This interview is part of our new AI in Cybersecurity series, where we interview the world's top thought leaders on the front lines of the intersections between AI and cybersecurity.
In this interview, we speak with Ben Johnson, co-founder and CTO of Obsidian, to understand how his company is using AI to transform cybersecurity, and what the future of the cybersecurity industry holds.
1. What’s the story behind Obsidian Security? Why and how did you begin?
BJ: Glenn, Matt and I competed in the endpoint security world for several years. Despite being fierce competitors, we were friends and had a lot of respect for each other as practitioners, innovators, and security geeks. In fact, during the early days at Carbon Black and Cylance we discussed integrating the products, but sadly that never fully materialized.
In late 2016 we happened to decide independently that we wanted to get back to ground zero to build something fresh. A chance phone call reconnected Glenn and I, and shortly after we were having lunch on Laguna Beach on a 79-degree winter day discussing Obsidian. A couple of months later and we were off to the races.
Obsidian’s vision is to monitor and secure how the user population utilizes business and cloud applications, something we feel is especially important during this aggressive period of cloud and mobility adoption.
2. Please describe your use case and how Obsidian Security uses artificial intelligence:
BJ: Organizations don’t understand what’s occurring in their applications — especially in the case of SaaS and IaaS. There’s a serious lack of understanding of how access is used, where users are overprivileged, and then if there is unwanted behavior like account compromise or service misconfigurations. We pull that all together across applications in a way that we haven’t seen before.
When we talk about the use of AI and machine learning in the Obsidian platform, we like to focus on outcomes and overall value that the platform delivers. After all, AI in self-driving cars tends to be discussed in terms of the value it provides, not the intricate details of what is going on inside the algorithms. We believe this is the best antidote to the “AI-washing” that is happening in security. Having said that, some aspects of understanding and reasoning about appropriate privileges and access, and analyzing user behavior are particularly well-suited to solutions based on machine learning, statistics, and data science-driven approaches.
3. Could you share a specific customer/user that benefits from what you offer? What has Obsidian Security done for them?
BJ: One of our customers is an organization with around 10,000 employees. They use cloud services like Office 365, Okta, and Dropbox. In just ten minutes, their security team signed them onto Obsidian and saw how their employees and partners were using these applications. They could see who was bypassing Okta and where they had accounts with administrator privileges that weren’t being used. Over a third of their Office 365 accounts had been inactive for three months – and those are pricey licenses. Unused accounts can also be used as entry points by attackers. The Office administrator is shrinking their security footprint and their OpEx by deprovisioning stale accounts.
With regards to use cases more generally, organizations need help in multiple areas — hygiene, threat management, and compliance. Our customers face a multitude of problems — a mix of technology and applications, a dynamic user population, and identity sprawl. What surprised me most in our customer discovery journey was their enthusiasm to “right-size” access — find that slack in the system where accounts or privileges are unused. Beyond that, we continuously audit for hygiene problems and suspicious activity. Finally, being able to see what accounts did, especially in the cloud, either for incident response or compliance saves time for security and compliance practitioners.