Protect against malicious and compromised insider threats

As organizations move critical business systems to SaaS, insider threats are on the rise. Not all insider threats are driven by malicious intent. Accidental data exposure, unintentional privilege elevation, and inappropriate information sharing can all result in insider threat. How do you stop insiders from stealing or leaking sensitive data, creating backdoor accounts, or weakening security by changing configurations? Security teams need unified visibility and continuous monitoring to detect inappropriate insider activity.

Obsidian gives you situational awareness, monitoring, and detection capabilities to credibly find and stop insider threats. Obsidian lets you know who your users are, who has privileges, and what they are doing in SaaS applications at all times. Powerful rule-based and probabilistic detections shine a light on suspicious, dangerous, an inappropriate behavior. You can capture SaaS activities so that analysts and investigators can rewind the tape if they need an audit trail.

  • Privilege monitoring

  • Consolidated activity

  • Threat detection

Access and Privileges

Get a list of accounts that a user has across all monitored SaaS applications, as well as an inventory of privileges associated with users in each SaaS application.

Access and Privilege Risks

Use powerful built-in analytics to discover identity and access risks, such as users with excessive privileges, accounts without MFA, or using basic authentication.

User activity monitoring

Monitor the activity of specific users and privilege levels. Use the powerful built-in search to look for activity tied to users, privileges, activity types, locations, IP addresses, and more to aid in hostile termination scenarios and internal investigations.

Advanced threat detection

Obsidian offers powerful out-of-the-box alerts based on deterministic rules as well as behavior analytics. So whether someone is creating additional admin accounts or downloading a higher than usual number of files, you will know. Obsidian uses a combination of factors, such as the volume and frequency of file downloads,  devices and browsers used, and locations to analyze activity and credibly flag insider threats.

Usage Report

Active vs Inactive Accounts

Inactive accounts with access increase security risk and costs. Get an at-a-glance view of active and inactive accounts by service, with historical changes in activity level. Clean up inactive accounts to improve identity hygiene.

Configuration Management

Misconfigurations increase the risk of insider threats. Continuously monitor configurations and detect settings that weaken the security posture of your most critical SaaS applications. Obsidian provides best practice configuration recommendations to help security teams achieve a strong security posture.

RSAC Innovation Sandbox Finalist

Hear Obsidian co-founder and CTO Ben Johnson give a 3-minute overview of Obsidian at the RSAC 2020 Innovation Sandbox contest.