The default tokens on some of the most prevalent applications extend from one day to several weeks, giving attackers persistent access to our environment. Detecting and stopping abnormal access in minutes is critical for us to meet our service level agreements.
Vice President of Information Security
Mass Media Company
The Challenge
Tokens Make Access to Apps Easier for Users, Same for Attackers
1-in-3 Attacks Use Attacker in the Middle (AiTM) Frameworks
Token Compromise is Harder to Detect Since Attackers Mimic Users to Stay Hidden
The Obsidian Approach
ML-based detections
- Gain a normalized view of identities to help detect suspicious behavior across apps
- Identify anomalous user behaviors across various phases of the kill chain
- Thwart attacks using AiTM frameworks like Evilginx
- Gain deeper context to pivot investigations using explainable ML models
Rule-based detections
- Accelerate investigations with out-of-the-box rules mapped to the MITRE ATT&CK framework
- Benefit from detection rules informed by hundreds of IRs
- Define, test, and deploy custom rules to tailor detection for specific needs
- Understand expected alert volume through automated backtesting
- Fine-tune rules based on risk factors such as terminated employees
Respond with context
- Simplify SecOps workflows with months of searchable SaaS logs available in a human-readable format
- Pivot and hunt with contextual insights, including IP, user, event type, and more
- Baseline understanding with context on normal behavior for a user
- Analyze identities and activity across SaaS apps to enhance incident response
- Start with tailored remediation steps to accelerate response efficiency
Other SaaS Identity Security Use Cases
Prevent SaaS Spear Phishing
Prevent advanced SaaS phishing attacks from stealing sensitive business data.
Detect Threats Pre-Exfiltration
Detect and respond to attacks like SSPR and social engineering before data exfiltration.