- Prevent data exfiltration and insider threats.
- Rapidly right-size Salesforce permissions.
- Deploy in minutes without agents.
With complex roles, permission sets, and org-wide configurations, it’s virtually impossible to see which users can do the most damage in Salesforce. Varonis gives you a complete view of effective access for every Salesforce user so that you can easily right-size permissions and get to a least-privilege model.


Varonis scans every file and attachment across your Salesforce instances, flags the sensitive ones, and shows you where you’re at risk.


Stop attackers and rogue insiders.
If your top salesperson exported sensitive contracts and account lists before resigning, would you know? Varonis detects suspicious activity — such as accessing an unusual number of records, escalating privileges, or disabling critical updates — that could put your Salesforce data at risk.

Varonis monitors your Salesforce environment for misconfigurations that could expose data. We surface risks — say, an app with too many admins — and incorporate findings from our threat research team. Rather than requiring you to configure complicated workflows to remediate each issue, Varonis automatically fixes misconfigurations in Salesforce with a simple button click.



It was a gaping black hole. I’d heard horror stories about Salesforce permissions and how literally hundreds can be applied in a manner of different ways.
Key features
Sensitive data discovery
Data loss prevention
Shadow instance discovery
Salesforce entitlements
Permissions comparison
Compare two users’ aggregated permissions side-by-side with a simple click of a button to quickly identify discrepancies.
SSPM and compliance
Forensics audit trail
Privileged account monitoring
Stale identity removal
Secure offboarding
Make sure employees and vendors don’t have access to your Salesforce instance after they leave the company.
Unmanaged, non-SSO user tracking
Easily track down non-federated personal accounts logging into your corporate Salesforce.
Cloud-native API deployment
Point DatAdvantage Cloud at your existing cloud services and identity providers without any complex architecture changes or proxies.