Insider Threat Detection

Detect Insider Threat and Access Misuse Early

There is more to insider threat than employees taking customer lists with them when they quit. Accidental data exposure, unintentional privilege elevation, and inappropriate information sharing can all result in insider threat. How do you stop insiders from stealing or leaking sensitive data, creating backdoor accounts, or weakening security by changing configurations? Obsidian lets you know who your users are, who has privileges, and what they are doing in SaaS apps. Capture activities for analysts to rewind the tape if you need an audit trail.

Access Inventory

Get an inventory of all accounts, roles, and privileges associated with each user as well as activity in SaaS applications. Obsidian stitches together SaaS identities by aggregating and normalizing account, privilege and activity data from applications.

Consolidated privileged activity monitoring

User Activity Monitoring

Monitor the activity of specific users and/or privilege levels. Obsidian gives you a consolidated view of activity across SaaS applications with the ability to filter and search for users, privileges, activity types, locations, IP addresses, and more to aid in hostile termination scenarios and internal investigations.

Data Export for Analysis and Reporting

Filter the activity to see what an individual user did, and export the data for analysis and reporting.

Alerts on Anomalous Behavior

Obsidian analyzes activity at the individual, peer group and organization level to detect anomalies and flag risky or suspicious behavior. The solution uses a combination of factors, such as the volume and frequency of file downloads,  devices and browsers used, and locations to analyze activity and credibly flag insider threats. The platform updates its understanding of typical behavior within the organization to offer continuously improving alerts.