Today, we’re excited to announce our investment in Push Security, a new cybersecurity company that uses conversational AI to help users protect themselves while using SaaS applications at work. Push automatically discovers the hundreds of cloud apps throughout your company and once deployed, politely suggests security best practices - “nudging” users to turn on multi-factor authentication, use strong passwords, and properly configure their SaaS account to prevent breaches and data loss without requiring IT support. Free to try and used by companies of all sizes today, Push gives security teams the visibility and automation needed to support the rapid growth of SaaS, empowering every user to be a defensive force in the fight against cybersecurity breaches.
The three co-founders of Push - Adam Bateman (CEO), Jacques Louw (CPO), and Tyrone Erasmus (CTO) - worked at MWR InfoSecurity (acquired by F-Secure), a renowned UK-based cybersecurity firm famous for its security research. We asked them to share their vision and mission for Push in our founder Q&A:
Adam: We all had very similar backgrounds growing up in the rural areas of the UK and South Africa. We discovered computers early in life and became proficient at “hacking” our way around the Internet. My first job as a teenager was as a web developer - I found e-commerce sites with web vulnerabilities, and after showing the owners I could take over their sites, they started paying me to rebuild them more safely. Tyrone, at a similar age, became famous for hacking his local ISP and open sourced a tool called “DSL Thief” to show how easily anyone could “borrow” someone else’s bandwidth. We all shared a passion for finding the cracks in every system and were lucky to find each other in the cybersecurity industry at MWR Infosec, one of the elite consultancies for security research.
Jacques: We have played on both sides as cybersecurity researchers. In general, it is easier to be on offense (the “Red” team) and to attack a system to exploit its weaknesses than to try and protect every possible hole. The rapid growth of SaaS and remote IT works against most cybersecurity / defensive teams (the “Blue” teams) – as the complexity of IT goes up, it is easier to find a weakness to exploit. At MWR, we would sit down with a very large bank or Fortune 100 company and tell them what we planned to do, and without using any zero-days or other particularly sophisticated techniques, still blow past their wildly expensive security software. We used the same attacks again and again, and eventually, the exercise became almost too easy – even when teams had bought the very best cybersecurity tools we found that we could eventually compromise almost any system and not be noticed.
We learned over several years that breaching an enterprise and showing them their weaknesses sadly does not dramatically change an organization’s security posture. Most companies have a lot of cybersecurity products – arguably, they have too many and struggle to keep up with it all. We wanted to step back and figure out how to make a big difference without adding even more layers of complexity and noise for the security team.
Tyrone: I think the most challenging part about building an effective defense is that you aren’t just trying to protect systems – you are protecting people, too, and it’s much harder to create a product that can do both. Even when you have the very best software in place, you have only solved the engineering problem – but you also need to solve the cultural problem of having execs and employees who don’t always understand cybersecurity and need to be educated on how they can protect the organization and themselves. Our detection capabilities at MWR were best-in-class, but just finding security vulnerabilities in your environment doesn’t really help if you don’t have the ability to change end user behavior. I think we all felt that security is just as much a human problem as it is a technology challenge, and you can’t ignore user engagement if you want to have any real impact on your cybersecurity posture.
Adam: Throughout IT history, we have put applications and servers behind lock and key and installed incredibly sensitive motion detectors and alarms. Security teams get notified if something happens, and they are always drowning in alerts that require some form of remediation. One of the most important goals for Push was NOT to add to a security team's to-do list, and to do so we needed to find a way to work directly with employees to help them fix issues before the security team ever got involved. Working with employees in this way is more scalable and gives us the opportunity to address the security needs of 99% of companies – not just the 1% that can afford a large cybersecurity team. Rather than seeing employees as the weakest link in security, we're equipping them to become part of the solution.
Jacques: We wanted to be one of the few cybersecurity products that is easy to use in every dimension. Push’s product is designed to be free to try and frictionless to install – it can be deployed in a few clicks, can detect what SaaS applications are in use without any provisioning, and uses Microsoft Teams or Slack to automatically nudge users to take small actions to secure themselves. You don’t need an IT department to get started and can scale up to even the largest companies - our product already is in use by organizations with as few as 5 and as many as 15,000 employees today.
Adam: Our vision is for Push to be the leader in user-centric security. The world has changed dramatically in the past few years and the cybersecurity industry needs to keep up and evolve with the times. We need to move from a vendor-centric model that slows users down, to a user-centric model where users can rapidly adopt the applications that they need without building walls around them that hinder their productivity. The rapid adoption of SaaS and conversational AI allows us to create security solutions that protect and engage users in ways that were previously not possible. We all know that security should be easier for everyone to adopt and we are committed to making this vision a reality at Push.
You can learn more and try Push for free at pushsecurity.com