Threat Discovery and Hunting

DETECT AND REMEDIATE BREACHES AND THREATS
Threat detection in SaaS environments is hard. SaaS applications are inherently multi-cloud environments. Salesforce, G Suite, Slack and other apps have unique models of identity and access, and keep information about privileges and activity in silos. Obsidian gives you unified visibility for threat detection, breach remediation, and security hardening with no production impact. Obsidian detects indicators of anomalous logins, SaaS persistence, data exfiltration, lateral movement, OAuth token abuse, and other threats. Investigate and remediate breaches and threats quickly.

SINGLE-PANE VISIBILITY OF ACCOUNT ACTIVITY IN SAAS APPLICATIONS
Discover, investigate, and remediate external and internal threats in your SaaS environment using consolidated visibility and machine learning powered analytics.

Alerting on malicious techniques/TTPs
Get alerts on a wide range of threats out of the box without any required configuration. Are employees downloading an unusual amount of data from Salesforce? Logging in using a Tor browser? Are you seeing an alarming number of unsuccessful logins on a particular account? How about logins from an unfamiliar geo? Obsidian alerts cover well known malicious posturing and attempted attacks, and are sorted by severity level.

Location logging
Monitor where users are logging from. Investigate unusual logins and activity for signs of account compromise.

Activity view for threat hunting
Get proactive about detecting undiscovered threats in your SaaS environment using the consolidated view of privileges and activity and context around location, event type, ISP, devices, privileges, access history, and more.