Security teams today face the daunting challenge of protecting sensitive business data spread across a vast IT ecosystem that comprises numerous SaaS platforms. Salesforce, Workday, Google Workspace, and Microsoft 365 are just a few of the central platforms used by organizations. But there are also several niche cloud applications deployed across an organization specific to a team, an industry, or custom developed in-house. The security of these smaller applications can be hard to manage and easy to overlook, making it challenging for organizations to assess and monitor security risks.
The granularity and variation of SaaS settings distributed across applications can quickly become overwhelming, leading to security vulnerabilities and increasing the likelihood of data breaches. Organizations need a solution that’s consolidated, automated, and scalable to secure their entire SaaS estate, including both large and niche applications.
And that’s why we are thrilled to launch ExtendTM—our solution to ‘extend’ Obsidian’s benefits to those niche applications that have so far been ignored by other security solutions.
Extend is a module built on top of the Obsidian platform that allows security teams to measure and manage security risk by surfacing application-specific configuration insights, user behavior, and activity across the entire SaaS estate. Unlike other solutions, Obsidian Extend takes a holistic approach to SaaS security, providing a consolidated and comprehensive view of the organization’s SaaS risk exposure, including smaller applications that are often ignored. Extend helps organizations reduce the likelihood of a security incident and continuously maintain adherence to regulatory compliance standards.
Security leaders need a solution that is able to handle a vast and varied number of SaaS applications, including both well-known platforms and custom-built applications. This requires the ability to quickly identify and onboard new applications, as well as provide visibility and control across all applications, regardless of where they are hosted. But not all applications have well documented APIs, or in some cases APIs at all. This often makes integration with them a challenge. Any solution that integrates with other applications must also be able to handle large volumes of data from these APIs, including real-time data, and provide insights and analytics based on that data.
When we set out to build a solution, we started with you: the user. Users want a single dashboard to view and monitor user activity and permissions granted across all applications used in the organization. This, without having to install, manage, configure complex SDKs.
With Obsidian Extend, we’ve set out to build the tools you need to do just that.
Get a consolidated and comprehensive view of your organization’s SaaS risk exposure: Instead of sifting through large amounts of raw data gathered from the UI/APIs of various SaaS applications in use or via SIEMs, get a consolidated and comprehensive view of your entire SaaS risk exposure—along with measurable ways to improve your posture.
No agents, no SDK. Start seeing value in 10 minutes: With Extend, you will be able to discover and scan for users, data exposed, and permissions across all federated applications within minutes. Unlike SDKs and agents which are complex to build and deploy, empower your SecOps teams to collaborate with application teams to visualize issues and remediate risks in a timely manner.
Monitor user activity across connected services: From a single interface, understand how your users are behaving in different applications. Use these analytics for robust threat detections that span your entire SaaS estate.
Each day this week, we launched a new product or feature that is designed to help security and governance teams measurably increase the SaaS security and compliance posture of their organizations. While the launch of Obsidian Extend is one giant leap in that direction, we are only getting started.
Security teams also need to effectively respond to SaaS security threats in near real-time and to do so, they need a complete and continuous understanding of application activity—which users and integrations are accessing their environment, what they’re doing, and when they’re behaving in a way that’s risky, unusual, or outright malicious. And they need this for all applications in their environment.