SaaS Security in a Modern World

As a fully cloud-based SaaS company, the team needed an effective solution for posture management. Relying on SIEM wasn’t cutting it for securing SaaS environments. To gain actionable insights, a security expert was required, and even then, setting up detections and extracting logs from data platforms was a complex and manual task. The evolving threat landscape added to the challenge, bringing in new risks like advanced spear-phishing attacks and the growing use of generative AI tools in the workplace.

‍

“When we started on our SaaS journey, we evaluated many other solutions on the market. But what really excited us about Obsidian was its incident response capability. Dealing with threats is part of the company’s DNA.”

‍

The Obsidian Security Solution

Obsidian Security delivered a comprehensive solution with out-of-the-box integrations and threat detections. This enabled the team to proactively strengthen their security posture and respond to emerging threats. Additionally, the solution offered full visibility into third-party integrations that were unnecessarily increasing risk. 

Moreover, as the organization scaled from start-up mode to an enterprise-grade security posture, it accumulated significant tech debt. Obsidian helped the team identify and prioritize efforts to reduce this debt, ensuring more efficient and effective security management.

‍

“Getting logs out of data platforms is usually like pulling teeth. But with Obsidian, we had all the integrations in place, ready to go, and big catalog of threat detections out-of-the-box. The technology is a force-multiplier for us.”

‍

An In-Browser Approach to Security

The team recently achieved two major successes with Obsidian Security. Last year, phishing emails were sent to employees at their sister company, bypassing their email security solutions without detection. However, as soon as a user clicked a link, Obsidian immediately alerted the team. Within 30 minutes, the SOC quarantined the emails, blocked access, and reset passwords. 

Additionally, the team has implemented significant workflows to reduce the risk of data leakage posed by generative AI. During the Cyberhaven incident in December, Obsidian not only identified the Cyberhaven extension involved but also discovered all other extensions present in the environment. Of the six extensions found, five incorporated generative AI. Concerned about their data being accessed by these extensions, the team used Obsidian to proactively block unauthorized AI usage and safeguard their data.

‍

"A spear phishing email was sent to the inboxes of our sister company. It bypassed their email security completely undetected. But as soon as a user clicked on the link, we got an alert from Obsidian. Within minutes, the team was able to quarantine those emails and block the websites."

‍