▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | Italian Channel Awards | Italian Project Awards | Italian Security Awards | ...
InnovationOpenLab

Push Security Delivers Browser-Native Security as Direct Alternative to SWG and CASB, Targeting the Attacks Proxy-Based Tools Can't See

Push Security, the most powerful AI-native security tool in the browser, today announced browser-native capabilities that directly address the use cases organizations have traditionally used secure we...

Immagine

As proxy-based security shows its limits, Push Security offers a browser-native alternative built for the attacks that live inside the session

BOSTON: Push Security, the most powerful AI-native security tool in the browser, today announced browser-native capabilities that directly address the use cases organizations have traditionally used secure web gateways (SWGs), cloud access security brokers (CASBs) and security service edge (SSE) platforms to solve, including URL blocking, domain categorization, phishing protection, malicious file detection, shadow SaaS discovery and AI usage governance.

The announcement challenges a market projected to reach $42 billion by 2030, at a moment of growing doubt about its core architecture. Research indicates that gateways and next-generation firewalls miss approximately 60% of malicious web pages, not because of implementation failures, but because of a structural limitation: Network tools see where traffic went, but they cannot see what the user actually saw and did.

“SWGs were designed for a world where the threat was malware crossing the wire, however that world is gone,” said Adam Bateman, CEO of Push Security. “Today’s attacks, like AitM phishing kits, ClickFix lures, session hijacking and OAuth abuse, play out entirely inside the browser session, long after the network proxy has decided to allow the traffic. We built Push to detect and stop attacks at the layer where they actually happen.”

The structural flaw in proxy-based security
Traditional SWG, CASB and SSE architectures intercept and inspect traffic between users and the internet, enforcing URL categorization and policy at the network layer. This requires routing all user traffic through a cloud proxy which introduces latency, creates a single point of failure, and generates friction that consistently surfaces as the top end-user complaint in SWG deployments. More fundamentally, it leaves the browser session itself unmonitored.

Modern credential-harvesting attacks are specifically engineered to defeat the network layer. Adversary-in-the-middle (AitM) phishing kits use infrastructure rotation, trusted CDNs, and bot protection to stay off blocklists. Many now detect when they are executing inside a gateway sandbox environment and disable their malicious behavior during inspection, appearing benign to the network tool, then re-activating when the real user lands on the page.

By the time a phishing domain is categorized, it has typically already been decommissioned. In fact, 89% of phishing domains are active for fewer than two days. Increasingly, adversaries are also abusing trusted services to deliver attacks, bypassing known-bad detections in legacy solutions like network proxies.

Meanwhile, 82% of attack detections are now malware-free, meaning attackers operate entirely within legitimate browser sessions through credential theft, session hijacking and identity abuse generating no network-layer signal for a proxy to act on.

Push recently discovered and blocked ConsentFix, a novel attack technique that takes over Microsoft accounts with no password entry, no MFA prompt and no anomalous sign-in event for network or identity tools to detect. It was invisible to every proxy-based control in the stack. It was only detectable at the browser layer.

Browser-native detection and policy enforcement without breaking traffic
Push operates as a lightweight browser extension deployed to users’ existing browsers, with no traffic rerouting, no proxy infrastructure, and no browser migration required.

Push observes the live browser session from the inside via the rendered DOM, including credential entry events, script behavior, clipboard contents, OAuth consent flows, and file uploads and downloads. Because Push observes client-side network requests from within the browser before encryption, it captures the data that network tools can only access by decrypting and re-encrypting traffic - without the deployment complexity or session-breaking risks of inline TLS interception.

This architecture enables Push to:

  • Detect phishing behaviorally, not by URL or domain reputation: Push recognizes AitM kit signatures and credential harvesting TTPs as the page loads, catching the attacks that evade sandbox analysis by design. This means Push is not reliant on known-bad TI to identify attacks, and can detect malicious behavior delivered even through trusted services.
  • Block ClickFix: Push detects the malicious page behavior and the clipboard payload, covering the 47% of attacks that used ClickFix as initial access last year.
  • Block domain and app categories: Push’s domain and app categorization features provide easy governance of web and application access, with configurable exceptions and group-based rules available.
  • Govern browser extensions: Push inventories all extensions across the fleet, monitoring for permission escalation and ownership changes, and blocks malicious extensions that SWGs cannot see.
  • Stream rich browser telemetry to SIEM / SOAR: Push provides a net-new telemetry source to security teams, delivering unmatched visibility of browser-layer activity to downstream systems, supporting log correlation with the IdP and other intelligence sources for threat hunting, insider risk investigation, and automated remediation.
  • Deliver point-in-time guidance to end-users: With fully customizable banners and block screens, admins can guide users to appropriate security behaviors directly in the browser and re-enforcing company policy.
  • Discover shadow SaaS from actual login events: Push inventories and automatically categorizes apps in use across the business, including authentication method, password strength and MFA status, not just traffic patterns.
  • Control AI tool usage and data flow at the session level: Push observes what data users share with AI and other work applications, not just whether a request reached a specific domain. Apply controls to block file uploads, downloads, or clipboard actions to manage data loss risk.
  • Block malicious files: In addition to applying policy around files and clipboard actions, Push can also detect malicious files and verify their behavior via sandboxing.
  • Protect unmanaged and BYOD devices: Roughly 46% of infostealer infections that lead to corporate breaches originate on non-managed machines where EDR is absent; Push deploys to those devices without MDM.

Consolidation without disruption
Push does not require organizations to abandon existing network investments to realize value. For security teams looking to consolidate, Push provides a browser-native alternative for the use cases that SWG and CASB deliver imperfectly, at a fraction of the cost of enterprise SSE tiers, which can exceed $375 per user per year. For teams running SSE platforms they intend to keep, Push layers on top, adding behavioral detection, AI visibility and control, and browser extension blocking that proxy-based tools cannot provide by design.

“We’re not asking security teams to do a feature comparison,” said Bateman. “We’re asking them to look at the outcomes they’re actually paying for, and whether a proxy that can't see inside the session is the right tool to deliver them.”

Learn more about Push’s SWG capabilities at https://pushsecurity.com/solution/tool-replacements/secure-web-gateways

About Push Security
Push Security is the secure enterprise browser extension for security teams. Founded by red team and blue team experts, Push combines high-fidelity browser telemetry, real-time control, and autonomous agents to stop advanced attacks, secure AI usage, harden identities, and prevent data loss, all from your users’ existing browsers, no migration required. Push is backed by Decibel, GV (Google Ventures), Redpoint Ventures, Datadog Ventures, B3 Capital and other notable angel investors. For more information, visit https://pushsecurity.com or follow @pushsecurity.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

RSA at Cybertech Europe 2024

Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…

Italian Security Awards 2024: G11 Media honours the best of Italian cybersecurity

G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes

How Austria is making its AI ecosystem grow

Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries

Sparkle and Telsy test Quantum Key Distribution in practice

Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…

Most read

Capco Recognized by OpenAI for Innovation and Responsible AI Leadership

Global management and technology consultancy Capco, a Wipro company, has been recognized by OpenAI for both AI innovation and responsible AI leadership.…

Securonix Appoints Toby Weiss as Chief Executive Officer to Scale the…

Securonix, Inc., a six-time Leader in the Gartner® Magic Quadrant™ for SIEM, today announced the appointment of Toby Weiss as Chief Executive Officer.…

Brera Holdings PLC (d/b/a Solmate Infrastructure) Announces Results of…

Brera Holdings PLC (Nasdaq: SLMT) (the “Company” or “Solmate”) today announced the voting results in respect of Proposal No. 1 and Proposal No. 2 of its…

Blackline Safety Announces Final Regulatory Approval for Going Private…

Blackline Safety Corp. (“Blackline” or the “Company”) (TSX:BLN), a global leader in connected safety technology, today announced that it has received…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!