Threat Discovery and Hunting

DETECT AND REMEDIATE BREACHES AND THREATS

Threat detection in SaaS environments is hard. SaaS applications are inherently multi-cloud environments. Salesforce, G Suite, Slack and other apps have unique models of identity and access, and keep information about privileges and activity in silos. Obsidian gives you unified visibility for threat detection, breach remediation, and security hardening with no production impact. Obsidian detects indicators of anomalous logins, SaaS persistence, data exfiltration, lateral movement, OAuth token abuse, and other threats. Investigate and remediate breaches and threats quickly.

Activity timestream
Activity timestream

SINGLE-PANE VISIBILITY OF ACCOUNT ACTIVITY IN SAAS APPLICATIONS

Discover, investigate, and remediate external and internal threats in your SaaS environment using consolidated visibility and machine learning powered analytics.

Alerts

Alerting on malicious techniques/TTPs

Get alerts on a wide range of threats out of the box without any required configuration. Are employees downloading an unusual amount of data from Salesforce? Logging in using a Tor browser? Are you seeing an alarming number of unsuccessful logins on a particular account? How about logins from an unfamiliar geo? Obsidian alerts cover well known malicious posturing and attempted attacks, and are sorted by severity level.

Location Logging

Location logging

Monitor where users are logging from. Investigate unusual logins and activity for signs of account compromise.

Activity timestream

Activity view for threat hunting

Get proactive about detecting undiscovered threats in your SaaS environment using the consolidated view of privileges and activity and context around location, event type, ISP, devices, privileges, access history, and more.