Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report

Varonis for Salesforce

Salesforce data protection built for security teams

  • Prevent data exfiltration and insider threats.
  • Rapidly right-size Salesforce permissions.
  • Deploy in minutes without agents.
Reign in excessive access.

With complex roles, permission sets, and org-wide configurations, it’s virtually impossible to see which users can do the most damage in Salesforce. Varonis gives you a complete view of effective access for every Salesforce user so that you can easily right-size permissions and get to a least-privilege model.

Meet your Salesforce safety net.
Locate sensitive data in hard-to-find places.

Varonis scans every file and attachment across your Salesforce instances, flags the sensitive ones, and shows you where you’re at risk.


Stop attackers and rogue insiders.

If your top salesperson exported sensitive contracts and account lists before resigning, would you know? Varonis detects suspicious activity such as accessing an unusual number of records, escalating privileges, or disabling critical updates that could put your Salesforce data at risk.

Strengthen your SaaS security posture.

Varonis monitors your Salesforce environment for misconfigurations that could expose data. We surface risks — say, an app with too many admins — and incorporate findings from our threat research team. Rather than requiring you to configure complicated workflows to remediate each issue, Varonis automatically fixes misconfigurations in Salesforce with a simple button click.

Integrate with Salesforce Shield 
Varonis ingests Shield events, such as Rest API activity, Aura requests, and Lightning interactions, and enriches them with Varonis’ unique metadata to supercharge threat detection and investigation. Ready-made alerts make Salesforce Shield events actionable — no Apex coding required. Our audit trail includes Shield events, plus data sensitivity, user details, and related events across disparate Salesforce Orgs and even across cloud apps.  

Agentless data security for all your SaaS apps

See all integrations
It was a gaping black hole. I’d heard horror stories about Salesforce permissions and how literally hundreds can be applied in a manner of different ways.
Senior Cybersecurity Engineer, Top Real Estate Organization Read the case study

Key features

Sensitive data discovery

Automatically find sensitive or regulated data in Salesforce record attachments.

Data loss prevention

Apply enhanced monitoring to external and guest users and track access to sensitive or regulated information.

Shadow instance discovery

Uncover shadow Salesforce instances that may not be monitored by your security team.

Salesforce entitlements

Get a clear view of effective permissions in Salesforce, including exactly what users can do and how they got that access.

Permissions comparison

Compare two users’ aggregated permissions side-by-side with a simple click of a button to quickly identify discrepancies.

SSPM and compliance

Discover critical misconfigurations and compliance violations that could expose sensitive data.

Forensics audit trail

Easily correlate user activity in Salesforce with other mission-critical SaaS apps, all in a single interface.

Privileged account monitoring

Track enrollment of new admins, admin account changes, and segregation of duty violations by admins.

Stale identity removal

Remove unused admin accounts, stale privileged users, and terminated external contractors.

Secure offboarding

Make sure employees and vendors don’t have access to your Salesforce instance after they leave the company.

Unmanaged, non-SSO user tracking

Easily track down non-federated personal accounts logging into your corporate Salesforce.

Cloud-native API deployment

Point DatAdvantage Cloud at your existing cloud services and identity providers without any complex architecture changes or proxies.