As a remote-first company, Cribl empowers its employees with the flexibility to innovate quickly. This freedom, though, creates a common challenge for security teams in remote-first environments: the inherent difficulty in gaining deep visibility into the browser-based attack surface, even with a robust security stack.
"I threat-modeled every single thing that we could think of that could possibly go wrong, and identity was high on that list," said Alex Crusco, Staff Security Engineer at Cribl. "There are many ways attackers can manipulate users and gain access without triggering traditional alerts."
The team needed a solution that wouldn't slow the business down but could deliver concrete high-confidence data about identity hygiene and risky app behavior. "Without the right data, this problem was just a theory," said Aaron Thummel, Senior Security Analyst. "Push gave us the data to quantify the risk and drive real change. It's hard to get a security initiative off the ground without solid numbers to back it up."
Before Push, the security team relied on correlating data from their IdP and other tools to investigate potential threats. This process was time-consuming, and it often lacked the browser-level context needed to trace incidents back to their source.
"I didn't have visibility into the browser before, so there was no way for me to determine what actually happened or how it started," explained Alex. "It's more like backwards tracing, rather than, ‘How did it happen?’"
Those limitations came into sharper focus when Cribl deployed Push. Early on, the team identified a misconfigured login page on a core business application that was still accessible, and in use.
"We found that a significant number of users were still logging in with just their username and password, bypassing SSO entirely," recalled Alex. "Our team's diligence discovered this issue and, with the power of Push, addressed this hidden, previously unquantifiable risk."
Equipped with this new telemetry, the team proactively reviewed login activity across other high-use apps. They discovered a similar misconfiguration on another widely used business platform, where password reuse and insecure login methods posed added risk. These discoveries confirmed what the team had long suspected, that some risks are only visible from inside the browser.
Cribl chose Push to build on their existing security strategy and extend protection into the browser, the control point where users interact with critical apps every day. Push’s browser extension gave the team real-time visibility into SaaS usage, authentication methods, and identity posture. Rather than introducing new overhead, Push enhanced the workflows the team already had in place.
Initially, Cribl analysts manually triaged Push alerts. But as they operationalized the data, they began building their own automations, starting with a custom Slack bot that notifies employees about issues like password reuse, in line with Cribl’s culture of positive, proactive security engagement.
This shift from manual investigation to structured automation saved the team hours of effort per incident.
“Now we can focus our efforts elsewhere,” said Aaron.
Push’s structured telemetry also gave the team the confidence to work cross-functionally, partnering with IT to deprecate risky login paths and fully enforce SSO where needed.
Using Push, Cribl confirmed and remediated unmonitored login paths across critical business apps, risks that had previously gone unquantified.
As the Cribl team operationalized Push’s browser-native telemetry, they found it incredibly useful for detection, enrichment, and investigation. So useful, in fact, that they built official Cribl packs to help other teams get the same benefits, without needing to write custom code.
The result:
Both are available via the Cribl Dispensary, and designed to help security teams operationalize browser-based detection and response with minimal effort.
This native integration is part of Push’s broader strategy to work with the tools security teams already use, and get powerful telemetry into their hands, fast.
