Obsidian Security unveiled the ability to detect SaaS session hijacking attempts early in the kill chain across multiple platforms like Okta, Azure AD, Microsoft 365 and more. The capability is used by more than 80 customers worldwide, including eight customers in the Fortune 1000. Attackers have recognized that credential stealing is less effective due to the broad adoption of multi-factor authentication (MFA) by organizations today. However, tokens associated with sessions of SaaS applications can be reused within time limits to access any and all applications associated with the identity provider (IDP), which is exemplified in the recent breach at Okta. In addition, Obsidian is expanding its comprehensive posture management capabilities to support ServiceNow, which joins an already expansive portfolio of SaaS applications including Microsoft 365, Salesforce, GitHub, Workday, Atlassian, etc.

94% of enterprises depend on cloud services and SaaS apps to operate in today's modern, hybrid workforce, complete daily tasks, and store sensitive information. When an IDP is breached, this results in access to all SaaS applications and sensitive data behind them as well. There is a shared responsibility that needs to be recognized between application vendors, the security team and lines-of-business owners to ensure that all SaaS applications are protected in an organization's network. 

Sophisticated attacks are becoming more common for cloud-first organizations today so taking precautions to prevent session hijacking via identity providers  like Okta and Azure AD with Obsidian's new offering are critical. The unique aspect of our session hijacking detection was it came through 18 months of work directly with the red team at one of our customers. "In today's dynamic world, where architecture and infrastructure changes are constant and new threats pop-up daily, having a red team that can emulate real-world threat actors and identify areas vulnerable to attack, is worth every penny." said Snowflake Vice President of Security Mario Duarte. You can learn more about Obsidian's session hijacking feature here.

"Too often, organizations rely on out-of-the-box security protection for the slew of mission-critical SaaS apps deployed in their networks, including their IDP, but that is no longer sufficient in today's environment," said Glenn Chisholm, CPO and Co-founder at Obsidian. "Now, with our new preventative session hijacking feature, security leaders and teams have more comprehensive protection of their IDP and SaaS apps, beyond the endpoints alone, and a better understanding of where cyber risk exists within their digital infrastructure to prevent future exploits and sophisticated attacks that bypass MFA."