Listing Thumbnail

    Obsidian SaaS Security Platform

     Info
    Deployed on AWS
    Obsidian Security, the pioneer in SaaS Security, provides unparalleled protection for business-critical SaaS applications. Harnessing the power of Obsidian Knowledge Graph, cyber incident response insights, and AI, it delivers unparalleled identity threat protection, compliance, posture management, and ensures robust data security by mitigating 3rd party integration risks with Salesforce, Workday, Office 365, Google Workspace, and other leading SaaS apps.
    3.9

    Overview

    Obsidian Security, the pioneer in SaaS Security, provides 360 security for your entire SaaS estate. SaaS applications are critical for all businesses, holding sensitive business data and powering crucial business decisions. Securing the SaaS footprint is imperative for all businesses, especially in light of a growing body of regulations focused on data security and privacy.

    Obsidian Security helps customers accomplish:

    Identity Security: Prevent cyberattacks on SaaS identities, which constitute 82% of attacks, by quickly detecting and neutralizing threats, blocking spearphishing, and improving incident response.

    Data Governance: Manage the risk from the vast number of applications and integrations by discovering all third-party integrations, identifying risky or unnecessary ones, governing data movement, and revealing hidden SaaS usage.

    Application Posture: Enhance breach prevention by reducing excessive user privileges, preventing configuration drift, and automating compliance efforts to navigate the complex threat landscape targeting SaaS platforms.

    Obsidian Security is the only SaaS security solution to provide application posture, data governance, and identity security all in a single modular platform. This unified approach streamlines SaaS security by minimizing risk across your entire SaaS estate.

    Highlights

    • Active threat detection to prevent cyberattacks on SaaS applications
    • Data Governance covering SaaS app to app data movement
    • Reduce third party integration risk and automate SaaS application compliance

    Details

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Trust Center

    Trust Center
    Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Obsidian SaaS Security Platform

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (1)

     Info
    Dimension
    Description
    Cost/12 months
    Obsidian SaaS Security Platform
    Comprehensive SaaS Security Platform Price Per User
    $100.00

    Vendor refund policy

    All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    You can log a support ticket by emailing the support team. support@obsidiansecurity.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Data Security and Governance
    Top
    50
    In Data Analytics
    Top
    100
    In Security

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    3 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Identity Threat Detection
    Active threat detection and neutralization for SaaS identities with spearphishing blocking and incident response capabilities
    Third-Party Integration Risk Management
    Discovery and governance of third-party integrations across SaaS applications with risk assessment and mitigation
    Data Movement Governance
    Monitoring and control of data movement between SaaS applications with visibility into data flows
    Application Posture Management
    Automated compliance enforcement, privilege reduction, and configuration drift prevention across SaaS platforms
    Unified SaaS Security Platform
    Integrated platform combining identity security, data governance, and application posture management in a single modular solution
    API-Based Threat Detection and Prevention
    Detects and blocks known and unknown threats across uploads, downloads, stored files, and shared content using ThreatCloud AI and behavioral analytics to identify anomalous identity activity and unauthorized data access.
    Data Loss Prevention with AI-Powered Accuracy
    Scans data at rest across connected applications including Google Workspace, Microsoft 365, Slack, Jira, Salesforce, Dropbox, Box, and GitHub using multilayer AI/ML engine with private LLMs, NLP, NER, and neural classifiers to identify sensitive data across 800+ types with high precision.
    Comprehensive SaaS Discovery and Visibility
    Automatically discovers all SaaS applications including OAuth connected apps, shadow SaaS, third-party integrations, and unmanaged plugins across the environment with continuous monitoring.
    SaaS Security Posture Management
    Continuously evaluates and monitors shadow SaaS usage, misconfigurations, compliance violations, identity anomalies, account takeover attempts, and SaaS-to-SaaS OAuth risks with configuration policies aligned to GDPR, SOC 2, ISO 27001, and NIST standards.
    Cloud-Native Deployment Architecture
    Fully cloud-native solution that deploys in minutes without requiring agents, proxies, or network changes, with automatic scaling as new SaaS apps and users are added.
    Cloud Access Security Broker
    Unified cloud access security broker (CASB) functionality providing visibility and control over access to managed and unmanaged cloud services with conditional, granular policy enforcement.
    Secure Web Gateway
    Next generation secure web gateway (SWG) capabilities delivering comprehensive threat protection for cloud and web services with context-aware access control.
    Data Loss Prevention
    Data-at-rest and data-in-motion inspection with DLP violation detection, malware scanning in cloud storage, and data exfiltration prevention to unmanaged cloud infrastructure.
    Cloud Infrastructure Monitoring
    Continuous security assessment monitoring of cloud infrastructure for risky misconfigurations including data exposure across AWS and other cloud providers with inventory and configuration visibility.
    Compliance and Remediation Automation
    Pre-defined compliance profiles aligned with CIS, PCI, and NIST standards, advanced RBAC, scheduled reporting, alert notifications, exception handling, and automated remediation capabilities accessible via REST APIs.

    Contract

     Info
    Standard contract
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    3.9
    4 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    50%
    25%
    25%
    0%
    0%
    0 AWS reviews
    |
    4 external reviews
    External reviews are from G2  and PeerSpot .
    Kemar Wilks

    Incident investigations have become faster and deeper but interface and automation still need work

    Reviewed on Jun 29, 2026
    Review provided by PeerSpot

    What is our primary use case?

    Obsidian Security 's main use case is to support incident response investigations. Once my company takes on an investigation, we deploy Obsidian Security  and first assess whether clients use Software as a Service applications and if those applications are supported by Obsidian Security. If they are, we use that solution and deploy it in the client's environment to perform an assessment. We primarily use it to assist with clients that use Microsoft 365 in their environment. One of the main focuses is when business email compromise investigations are ongoing, and we deploy Obsidian Security to supplement any form of logs that we have collected so that it can provide us with actionable insights, ongoing alerting, and recommendations on how to harden their environment.

    One of the most recent situations I can recall involves a business email compromise where a threat actor used a phishing campaign to compromise an email account or an M365 account and gain access to the client's environment. Once we deployed Obsidian Security in the environment, we quickly assessed the available log data and identified alerts such as impossible travel, suspicious users, and users with the highest anomalous activity. We gained great insights into how they compromised those user accounts and were able to pivot using that information. Finally, with almost every case where there is a business email compromise, if the client has M365 or a similar supported Software as a Service application, we use Obsidian Security's recommendations for hardening their environment. This way, we add value to our investigation and report to the client by helping them shore their defenses and ensure a more secured environment.

    What is most valuable?

    Obsidian Security provides a large number of well-known Software as a Service application integrations, which was one of the reasons why my company decided to use it. The integrations were easy to implement, and they had great and detailed walkthroughs on how to set up the integrations. There was also great support from their team, and the alerting around it, such as the rules, were well-defined. My favorite part, which I have mentioned multiple times, is the security recommendations on how to harden your environment. I remember one specifically that would repeatedly report that a client had too many global administrators in their environment, and these can be adjusted to change the required thresholds. Overall, it gives the client some customizability while still providing important information to help them understand their security risks and assess based on their risk appetite.

    Obsidian Security positively impacts my organization by helping clients get more value from my investigations and engagements. My investigations are easier because Obsidian Security provides me with additional insight that allows me to quickly pivot based on the alerts and recommendations provided.

    What needs improvement?

    Obsidian Security's platform could offer more automated integrations. I know it is not easy because Obsidian Security supports Software as a Service applications that have different setup processes, so it is not a straightforward, one-size-fits-all solution for getting the integrations going. However, if it could be easier, that would enhance the user experience, although I did not find it particularly challenging overall. Additionally, if it could be set up to be more incident response-friendly, providing more capabilities that allow for deeper investigation and correlation across different log sets, that would be beneficial.

    The user interface is important, and I think there is room for improvement there.

    For how long have I used the solution?

    I have used Obsidian Security for about a year and a half.

    What do I think about the stability of the solution?

    Obsidian Security is stable as far as I am aware.

    What do I think about the scalability of the solution?

    Neither we nor our clients purchased Obsidian Security through the AWS Marketplace .

    How are customer service and support?

    Customer support for Obsidian Security is great. I have no issues there; they are very responsive, helpful, and knowledgeable.

    Which solution did I use previously and why did I switch?

    We did not use a different solution before.

    How was the initial setup?

    Regarding the integration process, I found it was pretty straightforward. Each integration we used was supported by detailed walkthroughs. There was one where if you did not follow the steps, such as when onboarding Microsoft 365 applications, you would mess up the process. It is important to read the details, but overall, I found them to be very detailed, repeatable, and updated regularly. Obsidian Security team supported us if we had any questions. Regarding the security hardening recommendations, it is not just about assisting the investigation; it is about providing the client with additional value. Many times, even if they do not have a SaaS breach, they still walk away with information about how to improve their SaaS applications. There might have been misconfigurations or unused accounts they were not aware of, accounts without MFA protection, and things of that nature. It always provides additional value to our clients when we can offer that information.

    What about the implementation team?

    I found it easier to identify investigations involving multiple compromised accounts with Obsidian Security. It was easier to identify all the accounts involved in the breach, reducing the amount of time it took to perform the investigation, especially for Microsoft 365 breaches, which are quite common in my company and are fixed-rate. The less time spent on them, the better. Obsidian Security really provides significant value because if you can quickly identify all the malicious activity and run down the investigation, you will not have to overbill and waste money due to extra time spent digging on a fixed-rate matter. Overall, it speeds up many investigations by providing insights that normally would not be readily available using traditional collection methods.

    What was our ROI?

    There is a cost savings from management's perspective initially because we can cut down investigation time and free up resources for different types of cases requiring staffing. Thanks to the insights provided by Obsidian Security, we can quickly run through an investigation that might have previously taken a few days, reducing it to a day or less at times.

    What's my experience with pricing, setup cost, and licensing?

    Unfortunately, I was not very familiar with the pricing, setup cost, or licensing because it was handled by management. I cannot comment on that.

    Which other solutions did I evaluate?

    I am not aware of what was evaluated or whether there was an evaluation prior to choosing Obsidian Security.

    What other advice do I have?

    I would advise others looking into using Obsidian Security to give it a shot. It is a very helpful tool, especially if you are in a consulting practice or a company with one or more Software as a Service applications in your environment. It is critical to have some form of platform of this nature, and Obsidian Security does a great job of providing visibility and actionable insights into securing your environment and understanding what is going on in there. The initial relationship provided a trial for all my clients, and we would determine if the client was interested in going further, which suggests a partner or reseller relationship. My overall rating for Obsidian Security is seven out of ten.

    Insurance

    A strong workhorse in the SSPM space

    Reviewed on Aug 06, 2025
    Review provided by G2
    What do you like best about the product?
    I've used a few SSPM tools and by far Obsidian has been a standout in the category. The product is very well thought out to provide value and positive outcomes for SaaS Security practitioners looking to secure their SaaS landscape. While not as refined as some existing solutions, I feel Obsidian has all the raw materials needed to really set the stage for what a mature SSPM offering looks like in the next few years. The customer support we've received over the past year has been A1. Obsidian and it's Customer Success team works tirelessly to ensure our implementation of SSPM has gone smoothly.
    What do you dislike about the product?
    The platform does lag behind existing SSPM offerings in certain areas, mainly around reports (which is improving) and threat catalog. Some dashboards are not super functional or helpful.
    What problems is the product solving and how is that benefiting you?
    Obsidian has allowed us to get a better understanding of our SaaS landscape, which includes usage of apps, current security state of those apps and areas where improvement can be made. The continuous monitoring of our SaaS apps for any new risks has been invaluable to our overall security strategy.
    Fred R.

    Best SaaS and user fiendly tool

    Reviewed on Jul 31, 2025
    Review provided by G2
    What do you like best about the product?
    Seeing all the data in one place and on one page. In a world where SOC performance and speed is measured, this is the tool that correlate data in the perfect way to helps make a clear decision and speeds up investigations.
    What do you dislike about the product?
    There is not much to fault. Anytime I want to make a change. I submit a feature request and things get delt with.
    What problems is the product solving and how is that benefiting you?
    Posture is the easiest thing to neglect when it comes to third-party cloud solutions. Obsidian makes it easy to track active accounts left after a user exits. The Obsidian Browser Extension is a game-changer for tracking compromised accounts or users traveling.
    Insurance

    Pretty helpful for enterprise

    Reviewed on Jun 25, 2024
    Review provided by G2
    What do you like best about the product?
    Very helpful application posture with identity and data security
    What do you dislike about the product?
    It's pretty expensive. I also have used other software in the past.
    What problems is the product solving and how is that benefiting you?
    It helps use with application posture
    View all reviews