Visibility Gap Hinders Cloud Detection and Response
Critical business systems like email, collaboration, sales, and marketing are moving to SaaS and cloud services. Adversaries have successfully migrated their attack campaigns to target SaaS accounts. Security programs are poorly equipped to detect, respond, and protect in this new battlefield. Even the most advanced preventive cloud security controls cannot stop tenacious attackers intent on getting to valuable cloud assets. Defenders lack continuous visibility into access and activity needed to tackle breaches and threats.
Protect Your Cloud Applications with Obsidian
Obsidian is the industry’s only cloud detection and response (CDR) solution. Obsidian continuously monitors cloud applications to detect and respond to threats rapidly, without friction. Security teams can quickly investigate breaches, uncover insider threats, and harden the security of their cloud environments with no negative impact to production and productivity.
HOW IT WORKS
Obsidian continuously collects, normalizes and enriches data about service configurations, accounts, privileges, and activity from SaaS and cloud services. By aggregating and analyzing data on what users can access and what they have done, Obsidian identifies and alerts on suspicious activity and security risks.
Obsidian generates alerts based on policy violations and risky behavior informed by machine learning analytics and rules. These alerts help SOCs distill the signal from the noise so they can prioritize their efforts. Obsidian continuously learns from individual and group behavioral patterns around how they are accessing digital assets. Are particular patterns of access risky or suspicious? Should they be allowed? Do some users have privileges beyond what is typical in their peer group? Can privileges be adjusted to reduce security risk?
Obsidian automatically extracts accounts, privileges, configurations and activity from applications and cloud environments, normalizes the data, and enriches it with threat intelligence and context.
OBSIDIAN PLATFORM CAPABILITIES
Obsidian delivers observability of accounts, privileges, and activity across cloud applications and services. Continuously monitor what users and service accounts are doing and be alerted to threats and hygiene issues. Right-size access and privileges based on usage.
- Centralized activity monitoring across cloud applications and services
- Powerful search and filtering to find users, applications, and data of interest
- Visibility at different levels of granularity (zoom in/zoom out)
- Automatic retrieval and storage of data from cloud services with just a couple of clicks
- Normalized data model available to download via API – it’s your data; use it as you want to.
The Obsidian platform generates alerts to help identify risky behavior, policy violations, and potential attacks based on rule-based triggers and machine learning. In addition, the platform also aggregates alerts from the applications it monitors.
- Built-in rules to alert on risky behavior, policy violations, and anomalous activity
- Machine learning models that flag unexpected or outlier behavior
- Prioritized alerts to reduce alert fatigue for overburdened security teams
- Remediation recommendations that guide to successful response
Obsidian implements rich analytics built on the Obsidian Identity Graph that enables effective identity posture management, cloud threat detection and privileged activity monitoring. Get unique insights around application usage, emerging threats and risky behavior.
- Reports and dashboards tailored to the needs of different people in the organization
- Insights at the individual, peer group, and organizational level
- Data visualizations that convey rich information in intuitive ways
- Ability to customize reports based on needs
Obsidian provides a consolidated view into what users have done in cloud applications and services. Using this, organizations can effectively investigate incidents, gather evidence to support incident response efforts, and prove enforcement of user access policies such as separation of duty (SoD) for compliance and governance.
- Uniform single-pane view of user and account activity across applications and services
- Ability to filter and search by user, timeframe, location, and application, etc.