Obsidian SaaS Security Platform logo

    Obsidian SaaS Security Platform

    Obsidian Security, the pioneer in SaaS Security, provides unparalleled protection for business-critical SaaS applications. Harnessing the power of Obsidian Knowledge Graph, cyber incident response insights, and AI, it delivers unparalleled identity threat protection, compliance, posture management, and ensures robust data security by mitigating 3rd party integration risks with Salesforce, Workday, Office 365, Google Workspace, and other leading SaaS apps.

    Ratings and reviews

    3.9
    4 ratings
    2 star
    1 star
    50%
    25%
    25%
    0%
    0%
    0 AWS reviews
    |
    4 external reviews
    External reviews are from G2  and PeerSpot .

    Filters

    Review type

    AWS Marketplace reviews
    External reviews
    Reviews (4)
    Kemar Wilks

    Incident investigations have become faster and deeper but interface and automation still need work

    Reviewed on Jun 29, 2026
    Review provided by PeerSpot

    What is our primary use case?

    Obsidian Security's main use case is to support incident response investigations. Once my company takes on an investigation, we deploy Obsidian Security and first assess whether clients use Software as a Service applications and if those applications are supported by Obsidian Security. If they are, we use that solution and deploy it in the client's environment to perform an assessment. We primarily use it to assist with clients that use Microsoft 365 in their environment. One of the main focuses is when business email compromise investigations are ongoing, and we deploy Obsidian Security to supplement any form of logs that we have collected so that it can provide us with actionable insights, ongoing alerting, and recommendations on how to harden their environment.

    One of the most recent situations I can recall involves a business email compromise where a threat actor used a phishing campaign to compromise an email account or an M365 account and gain access to the client's environment. Once we deployed Obsidian Security in the environment, we quickly assessed the available log data and identified alerts such as impossible travel, suspicious users, and users with the highest anomalous activity. We gained great insights into how they compromised those user accounts and were able to pivot using that information. Finally, with almost every case where there is a business email compromise, if the client has M365 or a similar supported Software as a Service application, we use Obsidian Security's recommendations for hardening their environment. This way, we add value to our investigation and report to the client by helping them shore their defenses and ensure a more secured environment.

    What is most valuable?

    Obsidian Security provides a large number of well-known Software as a Service application integrations, which was one of the reasons why my company decided to use it. The integrations were easy to implement, and they had great and detailed walkthroughs on how to set up the integrations. There was also great support from their team, and the alerting around it, such as the rules, were well-defined. My favorite part, which I have mentioned multiple times, is the security recommendations on how to harden your environment. I remember one specifically that would repeatedly report that a client had too many global administrators in their environment, and these can be adjusted to change the required thresholds. Overall, it gives the client some customizability while still providing important information to help them understand their security risks and assess based on their risk appetite.

    Obsidian Security positively impacts my organization by helping clients get more value from my investigations and engagements. My investigations are easier because Obsidian Security provides me with additional insight that allows me to quickly pivot based on the alerts and recommendations provided.

    What needs improvement?

    Obsidian Security's platform could offer more automated integrations. I know it is not easy because Obsidian Security supports Software as a Service applications that have different setup processes, so it is not a straightforward, one-size-fits-all solution for getting the integrations going. However, if it could be easier, that would enhance the user experience, although I did not find it particularly challenging overall. Additionally, if it could be set up to be more incident response-friendly, providing more capabilities that allow for deeper investigation and correlation across different log sets, that would be beneficial.

    The user interface is important, and I think there is room for improvement there.

    For how long have I used the solution?

    I have used Obsidian Security for about a year and a half.

    What do I think about the stability of the solution?

    Obsidian Security is stable as far as I am aware.

    What do I think about the scalability of the solution?

    Neither we nor our clients purchased Obsidian Security through the AWS Marketplace.

    How are customer service and support?

    Customer support for Obsidian Security is great. I have no issues there; they are very responsive, helpful, and knowledgeable.

    Which solution did I use previously and why did I switch?

    We did not use a different solution before.

    How was the initial setup?

    Regarding the integration process, I found it was pretty straightforward. Each integration we used was supported by detailed walkthroughs. There was one where if you did not follow the steps, such as when onboarding Microsoft 365 applications, you would mess up the process. It is important to read the details, but overall, I found them to be very detailed, repeatable, and updated regularly. Obsidian Security team supported us if we had any questions. Regarding the security hardening recommendations, it is not just about assisting the investigation; it is about providing the client with additional value. Many times, even if they do not have a SaaS breach, they still walk away with information about how to improve their SaaS applications. There might have been misconfigurations or unused accounts they were not aware of, accounts without MFA protection, and things of that nature. It always provides additional value to our clients when we can offer that information.

    What about the implementation team?

    I found it easier to identify investigations involving multiple compromised accounts with Obsidian Security. It was easier to identify all the accounts involved in the breach, reducing the amount of time it took to perform the investigation, especially for Microsoft 365 breaches, which are quite common in my company and are fixed-rate. The less time spent on them, the better. Obsidian Security really provides significant value because if you can quickly identify all the malicious activity and run down the investigation, you will not have to overbill and waste money due to extra time spent digging on a fixed-rate matter. Overall, it speeds up many investigations by providing insights that normally would not be readily available using traditional collection methods.

    What was our ROI?

    There is a cost savings from management's perspective initially because we can cut down investigation time and free up resources for different types of cases requiring staffing. Thanks to the insights provided by Obsidian Security, we can quickly run through an investigation that might have previously taken a few days, reducing it to a day or less at times.

    What's my experience with pricing, setup cost, and licensing?

    Unfortunately, I was not very familiar with the pricing, setup cost, or licensing because it was handled by management. I cannot comment on that.

    Which other solutions did I evaluate?

    I am not aware of what was evaluated or whether there was an evaluation prior to choosing Obsidian Security.

    What other advice do I have?

    I would advise others looking into using Obsidian Security to give it a shot. It is a very helpful tool, especially if you are in a consulting practice or a company with one or more Software as a Service applications in your environment. It is critical to have some form of platform of this nature, and Obsidian Security does a great job of providing visibility and actionable insights into securing your environment and understanding what is going on in there. The initial relationship provided a trial for all my clients, and we would determine if the client was interested in going further, which suggests a partner or reseller relationship. My overall rating for Obsidian Security is seven out of ten.

    Insurance

    A strong workhorse in the SSPM space

    Reviewed on Aug 06, 2025
    Review provided by G2
    What do you like best about the product?
    I've used a few SSPM tools and by far Obsidian has been a standout in the category. The product is very well thought out to provide value and positive outcomes for SaaS Security practitioners looking to secure their SaaS landscape. While not as refined as some existing solutions, I feel Obsidian has all the raw materials needed to really set the stage for what a mature SSPM offering looks like in the next few years. The customer support we've received over the past year has been A1. Obsidian and it's Customer Success team works tirelessly to ensure our implementation of SSPM has gone smoothly.
    What do you dislike about the product?
    The platform does lag behind existing SSPM offerings in certain areas, mainly around reports (which is improving) and threat catalog. Some dashboards are not super functional or helpful.
    What problems is the product solving and how is that benefiting you?
    Obsidian has allowed us to get a better understanding of our SaaS landscape, which includes usage of apps, current security state of those apps and areas where improvement can be made. The continuous monitoring of our SaaS apps for any new risks has been invaluable to our overall security strategy.
    Fred R.

    Best SaaS and user fiendly tool

    Reviewed on Jul 31, 2025
    Review provided by G2
    What do you like best about the product?
    Seeing all the data in one place and on one page. In a world where SOC performance and speed is measured, this is the tool that correlate data in the perfect way to helps make a clear decision and speeds up investigations.
    What do you dislike about the product?
    There is not much to fault. Anytime I want to make a change. I submit a feature request and things get delt with.
    What problems is the product solving and how is that benefiting you?
    Posture is the easiest thing to neglect when it comes to third-party cloud solutions. Obsidian makes it easy to track active accounts left after a user exits. The Obsidian Browser Extension is a game-changer for tracking compromised accounts or users traveling.
    Insurance

    Pretty helpful for enterprise

    Reviewed on Jun 25, 2024
    Review provided by G2
    What do you like best about the product?
    Very helpful application posture with identity and data security
    What do you dislike about the product?
    It's pretty expensive. I also have used other software in the past.
    What problems is the product solving and how is that benefiting you?
    It helps use with application posture