Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

Varonis Announces Salesforce Shield Integration

Together, Varonis and Salesforce Shield offer the most comprehensive Salesforce security on the market today.
Nathan Coppinger
3 min read
Last updated November 14, 2023

Our new Salesforce Shield integration takes Varonis’ best-in-class Salesforce solution to a whole new level. Customers can maximize their Shield investment with simple and powerful threat detection and event analysis. 

Varonis pulls in Shield’s activity, generates a human-readable audit trail, and enriches events with important context, such as data sensitivity, user details, and related events.  

Our ready-made alerts ensure that even a junior security analyst who has never used Salesforce can investigate threats and resolve incidents with ease. 

In this blog, we’ll cover how combining the powers of Varonis and Salesforce Shield together provides unmatched visibility and protection for Salesforce through:

  • Enriched Salesforce Shield events with additional details and context
  • Out-of-the-box and no-code custom threat models
  • The Varonis Proactive Incident Response to help triage and investigate alerts 
  • A centralized view of your Salesforce security posture

Watch this video to learn more about Varonis' Salesforce Shield integration.

Make Salesforce Shield events more actionable.

Salesforce Shield provides over 40 different event types. The catch, however, is that each event is presented in raw log form and is siloed from other related events. To gain any actionable insights into where sensitive data is at risk, you need to do a lot of manual parsing, analysis, and correlation to know if your sensitive data is being misused or is under attack. 

Salesforce Shield event querySalesforce's native event monitoring query interface

Varonis ingests events that can only be captured by Shield, including REST API activity, Aura requests, Lightning interactions, and more. We then enrich each event and present them all in a unified and searchable audit trail of events.

Varonis takes raw activity logs provided by Shield and shows you exactly who performed the action, what they did, and whether the target object was sensitive, so you can conduct investigations quickly, even without knowing Salesforce’s log format.  

Audit trailInvestigate Salesforce events using Varonis’ human-readable audit trail.

Analysts and admins can drill down from each event to see all the activity performed by that user during their sessions. They can also filter activity across multiple dimensions —by user, guest accounts, a specific resource, event type, data sensitivity, privileged activity, and more.

You can easily correlate Salesforce activity with activity performed across other cloud apps, making it easy to trace a compromised user or malicious insider’s activity across your entire cloud. 

Cross-cloud audit trailPerform cross-cloud investigations with Varonis.

When you integrate Varonis with Salesforce Shield, Varonis event monitoring will not consume any additional Salesforce API calls, reducing your risk of hitting your daily limit and thereby losing visibility into your Salesforce environment.  

Alerts without Apex code

With Varonis, security teams can quickly catch, investigate, and stop threats before they can do damage.

Although Salesforce Shield is collecting logs, it does not come with out-of-the-box alerts. To create alerts, users need to produce them manually using Apex code. This will require security teams and Salesforce architects to work closely together to identify the activities, logic, and thresholds that should trigger alerts. 

Varonis comes with ready-made alerts created by our Threat Labs team and Salesforce experts. Some of the suspicious activity we can detect includes Apex classes enabled for guest profiles, when new sites with guest users are created, and other activities that can open you up to risk. 

Salesforce AlertDetect and investigate threats with Varonis’ ready-made alerts.

Varonis alerts include user information, data sensitivity, and related events so you can quickly understand the impact of each alert and what other resources a compromised user can continue to access.  

You can easily create and customize alerts to fit your Salesforce Org’s specific needs — all without having to use Apex code. 

Incident response coverage when you need it the most

Our Proactive Incident Response team watches your Salesforce alerts in Varonis for you and notifies you of true incidents. We investigate suspicious activity and call you if we see a problem. This means that instead of more alerts, you get outcomes — without even needing to log in.  

The best part is that incident response help comes included in every Varonis subscription at no extra cost. 

A complete picture of your Salesforce security posture 

Varonis provides a centralized view of your Salesforce security posture, enabling you to visualize where your environment is exposed to risk and where technical debt is building up — all from a single, unified interface. 

Salesforce DashboardManage your Salesforce security posture from a single pane of glass.

Spending hours poring over spreadsheets to understand where your Salesforce Orgs are at risk is a thing of the past. With Varonis, you’ll be able to ensure your most valuable Salesforce data is locked down and secure by enabling you to:    

  • Visualize your sensitive data exposure and compliance risk.
  • Radically simplify permissions and user management.
  • Automatically surface and fix critical misconfiguration.
  • Analyze and reduce third-party app risk.
  • Quickly catch and investigate threats.

Try Varonis for Salesforce

Ready to gain deep visibility into your Salesforce activity and improve your security posture with Varonis and Salesforce Shield?

Contact us to get started today with a free Salesforce data risk assessment.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

How Varonis Saves Salesforce Admins Hours in Their Day
Varonis provides industry leading Salesforce management and permission implications capabilities to help save Salesforce admins hours in their day.
Salesforce Security: 5 Ways Your Data Could be Exposed
Salesforce is the lifeblood of many organizations - Here are five things you should know about your Salesforce security and how to effectively reduce risk
SecurityRWD - Salesforce as a file server? You bet.
Did you know Salesforce isn't limited to just, well, sales? This leading CRM platform can function as a data repository for critical industries ranging from healthcare to finance. Listen in as Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team share their reasoning for thinking about Salesforce as a data store, and tell you what you should consider if tasked with securing it.
Varonis Delivers Market-leading Salesforce Security
Varonis delivers market-leading Salesforce security