Obsidian Security Releases Industry-First SaaS Session Hijacking Detection Feature to Protect Today’s Cloud-First Organizations

EnTribe Expands SaaS Platform With New Media Hub, Increasing Brands’ Access to User-Generated Content

New feature enables early detection of session hijacking attempts in SaaS applications such as Okta and Azure AD to mitigate threats that bypass MFA

Obsidian Security, the leader in SaaS Security and Posture Management (SSPM), unveiled the ability to detect SaaS session hijacking attempts early in the kill chain across multiple platforms like Okta, Azure AD, Microsoft 365 and more. The capability is used by more than 80 customers worldwide, including eight customers in the Fortune 1000. Attackers have recognized that credential stealing is less effective due to the broad adoption of multi-factor authentication (MFA) by organizations today. However, tokens associated with sessions of SaaS applications can be reused within time limits to access any and all applications associated with the identity provider (IDP), which is exemplified in the recent breach at Okta. In addition, Obsidian is expanding its comprehensive posture management capabilities to support ServiceNow, which joins an already expansive portfolio of SaaS applications including Microsoft 365, Salesforce, GitHub, Workday, Atlassian, etc.

94% of enterprises depend on cloud services and SaaS apps to operate in today’s modern, hybrid workforce, complete daily tasks, and store sensitive information. When an IDP is breached, this results in access to all SaaS applications and sensitive data behind them as well. There is a shared responsibility that needs to be recognized between application vendors, the security team and lines-of-business owners to ensure that all SaaS applications are protected in an organization’s network.

Marketing Technology News: DISQO Insights: Crypto and Newer Financial Services Gain Consumer Traction

“In today’s dynamic world, where architecture and infrastructure changes are constant and new threats pop-up daily, having a red team that can emulate real-world threat actors and identify areas vulnerable to attack, is worth every penny.”

Sophisticated attacks are becoming more common for cloud-first organizations today, so taking precautions to prevent session hijacking via identity providers like Okta and Azure AD with Obsidian’s new offering are critical. The unique aspect of our session hijacking detection was it came through 18 months of work directly with the red team at one of our customers. “In today’s dynamic world, where architecture and infrastructure changes are constant and new threats pop-up daily, having a red team that can emulate real-world threat actors and identify areas vulnerable to attack, is worth every penny.” said Snowflake Vice President of Security Mario Duarte.

“Too often, organizations rely on out-of-the-box security protection for the slew of mission-critical SaaS apps deployed in their networks, including their IDP, but that is no longer sufficient in today’s environment,” said Glenn Chisholm, CPO and Co-founder at Obsidian. “Now, with our new preventative session hijacking feature, security leaders and teams have more comprehensive protection of their IDP and SaaS apps, beyond the endpoints alone, and a better understanding of where cyber risk exists within their digital infrastructure to prevent future exploits and sophisticated attacks that bypass MFA.”

Marketing Technology News: MarTech Interview with Shoel Perelman, VP Product Management at Pegasystems

Picture of Business Wire

Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

You Might Also Like