Obsidian Security — The first truly comprehensive SaaS security and compliance solution built for the applications that drive your business

There’s a paradigm shift happening in SaaS security. Applications are entrusted with more sensitive business data than ever before, driving bad actors to target these services more frequently — and creating a sense of urgency for security leaders. Across an organization, there can be hundreds of individual applications in use, but it’s only a short list of widely used business-critical applications that hold the majority of this sensitive information. Protecting these core applications is absolutely a top priority. Still, security teams often lack the resources, tools, and expertise needed to do so effectively.

Obsidian Security is the first truly comprehensive security and compliance solution built for SaaS. It analyzes state, privilege, and activity data within and across core applications to help security teams harden their security posture, reduce risk, and mitigate threats early on. Obsidian connects to the services that companies rely on most, including Google Workspace, Microsoft 365, Salesforce, and Workday, to help security teams confidently protect them.

Obsidian was founded by experienced cybersecurity veterans from Carbon Black and Cylance. The company is led by a team with extensive experience delivering world-class cybersecurity and enterprise software and is backed by Greylock Partners, Wing, Norwest Venture Partners, and GV. Glenn Chisholm (Co-founder and CPO) shares Obsidian’s vision and sheds light on their unique approach to SaaS security.

Q. What led you to create Obsidian?

After years of developing next-generation endpoint solutions, we saw an even more significant challenge around managing SaaS security. It was clear to us that companies had a big gap in their security stack when protecting SaaS. While security teams had put a front door in place with IAM and CASB, they were blind to what was happening inside their applications. Obsidian goes beyond proxies and authentication to look within and across your core applications, giving security teams an unprecedented, holistic view of their environments and helping them make more informed decisions around posture hardening and threat response.

It was important to us that Obsidian could deliver value in minutes, right out of the box, without requiring that your security team deploy any agents or write any custom rules. That’s why we include detections and rulesets informed by our research and industry best practices.

Q. How does the Obsidian solution work?

The first step is to retrieve state, activity, and privilege data across business-critical applications. With our team’s deep expertise in each connected service, we normalize and enrich data pulled from each application, resolving identities, adding threat intel, and leveraging other important contexts. The result is a proprietary knowledge graph that provides an excellent baseline for threat detection.

The activity is interpreted using machine learning and statistical analysis to detect account compromise, insider threats, data leaks, and risky behavior. We’re continually refining these models with data from across our diverse customer base to improve their accuracy and drive down false positives.

Outputs from these advanced models become actionable, high-fidelity recommendations for security teams. That means providing suggestions on configurations and privileges that can optimize your organization’s overall security posture. It also means rapid anomaly detection, enabling your security team to identify and mitigate threats early on before sensitive data is exfiltrated.

Q. What makes Obsidian different from existing application security solutions?

Security in the cloud is a shared responsibility. In the world of SaaS, the application provider secures the underlying physical infrastructure, network, OS, and application. The onus is on the customer to manage the users, devices, and data related to the service. Traditional security solutions provide an effective front door, but they don’t look inside the application for data that is essential to comprehensive SaaS security.

IAM solutions provide a better employee experience while preventing unauthorized access incidents. However, they don’t offer much beyond the first line of defense and need to be complemented with solutions that offer deeper application insights. CASBs effectively examine data in transit but still can’t offer activity monitoring and cross-application insights necessary to identify insider threats or stop breaches before data exfiltration.

SIEMs are effective at centralizing event data across all security concerns, but even with a robust log stream, companies need a deep understanding of each application and machine learning models to identify insights across interconnected environments.

Obsidian is the first to deliver a truly comprehensive solution that complements your existing security stack to mitigate threats and reduce enterprise risk.

Q. How exactly does Obsidian help improve security posture?

Obsidian encourages security teams to proactively harden their application configurations and right-size privileged roles across the environment. This helps minimize enterprise risk while promoting better compliance and adherence to security best practices.

Obsidian creates a single inventory for all your granular security controls typically distributed across multiple applications, submenus, and consoles. We identify opportunities for immediate improvement while monitoring your preferred settings to ensure they don’t fall out of line. At the same time, Obsidian examines the distribution of privileges across your applications to highlight unused or overly privileged roles and suggest remediation. Our customers have consistently been able to identify and remedy previously unknown gaps in their application security.

Q. What do you mean by “identifying and mitigating threats early on?”

As mentioned earlier, many existing SaaS security solutions are focused on traffic inspection to identify potential breaches. By the time they prompt a security team response, there’s a good chance that sensitive data has already been exfiltrated from your organization. Because Obsidian is continually baselining user activity within and across applications, we can detect the anomalies that often serve as early warning signs of malicious activity. Our high-fidelity alerts enable much faster response and gives your security team the chance to mitigate threats in early reconnaissance stages before persistence is established, and data is on its way out.

With Obsidian’s deep, contextual understanding of identity, your team will also have an easier time ascertaining the impact of a breach. This facilitates reporting on key details like the level of privilege for a compromised account, the list of files that may have been accessed, and a record of all significant actions taken across your core applications. Our customers have used Obsidian’s detection capabilities to identify and stop several threats, including external attack campaigns against the organization, foreign actors changing employees’ banking information without their knowledge, and departing employees exfiltrating highly sensitive reports.

Q. How does Snowflake use Obsidian?

Snowflake is more than just a strategic partner — their security team relies on Obsidian to better protect their SaaS environment. Mario Duarte, the Vice President of Security at Snowflake, credits Obsidian with helping his team quickly understand who is accessing business-critical applications, when they are using them, and what exactly is being done. Before, Snowflake’s security team would spend months researching each new application and building individualized alerts.

Meet the Co-Founder

Glenn Chisholm co-founded Obsidian Security in 2017 and serves as the Chief Product Officer. Prior to Obsidian Glenn was the CTO of Cylance, a next-generation endpoint security company, and CISO of Telstra, the leading Asia-Pacific telecommunications provider.