Microsoft Teams instant notifications to prevent employees from creating security issues like prevention of password re-use or weak passwords. And with one click, employees can take action to secure their accounts.
– Managed browser extension deployment – Push can be installed via managed Chrome, Group Policy (Microsoft Active Directory), or Mobile Device Management (MDM) to every employee browser to ensure complete coverage.
– Detection of risky third-party integrations – A new dashboard enabling security teams to see all SaaS integrations connected to core platforms (Google Workspace and Microsoft 365) with warnings if those integrations are doing anything suspicious or malicious, or asking for excessive or risky permissions.
– ChatOps messaging for security teams – Push administrators can receive notifications in Microsoft Teams or Slack channels to get alerted immediately after a new third-party integration is detected or a user contacted via ChatOps confirms that a mail rule looks suspicious.
KEY QUOTES:
“As security professionals, we’re facing a significant increase in SaaS risk and as a result, rethinking how we approach company security. An explosion in SaaS adoption, coupled with a big push to self-service platforms driven by product-led growth (PLG), means employees increasingly sign up and buy SaaS directly without going through the security team first. This creates an unwieldy sprawl of SaaS applications being introduced to the business with no corporate oversight. Security teams have to play catch-up to ensure these apps aren’t exposing their businesses to undue security risks or invalidating their security compliance.”
— Adam Bateman, Push Security’s co-founder and CEO
“The threat landscape has shifted dramatically, as organizational IT resources have evolved from centrally-managed and hosted applications to team- or employee-managed cloud hosted SaaS with deep interdependencies (via integrations). Push allows us to gain deep insights into the usage of SaaS across our organization, including integrations that could pose a risk to company data, but also automate the remediation of these at scale by involving the internal users of SaaS application directly in the assessment and decision making.”
— Sebastien Jeanquier, Chief Security Officer at fintech company Upvest
“The global workforce is moving toward greater freedom and flexibility with SaaS applications, which introduces new security complexities and challenges. That trend presents a critical need for better, simpler tools that engage employees and take the burden off centralized IT to manage SaaS sprawl. GV is excited to partner with the Push team as they help modern security teams navigate the evolving cybersecurity threat landscape.”
— Karim Faris, General Partner at GV
