Varonis Announces Salesforce Shield Integration

Together, Varonis and Salesforce Shield offer the most comprehensive Salesforce security on the market today.
Nathan Coppinger
3 min read
Last updated November 14, 2023

Our new Salesforce Shield integration takes Varonis’ best-in-class Salesforce solution to a whole new level. Customers can maximize their Shield investment with simple and powerful threat detection and event analysis. 

Varonis pulls in Shield’s activity, generates a human-readable audit trail, and enriches events with important context, such as data sensitivity, user details, and related events.  

Our ready-made alerts ensure that even a junior security analyst who has never used Salesforce can investigate threats and resolve incidents with ease. 

In this blog, we’ll cover how combining the powers of Varonis and Salesforce Shield together provides unmatched visibility and protection for Salesforce through:

  • Enriched Salesforce Shield events with additional details and context
  • Out-of-the-box and no-code custom threat models
  • The Varonis Proactive Incident Response to help triage and investigate alerts 
  • A centralized view of your Salesforce security posture

Watch this video to learn more about Varonis' Salesforce Shield integration.

Make Salesforce Shield events more actionable.

Salesforce Shield provides over 40 different event types. The catch, however, is that each event is presented in raw log form and is siloed from other related events. To gain any actionable insights into where sensitive data is at risk, you need to do a lot of manual parsing, analysis, and correlation to know if your sensitive data is being misused or is under attack. 

Salesforce Shield event querySalesforce's native event monitoring query interface

Varonis ingests events that can only be captured by Shield, including REST API activity, Aura requests, Lightning interactions, and more. We then enrich each event and present them all in a unified and searchable audit trail of events.

Varonis takes raw activity logs provided by Shield and shows you exactly who performed the action, what they did, and whether the target object was sensitive, so you can conduct investigations quickly, even without knowing Salesforce’s log format.  

Audit trailInvestigate Salesforce events using Varonis’ human-readable audit trail.

Analysts and admins can drill down from each event to see all the activity performed by that user during their sessions. They can also filter activity across multiple dimensions —by user, guest accounts, a specific resource, event type, data sensitivity, privileged activity, and more.

You can easily correlate Salesforce activity with activity performed across other cloud apps, making it easy to trace a compromised user or malicious insider’s activity across your entire cloud. 

Cross-cloud audit trailPerform cross-cloud investigations with Varonis.

When you integrate Varonis with Salesforce Shield, Varonis event monitoring will not consume any additional Salesforce API calls, reducing your risk of hitting your daily limit and thereby losing visibility into your Salesforce environment.  

Alerts without Apex code

With Varonis, security teams can quickly catch, investigate, and stop threats before they can do damage.

Although Salesforce Shield is collecting logs, it does not come with out-of-the-box alerts. To create alerts, users need to produce them manually using Apex code. This will require security teams and Salesforce architects to work closely together to identify the activities, logic, and thresholds that should trigger alerts. 

Varonis comes with ready-made alerts created by our Threat Labs team and Salesforce experts. Some of the suspicious activity we can detect includes Apex classes enabled for guest profiles, when new sites with guest users are created, and other activities that can open you up to risk. 

Salesforce AlertDetect and investigate threats with Varonis’ ready-made alerts.

Varonis alerts include user information, data sensitivity, and related events so you can quickly understand the impact of each alert and what other resources a compromised user can continue to access.  

You can easily create and customize alerts to fit your Salesforce Org’s specific needs — all without having to use Apex code. 

Incident response coverage when you need it the most

Our Proactive Incident Response team watches your Salesforce alerts in Varonis for you and notifies you of true incidents. We investigate suspicious activity and call you if we see a problem. This means that instead of more alerts, you get outcomes — without even needing to log in.  

The best part is that incident response help comes included in every Varonis subscription at no extra cost. 

A complete picture of your Salesforce security posture 

Varonis provides a centralized view of your Salesforce security posture, enabling you to visualize where your environment is exposed to risk and where technical debt is building up — all from a single, unified interface. 

Salesforce DashboardManage your Salesforce security posture from a single pane of glass.

Spending hours poring over spreadsheets to understand where your Salesforce Orgs are at risk is a thing of the past. With Varonis, you’ll be able to ensure your most valuable Salesforce data is locked down and secure by enabling you to:    

  • Visualize your sensitive data exposure and compliance risk.
  • Radically simplify permissions and user management.
  • Automatically surface and fix critical misconfiguration.
  • Analyze and reduce third-party app risk.
  • Quickly catch and investigate threats.

Try Varonis for Salesforce

Ready to gain deep visibility into your Salesforce activity and improve your security posture with Varonis and Salesforce Shield?

Contact us to get started today with a free Salesforce data risk assessment.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:


Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.


See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.


Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

How to Deal With Sensitive Data in Salesforce: A Guide to Data Classification
Salesforce Ben and the Varonis team up to discuss Salesforce data classification best practices.
How Varonis Saves Salesforce Admins Hours in Their Day
Varonis provides industry leading Salesforce management and permission implications capabilities to help save Salesforce admins hours in their day.
Protecting Salesforce: Preventing Public Link Creation
Identify and prevent the creation of Salesforce public links and reduce your blast radius with Varonis.
Varonis Delivers Market-leading Salesforce Security
Varonis delivers market-leading Salesforce security