Poor Visibility Hinders Detection and Response
Organizations are moving their business systems, including email, collaboration, HR, sales, marketing and operations to the cloud. Attackers are increasingly using credential stuffing, social engineering and spear phishing against users and services to gain access to cloud resources Without consolidated visibility into what users have access to and what they are doing, security teams are unable to detect, investigate, and respond to threats and incidents in cloud applications and services quickly.
Protect Your Cloud Applications with Obsidian
Obsidian protects SaaS and cloud services from account takeover, insider threat and poor security hygiene. The Obsidian solution continuously monitors and analyzes activity, access and entitlements to provide a holistic view of threats and risks at the user, organization, and application levels. Security teams see prioritized alerts that surface the most pressing security and posture concerns in the cloud. Using Obsidian, organizations can detect and proactively hunt for emerging threats, investigate and respond to incidents, and preempt attacks by continuously enforcing a strong security posture.
HOW IT WORKS
Obsidian continuously collects, normalizes and enriches data about service configurations, accounts, privileges, and activity from SaaS and cloud services. By aggregating and analyzing data on what users can access and what they have done, Obsidian identifies and alerts on suspicious activity and security risks.
Obsidian generates alerts based on policy violations and risky behavior informed by machine learning analytics and rules. These alerts help SOCs distill the signal from the noise so they can prioritize their efforts. Obsidian continuously learns from individual and group behavioral patterns around how they are accessing digital assets. Are particular patterns of access risky or suspicious? Should they be allowed? Do some users have privileges beyond what is typical in their peer group? Can privileges be adjusted to reduce security risk?
Obsidian automatically extracts accounts, privileges, configurations and activity from applications and cloud environments, normalizes the data, and enriches it with threat intelligence and context.
OBSIDIAN PLATFORM CAPABILITIES
Obsidian delivers observability of accounts, privileges, and activity across cloud applications and services. Continuously monitor what users and service accounts are doing and be alerted to threats and hygiene issues. Right-size access and privileges based on usage.
- Centralized activity monitoring across cloud applications and services
- Powerful search and filtering to find users, applications, and data of interest
- Visibility at different levels of granularity (zoom in/zoom out)
- Automatic retrieval and storage of data from cloud services with just a couple of clicks
- Normalized data model available to download via API – it’s your data; use it as you want to.
The Obsidian platform generates alerts to help identify risky behavior, policy violations, and potential attacks based on rule-based triggers and machine learning. In addition, the platform also aggregates alerts from the applications it monitors.
- Built-in rules to alert on risky behavior, policy violations, and anomalous activity
- Machine learning models that flag unexpected or outlier behavior
- Prioritized alerts to reduce alert fatigue for overburdened security teams
- Remediation recommendations that guide to successful response
Obsidian implements rich analytics built on the Obsidian Identity Graph that enables effective identity posture management, cloud threat detection and privileged activity monitoring. Get unique insights around application usage, emerging threats and risky behavior.
- Reports and dashboards tailored to the needs of different people in the organization
- Insights at the individual, peer group, and organizational level
- Data visualizations that convey rich information in intuitive ways
- Ability to customize reports based on needs
Obsidian provides a consolidated view into what users have done in cloud applications and services. Using this, organizations can effectively investigate incidents, gather evidence to support incident response efforts, and prove enforcement of user access policies such as separation of duty (SoD) for compliance and governance.
- Uniform single-pane view of user and account activity across applications and services
- Ability to filter and search by user, timeframe, location, and application, etc.