Obsidian Security

Attackers are increasingly targeting SaaS applications and the identities that unlock them. Obsidian’s data reveals a 300% surge in SaaS breaches. But why are these applications the new frontline? Because that's where your data now resides. In an article featured in Cyber Defense Magazine, Obsidian Security Co-Founder Glenn Chisholm breaks down this new trend and offers insights on how organizations can defend themselves against the escalating threats to SaaS identities. Link to the article in the comments. #CyberSecurity #SaaSSecurity #SaaSIdentityProtection

𝗔𝘃𝗼𝗶𝗱 𝗳𝗶𝗻𝗲𝘀 𝗺𝗲𝗲𝘁𝗶𝗻𝗴 𝗶𝗺𝗽𝗲𝗻𝗱𝗶𝗻𝗴 𝗡𝗬𝗗𝗙𝗦 𝗱𝗲𝗮𝗱𝗹𝗶𝗻𝗲𝘀 𝗳𝗼𝗿 𝗦𝗮𝗮𝗦. Several financial services firms have already incurred millions in fines for failing to meet NYDFS cybersecurity requirements, particularly around MFA enforcement. Part 500 of the NYDFS security regulation specifically highlights protecting information systems like SaaS with access to sensitive data. That means any application with nonpublic information like Salesforce and Snowflake are in scope. But SaaS compliance doesn’t have to be a burden. Obsidian Security maps 23 NYCRR Part 500 requirements directly to your SaaS security controls, so you can: • Identify and manage elevated privilege for SaaS to SaaS integrations • Identify federated and unfederated SaaS • Uncover and remediate security and compliance gaps in SaaS • Ensure MFA and access policies are enforced • Detect and mitigate threats before they become violations • Automate compliance tracking and reporting Don’t wait as regulators are stepping up enforcement. Read our latest blog to learn how to stay compliant and secure your SaaS applications. Link in comments. #SaaSSecurity #NYDFS #CyberSecurity #FinancialServices

Obsidian leads the way in SaaS security, and part of that is thanks to our leaders. Tune in next week for the first CFO Talks from Chithra Rajagopalan on changes in the SaaS security landscape and what finance leaders need to know. #saasidentitysecurity #womenincyber

🚨 Are you ready to test your cybersecurity skills? 🚨 Obsidian Security is hosting the only CTF at BlackHat Asia this year! Join us to get behind the scenes of a real-world SaaS breach: https://lnkd.in/eGCTJH6R

Obsidian and HackerOne Present: March Madness Exclusive Event 🏀 Calling all CISOs and security execs! Join us for an action packed day of networking, expert insights, and watching the Sweet Sixteen showdown! Just like on the court, defense wins the game 🏆 📅 When: Thursday, March 27th 📍 Where: Cosm LA, Inglewood, CA Seats are limited, so secure an invitation today at the link in the comments.

Despite claims that Okta's CORS policies and device matching can stop AiTM phishing attacks, our research proves otherwise. We demonstrate how attackers can easily modify Evilginx configurations to bypass these controls and steal session cookies—even with MFA enabled. Learn why traditional security measures fall short against sophisticated phishing and what actually works: phishing-resistant MFA like Okta FastPass, proactive domain monitoring, and robust ITDR solutions. Link in comments.

“Adversaries are spending 240 days embedded in our SaaS ecosystems before being detected.” Last month, Obsidian’s Alfredo Hickman and Renee Guttmann took the stage at CISO Forum Canada 2025. They shared their experiences as CISOs in the modern SaaS threat landscape, along with Obsidian findings straight from the front lines. A big thanks to siberX for this amazing partnership—we look forward to more! Interested in hearing firsthand how two CISOs are tackling the challenges of SaaS security? Listen to the session here: https://lnkd.in/eDwZRMi4 #cisoforumcanada #cybersecurity

Yesterday, the Obsidian team celebrated International Women's Day together at Terún! A special thank you to our guest speaker, Bindu Garapaty, Psy.D., and to all the incredible women at Obsidian for everything they do. #IWD2025 #AccelerateAction

Welcome to the FS-ISAC 2025 Americas Spring Summit! Stop by the Obsidian Security booth #74 and speak to our experts to learn how to protect your SaaS apps. https://lnkd.in/g_YsvPji

Obsidian Security partners with SentinelOne to deliver unified threat protection across endpoint and SaaS, addressing the 300% surge in SaaS-based breaches. Our integration enables seamless cross-detection and response across digital environments. https://lnkd.in/efwm_h57