Data Intelligence for SaaS Threat Hunting: How Obsidian uses Databricks at scale

Security teams are overwhelmed by fragmented SaaS logs, identity signals, and investigation workflows spread across tools. Obsidian Security unifies SaaS security telemetry across cloud apps and identity providers to detect real-world threats like account takeover, suspicious OAuth activity, and insider risk.In this session, Damien Miller-McAndrews (Threat Researcher, Obsidian Security) shares how Obsidian leverages the Databricks Lakehouse to accelerate threat investigations using anonymized, high-volume security telemetry stored in a unified Databricks data lake. See how Databricks enables fast, repeatable investigations by combining scalable query performance, structured and semi-structured data processing, and governance-friendly workflows.Attendees will learn practical patterns for building modern cybersecurity investigation pipelines on Databricks—turning security data into 'investigation ready' intelligence and enabling faster detection, triage, and response.