Our new Salesforce Shield integration takes Varonis’ best-in-class Salesforce solution to a whole new level. Customers can maximize their Shield investment with simple and powerful threat detection and event analysis.
Varonis pulls in Shield’s activity, generates a human-readable audit trail, and enriches events with important context, such as data sensitivity, user details, and related events.
Our ready-made alerts ensure that even a junior security analyst who has never used Salesforce can investigate threats and resolve incidents with ease.
In this blog, we’ll cover how combining the powers of Varonis and Salesforce Shield together provides unmatched visibility and protection for Salesforce through:
- Enriched Salesforce Shield events with additional details and context
- Out-of-the-box and no-code custom threat models
- The Varonis Proactive Incident Response to help triage and investigate alerts
- A centralized view of your Salesforce security posture
Watch this video to learn more about Varonis' Salesforce Shield integration.
Make Salesforce Shield events more actionable.
Salesforce Shield provides over 40 different event types. The catch, however, is that each event is presented in raw log form and is siloed from other related events. To gain any actionable insights into where sensitive data is at risk, you need to do a lot of manual parsing, analysis, and correlation to know if your sensitive data is being misused or is under attack.
Salesforce's native event monitoring query interface
Varonis ingests events that can only be captured by Shield, including REST API activity, Aura requests, Lightning interactions, and more. We then enrich each event and present them all in a unified and searchable audit trail of events.
Varonis takes raw activity logs provided by Shield and shows you exactly who performed the action, what they did, and whether the target object was sensitive, so you can conduct investigations quickly, even without knowing Salesforce’s log format.
Investigate Salesforce events using Varonis’ human-readable audit trail.
Analysts and admins can drill down from each event to see all the activity performed by that user during their sessions. They can also filter activity across multiple dimensions —by user, guest accounts, a specific resource, event type, data sensitivity, privileged activity, and more.
You can easily correlate Salesforce activity with activity performed across other cloud apps, making it easy to trace a compromised user or malicious insider’s activity across your entire cloud.
Perform cross-cloud investigations with Varonis.
When you integrate Varonis with Salesforce Shield, Varonis event monitoring will not consume any additional Salesforce API calls, reducing your risk of hitting your daily limit and thereby losing visibility into your Salesforce environment.
Alerts without Apex code
With Varonis, security teams can quickly catch, investigate, and stop threats before they can do damage.
Although Salesforce Shield is collecting logs, it does not come with out-of-the-box alerts. To create alerts, users need to produce them manually using Apex code. This will require security teams and Salesforce architects to work closely together to identify the activities, logic, and thresholds that should trigger alerts.
Varonis comes with ready-made alerts created by our Threat Labs team and Salesforce experts. Some of the suspicious activity we can detect includes Apex classes enabled for guest profiles, when new sites with guest users are created, and other activities that can open you up to risk.
Detect and investigate threats with Varonis’ ready-made alerts.
Varonis alerts include user information, data sensitivity, and related events so you can quickly understand the impact of each alert and what other resources a compromised user can continue to access.
You can easily create and customize alerts to fit your Salesforce Org’s specific needs — all without having to use Apex code.
Incident response coverage when you need it the most
Our Proactive Incident Response team watches your Salesforce alerts in Varonis for you and notifies you of true incidents. We investigate suspicious activity and call you if we see a problem. This means that instead of more alerts, you get outcomes — without even needing to log in.
The best part is that incident response help comes included in every Varonis subscription at no extra cost.
A complete picture of your Salesforce security posture
Varonis provides a centralized view of your Salesforce security posture, enabling you to visualize where your environment is exposed to risk and where technical debt is building up — all from a single, unified interface.
Manage your Salesforce security posture from a single pane of glass.
Spending hours poring over spreadsheets to understand where your Salesforce Orgs are at risk is a thing of the past. With Varonis, you’ll be able to ensure your most valuable Salesforce data is locked down and secure by enabling you to:
- Visualize your sensitive data exposure and compliance risk.
- Radically simplify permissions and user management.
- Automatically surface and fix critical misconfiguration.
- Analyze and reduce third-party app risk.
- Quickly catch and investigate threats.
Try Varonis for Salesforce
Ready to gain deep visibility into your Salesforce activity and improve your security posture with Varonis and Salesforce Shield?
Contact us to get started today with a free Salesforce data risk assessment.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
