Skip to content
EternaEdge
OBSIDIAN

OBSIDIANCounterintelligence

Counterintelligence asks a different question than IT security: not “is something breaking our systems?” but “is someone targeting our people, programs, and secrets — and who?” OBSIDIAN watches for the pattern of targeting and insider risk across every signal the platform holds, and raises risk-prioritized alerts before an incident — during the adversary's reconnaissance phase, when intervention is still cheap.

Scroll

The problem it solves

Each move looks innocent in the one system that saw it

Adversaries cultivate employees, probe suppliers, research program staff, and engineer trips. No single tool sees the pattern — so the pattern goes unseen until it becomes an incident.

Status quo

Insider threat tooling retrofitted from IT security — technical anomalies with no counterintelligence context.

With OBSIDIAN

CI-first analytics designed around targeting and intent.

Status quo

Alert floods burying the one signal that matters.

With OBSIDIAN

Risk-prioritized alerts weighted by role, mission sensitivity, and signal diversity.

Status quo

Foreign targeting invisible until an incident.

With OBSIDIAN

Early warning during the adversary's reconnaissance and targeting phase.

Status quo

Vetting reduced to point-in-time database checks.

With OBSIDIAN

Beneficial-ownership mapping, FOCI indicators, and continuous-evaluation-aligned monitoring.

Status quo

Findings scattered across tools and inboxes.

With OBSIDIAN

Cases open automatically in FORGE with evidence attached.

Modules

Three modules, three fronts

People already inside, adversaries outside targeting what you protect, and entities you are about to trust — each front gets a purpose-built module on the shared APEX risk engine.

OBSIDIAN

Modules

01

OBSIDIAN Guard

Behavioral analytics and insider threat detection

Behavioral baselines with cross-domain anomaly correlation across access, travel, cyber, and open-source signals. A FORGE case opens automatically at threshold.

The shared risk engine weighs who a signal concerns: a badge anomaly for a cleared program manager carries different weight than the same anomaly elsewhere.

Human role

Insider threat analysts review, direct inquiries, and make every determination. Guard surfaces and organizes; people decide.

02

OBSIDIAN Shield

Program protection and foreign targeting

Maps what you protect to who wants it — targeting early warning, supply-chain exposure, and foreign-dependency identification for programs and technologies.

Shield inverts the lens — it maps what you protect to who wants it, linking critical assets and programs to known threat actors and their collection priorities.

Human role

Program protection leads and CI officers validate warnings and choose countermeasures.

03

OBSIDIAN Check

Vetting, due diligence, and FOCI risk

Beneficial ownership, sanctions, PEP, and adverse-media screening with FOCI indicators — vetting intelligence delivered as audit-ready reports.

Reports arrive audit-ready with counterintelligence red flags explicitly called out — beneficial ownership, hidden corporate structures, and FOCI indicators.

Human role

Vetting staff, security officers, and counsel make the trust decision.

Guard looks inward. Shield looks outward. Check looks at who you're about to trust.

Ecosystem

Connected across the system

OBSIDIAN correlates signals the rest of the platform already governs — and hands its findings to the modules built to act on them.

Stands on

APEX

Entity resolution, the shared risk engine, orchestration, and governance. Every OBSIDIAN assessment is scored and routed through the platform foundation.

Consumes

LUCID

Open-source targeting indicators feed Shield's early-warning picture.

Corroborated by

STRATUM

Cyber-insider nexus detection raises or reduces confidence in OBSIDIAN assessments — in both directions, deliberately.

Exchanges signals with

PATHWAY

Travel patterns inform Guard's correlation; behavioral indicators feed traveler risk scoring in return.

Triggers

FORGE

At risk threshold, a case opens automatically — with the entity timeline already assembled.

Who it's for

Counterintelligence teams

CI-first analytics built around targeting and intent — not repurposed IT security alerts.

Security leadership

A defensible insider threat and program protection capability with audit-ready governance.

Program protection managers

Asset-to-threat-actor mapping and early warning tied to the programs they protect.

Insider threat hub analysts

Prioritized alerts, pre-built timelines, and automatic case handoff to FORGE.

HR and procurement

Vetting and due diligence with beneficial-ownership depth.

Legal and compliance

FOCI indicator detection and audit-ready reporting that supports NISPOM- and CMMC-aligned programs.

Next step

See targeting before it becomes an incident.

A demo walks Guard, Shield, and Check through realistic scenarios — ending with the case that opens automatically at threshold.