The default tokens on some of the most prevalent applications extend from one day to several weeks, giving attackers persistent access to our environment. Detecting and stopping abnormal access in minutes is critical for us to meet our service level agreements.


Vice President of Information Security

Mass Media Company

The Challenge


Tokens Make Access to Apps Easier for Users, Same for Attackers


1-in-3 Attacks Use Attacker in the Middle (AiTM) Frameworks


Token Compromise is Harder to Detect Since Attackers Mimic Users to Stay Hidden

The Obsidian Approach

shared-dev.dev.obsec.us_alerts_investigate_137947 (1)

ML-based detections

  • Gain a normalized view of identities to help detect suspicious behavior across apps
  • Identify anomalous user behaviors across various phases of the kill chain
  • Thwart attacks using AiTM frameworks like Evilginx 
  • Gain deeper context to pivot investigations using explainable ML models
shared-dev.dev.obsec.us_posture_management_compliance (6) (1)

Rule-based detections

  • Accelerate investigations with out-of-the-box rules mapped to the MITRE ATT&CK framework
  • Benefit from detection rules informed by hundreds of IRs 
  • Define, test, and deploy custom rules to tailor detection for specific needs
  • Understand expected alert volume through automated backtesting
  • Fine-tune rules based on risk factors such as terminated employees
shared-dev.dev.obsec.us_posture_management_compliance (5) (1)

Respond with context

  • Simplify SecOps workflows with months of searchable SaaS logs available in a human-readable format
  • Pivot and hunt with contextual insights, including IP, user, event type, and more
  • Baseline understanding with context on normal behavior for a user 
  • Analyze identities and activity across SaaS apps to enhance incident response
  • Start with tailored remediation steps to accelerate response efficiency

Other SaaS Identity Security Use Cases

Prevent SaaS Spearphishing

Prevent advanced SaaS phishing attacks from stealing sensitive business data.

Detect Threats Pre-Exfiltration

Detect and respond to attacks like SSPR and social engineering before data exfiltration.