Start with Identity
ITDR

Push Security

Founded 2020London, United KingdomPrivateScore 3.9/5Evaluated 2026-06-19Website ↗

Capability scores

Methodology →
Authentication
4.5
SSO & Federation
3.0
Authorization
4.0
Lifecycle & Provisioning
3.0
MFA & Passwordless
3.5
Governance & Audit
4.0
Developer Experience
3.5
Deployment Flexibility
3.5
Pricing Transparency
2.5
Support & Ecosystem
3.5

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

Push Security uses a browser extension to detect and stop identity attacks, including phishing, credential reuse, and account takeover, across the SaaS apps employees actually use. Founded in 2020 in London, it takes a deliberately different vantage point from server-side and network tools: the browser, where real authentication happens. That placement lets it see things like password reuse and adversary-in-the-middle phishing as they occur. See what ITDR is and why it matters for context.

What it is good at

Browser-based visibility into real user authentication and attacks is the differentiator. Because the extension sits where users log in, Push can detect credential reuse across apps, spot phishing kits and AiTM attacks in real time, inventory SaaS and account usage, and block risky logins before a session is established. This catches attacks that never touch the corporate network or the IdP logs, closing a genuine blind spot for SaaS-heavy organizations.

Where it falls short

It depends on browser-extension deployment, so unmanaged devices, mobile apps, and non-browser access fall outside its view, and rollout requires endpoint coordination. It focuses on the browser and SaaS surface, so it is not an AD-centric ITDR and offers no directory recovery. Coverage is only as good as extension penetration across the fleet.

Pricing

Subscription with published starting points, more transparent than most peers. Validate against seat counts and model with the TCO calculator.

Best for, and who should look elsewhere

A strong fit for teams that want to detect identity attacks via a browser extension and stop phishing, credential reuse, and account takeover in real time. Look elsewhere if you cannot deploy a browser extension or need AD-centric ITDR. Compare with Nudge Security, Grip Security, SpyCloud.

Bottom line

A novel, effective browser-based approach to stopping identity attacks in SaaS, best where extension deployment is feasible and the SaaS surface is the priority. Browse the ITDR vendor directory.

By SWI Community Team · Last evaluated 2026-06-19

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to community@startwithidentity.com.