OBSIDIAN — Counterintelligence
Counterintelligence asks a different question than IT security: not “is something breaking our systems?” but “is someone targeting our people, programs, and secrets — and who?” OBSIDIAN watches for the pattern of targeting and insider risk across every signal the platform holds, and raises risk-prioritized alerts before an incident — during the adversary's reconnaissance phase, when intervention is still cheap.
The problem it solves
Each move looks innocent in the one system that saw it
Adversaries cultivate employees, probe suppliers, research program staff, and engineer trips. No single tool sees the pattern — so the pattern goes unseen until it becomes an incident.
Status quo
With OBSIDIAN
Status quo
Insider threat tooling retrofitted from IT security — technical anomalies with no counterintelligence context.
With OBSIDIAN
CI-first analytics designed around targeting and intent.
Status quo
Alert floods burying the one signal that matters.
With OBSIDIAN
Risk-prioritized alerts weighted by role, mission sensitivity, and signal diversity.
Status quo
Foreign targeting invisible until an incident.
With OBSIDIAN
Early warning during the adversary's reconnaissance and targeting phase.
Status quo
Vetting reduced to point-in-time database checks.
With OBSIDIAN
Beneficial-ownership mapping, FOCI indicators, and continuous-evaluation-aligned monitoring.
Status quo
Findings scattered across tools and inboxes.
With OBSIDIAN
Cases open automatically in FORGE with evidence attached.
Modules
Three modules, three fronts
People already inside, adversaries outside targeting what you protect, and entities you are about to trust — each front gets a purpose-built module on the shared APEX risk engine.
Modules
01
OBSIDIAN Guard
Behavioral analytics and insider threat detection
Behavioral baselines with cross-domain anomaly correlation across access, travel, cyber, and open-source signals. A FORGE case opens automatically at threshold.
The shared risk engine weighs who a signal concerns: a badge anomaly for a cleared program manager carries different weight than the same anomaly elsewhere.
Human role
Insider threat analysts review, direct inquiries, and make every determination. Guard surfaces and organizes; people decide.
02
OBSIDIAN Shield
Program protection and foreign targeting
Maps what you protect to who wants it — targeting early warning, supply-chain exposure, and foreign-dependency identification for programs and technologies.
Shield inverts the lens — it maps what you protect to who wants it, linking critical assets and programs to known threat actors and their collection priorities.
Human role
Program protection leads and CI officers validate warnings and choose countermeasures.
03
OBSIDIAN Check
Vetting, due diligence, and FOCI risk
Beneficial ownership, sanctions, PEP, and adverse-media screening with FOCI indicators — vetting intelligence delivered as audit-ready reports.
Reports arrive audit-ready with counterintelligence red flags explicitly called out — beneficial ownership, hidden corporate structures, and FOCI indicators.
Human role
Vetting staff, security officers, and counsel make the trust decision.
Guard looks inward. Shield looks outward. Check looks at who you're about to trust.
Ecosystem
Connected across the system
OBSIDIAN correlates signals the rest of the platform already governs — and hands its findings to the modules built to act on them.
Stands on
APEXEntity resolution, the shared risk engine, orchestration, and governance. Every OBSIDIAN assessment is scored and routed through the platform foundation.
Consumes
LUCIDOpen-source targeting indicators feed Shield's early-warning picture.
Corroborated by
STRATUMCyber-insider nexus detection raises or reduces confidence in OBSIDIAN assessments — in both directions, deliberately.
Exchanges signals with
PATHWAYTravel patterns inform Guard's correlation; behavioral indicators feed traveler risk scoring in return.
Triggers
FORGEAt risk threshold, a case opens automatically — with the entity timeline already assembled.
Counterintelligence teams
CI-first analytics built around targeting and intent — not repurposed IT security alerts.
Security leadership
A defensible insider threat and program protection capability with audit-ready governance.
Program protection managers
Asset-to-threat-actor mapping and early warning tied to the programs they protect.
Insider threat hub analysts
Prioritized alerts, pre-built timelines, and automatic case handoff to FORGE.
HR and procurement
Vetting and due diligence with beneficial-ownership depth.
Legal and compliance
FOCI indicator detection and audit-ready reporting that supports NISPOM- and CMMC-aligned programs.
Next step
See targeting before it becomes an incident.
A demo walks Guard, Shield, and Check through realistic scenarios — ending with the case that opens automatically at threshold.