Obsidian Security’s mission is to empower businesses to securely utilize Software-as-a-Service (SaaS) applications. The company aims to provide comprehensive security for business-critical SaaS applications, safeguarding clients’ digital assets through innovation and expertise. Its goal is to be a global leader in cybersecurity by setting new standards for excellence in the industry. Obsidian Security focuses on providing visibility, proactive defense, and data protection for its clients’ SaaS environments.
Obsidian Security has established itself as a key player in the SaaS Security Posture Management (SSPM) market. The company is recognized for its ability to help organizations manage and improve the security of applications like Microsoft 365, Salesforce, and Workday. Obsidian Security is trusted by notable Fortune 500 companies and has formed strategic partnerships with major incident response firms. The company’s approach of offering deep visibility and control over SaaS environments has been well-received by customers.
Offerings, Capabilities, and Integrations
Obsidian Security provides a comprehensive SaaS (Software as a Service) security platform designed to protect businesses from threats and risks within their cloud-based applications. The company’s platform offers unified visibility and protection across both IaaS and SaaS environments. Obsidian Security’s core competency lies in identifying threats to business SaaS applications and helping companies rectify configuration weaknesses. The platform is built to address the entire SaaS attack surface, covering posture management, integration management, and threat mitigation. This is accomplished through a unified solution that combines SaaS Security Posture Management (SSPM), shadow SaaS discovery and management, compliance and governance, privileged identity management, and API integration risk management.
A key capability of Obsidian Security is its use of an “Obsidian Knowledge Graph,” which maps the relationships between applications, users, and data to provide contextual insights. This is combined with machine learning models trained on extensive SaaS threat data to detect and stop attacks. The platform continuously baselines user activity to identify malicious behavior indicative of account compromise or insider threats. Obsidian Security’s platform is agentless, connecting to applications via APIs for rapid deployment. It integrates with major SaaS applications such as Microsoft 365, Google Workspace, Salesforce, Workday, and ServiceNow. Obsidian Security also partners with other security providers like CrowdStrike and SentinelOne to offer unified threat protection across endpoints and SaaS environments.
Products and Services
Obsidian Security’s offerings are centered around its comprehensive SaaS security platform. The platform’s services can be categorized into several key areas:
- SaaS Security Posture Management (SSPM): This is a flagship offering that helps organizations proactively improve their application security by identifying and tightening security configurations and reducing excessive user privileges. It includes automated risk assessments to find vulnerabilities and misconfigurations.
- Identity Threat Detection and Response: Obsidian Security focuses on protecting SaaS identities, which it identifies as a primary target for cyberattacks. The platform uses advanced AI and machine learning to detect and neutralize identity-based threats, including account compromise and insider threats. This includes stopping attacks like spear-phishing and those that bypass multi-factor authentication.
- Shadow SaaS and AI Management: A recently launched browser extension helps businesses discover and manage shadow SaaS and AI applications being used by employees. This capability provides real-time insight into unapproved applications and helps block access to high-risk ones.
- SaaS Integration Risk Management: The platform discovers and manages third-party application integrations, identifying those that are risky or unnecessary to govern data movement and reveal hidden SaaS usage.
- Compliance and Governance: Obsidian Security automates the process of mapping security controls to compliance frameworks and auditing for adherence to internal policies and industry regulations.
Target Customers
Obsidian Security’s target market consists of medium to large enterprises that heavily rely on SaaS applications to run their business operations. The company specifically focuses on organizations that use multiple major SaaS platforms such as Salesforce, Workday, ServiceNow, Microsoft 365, and Google Workspace. Its customer base includes global enterprises, Fortune 500, Fortune 1000, and Global 2000 companies across various industries, including technology, financial services, and healthcare. Notable customers include Snowflake, T-Mobile, and Pure Storage.
These target customers benefit from Obsidian Security’s platform by gaining centralized visibility and control over their complex SaaS environments. This helps them to reduce the attack surface of their SaaS applications, often by a significant margin. By automating posture management and compliance, security teams can save time and resources. The platform’s threat detection and response capabilities enable faster incident response times, helping to mitigate the impact of breaches. For mid-sized enterprises, Obsidian offers a lightweight browser extension as a starting point for SaaS security, which can be expanded as their needs grow. Ultimately, Obsidian Security aims to allow these organizations to innovate and adopt new SaaS and AI technologies securely.
Cloud Integrations and Marketplaces
Obsidian Security offers a range of integrations with major cloud platforms and is available on multiple cloud marketplaces. The company’s platform is designed to provide security for SaaS applications by connecting to them via APIs to analyze data and detect threats.
- Google Cloud Platform (GCP): Obsidian Security’s SaaS security solution is available on the Google Cloud Marketplace. This allows customers to purchase and deploy Obsidian’s products using their GCP committed spend. The integration focuses on securing Google Workspace environments, managing configurations, and protecting against identity-based threats and risks from third-party integrations.
- Amazon Web Services (AWS): Obsidian Security’s platform is available on the AWS Marketplace. This enables AWS customers to procure the Obsidian solution directly through the marketplace and have it included in their AWS bill. The platform provides unified visibility and protection across both IaaS and SaaS environments. It connects with leading SaaS applications to aggregate data on access and activity, using analytics to detect various security risks.
- Microsoft Azure: Obsidian Security integrates with Microsoft 365 and Microsoft Azure. While there are setup guides for organizing resources within Azure, a direct listing on the Azure Marketplace was not explicitly found in the search results. The platform’s integrations extend to monitoring and securing Microsoft 365 environments.
Beyond the major cloud providers, Obsidian Security also integrates with a variety of other SaaS applications and security platforms to provide comprehensive threat detection and response. These include integrations with Salesforce, Workday, ServiceNow, GitHub, Slack, and Zoom. Obsidian Security also partners with other security companies like CrowdStrike and SentinelOne, with its solution being available on their respective marketplaces to provide unified threat protection across endpoints, the cloud, and SaaS applications.
Key People
- CEO: Hasan Imam
- Co-Founder and Board Member: Glenn Chisholm
- Chief Technology Officer: Xinran Wang
- Chief Product Officer: Khanh Tran
- Co-Founder & Chief AI Officer: Matt Wolff
- Chief Revenue Officer: Brian Murphy
- Head of Finance: Chithra Rajagopalan
- Chief Legal Officer: Paul Luongo
- Chief Information Security Officer: Alfredo Hickman
- VP of Go-to-Market (GTM) Strategy: Alison Tierney
- Field Chief Technology Officer: Corey Elinburg
- VP of Revenue Marketing: Tina Lei
Key Facts
- Headquarters: Newport Beach, California.
- Number of Employees: 200-250.
- Annual Revenue: $45.4M.
- Parent Company: None.
- Subsidiary Companies: None.
- Publicly Listed: No.
Analyst Recognition
Obsidian Security has been recognized by the following analyst groups:
- Forrester: Obsidian Security was named a Strong Performer in The Forrester Wave™: SaaS Security Posture Management, Q4 2023. Forrester acknowledged Obsidian Security as a vendor that offers a “single, modular platform” for SaaS Security and Posture Management (SSPM). The firm gave Obsidian Security’s Posture Management module the highest possible scores in the configuration drift detection and SaaS app configuration templates criteria. Its Integration Risk Management module received the highest possible score in the connected apps criterion, and its Advanced Threat Mitigation module received the highest score possible in the IAM administration criterion.
- Gartner: Obsidian Security was included as a representative vendor in the emerging SaaS Security Posture Management (SSPM) category.
There is no publicly available information recognizing Obsidian Security in reports from IDC or Everest Group.
