
Overview
Obsidian Security, the pioneer in SaaS Security, provides 360 security for your entire SaaS estate. SaaS applications are critical for all businesses, holding sensitive business data and powering crucial business decisions. Securing the SaaS footprint is imperative for all businesses, especially in light of a growing body of regulations focused on data security and privacy.
Obsidian Security helps customers accomplish:
Identity Security: Prevent cyberattacks on SaaS identities, which constitute 82% of attacks, by quickly detecting and neutralizing threats, blocking spearphishing, and improving incident response.
Data Governance: Manage the risk from the vast number of applications and integrations by discovering all third-party integrations, identifying risky or unnecessary ones, governing data movement, and revealing hidden SaaS usage.
Application Posture: Enhance breach prevention by reducing excessive user privileges, preventing configuration drift, and automating compliance efforts to navigate the complex threat landscape targeting SaaS platforms.
Obsidian Security is the only SaaS security solution to provide application posture, data governance, and identity security all in a single modular platform. This unified approach streamlines SaaS security by minimizing risk across your entire SaaS estate.
Highlights
- Active threat detection to prevent cyberattacks on SaaS applications
- Data Governance covering SaaS app to app data movement
- Reduce third party integration risk and automate SaaS application compliance
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
|---|---|---|
Obsidian SaaS Security Platform | Comprehensive SaaS Security Platform Price Per User | $100.00 |
Vendor refund policy
All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.
Custom pricing options
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
You can log a support ticket by emailing the support team. support@obsidiansecurity.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.


Standard contract
Customer reviews
Incident investigations have become faster and deeper but interface and automation still need work
What is our primary use case?
Obsidian Security 's main use case is to support incident response investigations. Once my company takes on an investigation, we deploy Obsidian Security and first assess whether clients use Software as a Service applications and if those applications are supported by Obsidian Security. If they are, we use that solution and deploy it in the client's environment to perform an assessment. We primarily use it to assist with clients that use Microsoft 365 in their environment. One of the main focuses is when business email compromise investigations are ongoing, and we deploy Obsidian Security to supplement any form of logs that we have collected so that it can provide us with actionable insights, ongoing alerting, and recommendations on how to harden their environment.
One of the most recent situations I can recall involves a business email compromise where a threat actor used a phishing campaign to compromise an email account or an M365 account and gain access to the client's environment. Once we deployed Obsidian Security in the environment, we quickly assessed the available log data and identified alerts such as impossible travel, suspicious users, and users with the highest anomalous activity. We gained great insights into how they compromised those user accounts and were able to pivot using that information. Finally, with almost every case where there is a business email compromise, if the client has M365 or a similar supported Software as a Service application, we use Obsidian Security's recommendations for hardening their environment. This way, we add value to our investigation and report to the client by helping them shore their defenses and ensure a more secured environment.
What is most valuable?
Obsidian Security provides a large number of well-known Software as a Service application integrations, which was one of the reasons why my company decided to use it. The integrations were easy to implement, and they had great and detailed walkthroughs on how to set up the integrations. There was also great support from their team, and the alerting around it, such as the rules, were well-defined. My favorite part, which I have mentioned multiple times, is the security recommendations on how to harden your environment. I remember one specifically that would repeatedly report that a client had too many global administrators in their environment, and these can be adjusted to change the required thresholds. Overall, it gives the client some customizability while still providing important information to help them understand their security risks and assess based on their risk appetite.
Obsidian Security positively impacts my organization by helping clients get more value from my investigations and engagements. My investigations are easier because Obsidian Security provides me with additional insight that allows me to quickly pivot based on the alerts and recommendations provided.
What needs improvement?
Obsidian Security's platform could offer more automated integrations. I know it is not easy because Obsidian Security supports Software as a Service applications that have different setup processes, so it is not a straightforward, one-size-fits-all solution for getting the integrations going. However, if it could be easier, that would enhance the user experience, although I did not find it particularly challenging overall. Additionally, if it could be set up to be more incident response-friendly, providing more capabilities that allow for deeper investigation and correlation across different log sets, that would be beneficial.
The user interface is important, and I think there is room for improvement there.
For how long have I used the solution?
I have used Obsidian Security for about a year and a half.
What do I think about the stability of the solution?
Obsidian Security is stable as far as I am aware.
What do I think about the scalability of the solution?
Neither we nor our clients purchased Obsidian Security through the AWS Marketplace .
How are customer service and support?
Customer support for Obsidian Security is great. I have no issues there; they are very responsive, helpful, and knowledgeable.
Which solution did I use previously and why did I switch?
We did not use a different solution before.
How was the initial setup?
Regarding the integration process, I found it was pretty straightforward. Each integration we used was supported by detailed walkthroughs. There was one where if you did not follow the steps, such as when onboarding Microsoft 365 applications, you would mess up the process. It is important to read the details, but overall, I found them to be very detailed, repeatable, and updated regularly. Obsidian Security team supported us if we had any questions. Regarding the security hardening recommendations, it is not just about assisting the investigation; it is about providing the client with additional value. Many times, even if they do not have a SaaS breach, they still walk away with information about how to improve their SaaS applications. There might have been misconfigurations or unused accounts they were not aware of, accounts without MFA protection, and things of that nature. It always provides additional value to our clients when we can offer that information.
What about the implementation team?
I found it easier to identify investigations involving multiple compromised accounts with Obsidian Security. It was easier to identify all the accounts involved in the breach, reducing the amount of time it took to perform the investigation, especially for Microsoft 365 breaches, which are quite common in my company and are fixed-rate. The less time spent on them, the better. Obsidian Security really provides significant value because if you can quickly identify all the malicious activity and run down the investigation, you will not have to overbill and waste money due to extra time spent digging on a fixed-rate matter. Overall, it speeds up many investigations by providing insights that normally would not be readily available using traditional collection methods.
What was our ROI?
There is a cost savings from management's perspective initially because we can cut down investigation time and free up resources for different types of cases requiring staffing. Thanks to the insights provided by Obsidian Security, we can quickly run through an investigation that might have previously taken a few days, reducing it to a day or less at times.
What's my experience with pricing, setup cost, and licensing?
Unfortunately, I was not very familiar with the pricing, setup cost, or licensing because it was handled by management. I cannot comment on that.
Which other solutions did I evaluate?
I am not aware of what was evaluated or whether there was an evaluation prior to choosing Obsidian Security.
What other advice do I have?
I would advise others looking into using Obsidian Security to give it a shot. It is a very helpful tool, especially if you are in a consulting practice or a company with one or more Software as a Service applications in your environment. It is critical to have some form of platform of this nature, and Obsidian Security does a great job of providing visibility and actionable insights into securing your environment and understanding what is going on in there. The initial relationship provided a trial for all my clients, and we would determine if the client was interested in going further, which suggests a partner or reseller relationship. My overall rating for Obsidian Security is seven out of ten.