For example, if a bank were to build an app using Salesforce, guess what would happen when you upload your financial documents with your mortgage application? All that information ends up in Salesforce as files and attachments. And there’s no way to find, classify, or protect these files natively in Salesforce.
Enter Varonis for Salesforce — agentless, cloud-native data security that deploys in 15 minutes.
In this game-changing new release, we’re introducing capabilities to help you locate and control hard-to-find regulated data across all your Salesforce instances:
Read on for an in-depth look at how each of these features help identify and remove your most critical Salesforce risks.
Unlike native Salesforce features that can help you classify certain fields as sensitive, Varonis can find sensitive data attached to different records. The Salesforce security market has been missing this capability — until now.
Only Varonis can scan the contents of all your files and attachments, find sensitive data using our vast classification library, and then pair those classification results with permissions so that you can see exactly where data is exposed.
Varonis’ classification goes beyond regular expressions and includes pre-built databases of known valid values, proximity-matching, negative keywords, and an algorithmic verification to generate highly accurate results. The same classification engine that has made Varonis a leader in data classification for more than a decade now extends to the hardest-to-find files in Salesforce. With this new release, you can analyze classification results quickly and easily.
We show you exactly where sensitive data exists in the documents and color code results. Now you can easily “trust, but verify” all classification results.
If you’ve ever tried to figure out what someone can access in Salesforce, you know you’re in for a few hours of work. Between a user’s profile and their permission sets, users have so many ways to gain access to export data, reset passwords, read opportunities, etc., and it’s usually an excavation project to figure out what they have access to do.
Varonis radically simplifies permissions analysis, showing you not only what someone’s net effective permissions are, but also how they got them.
Now, instead of clicking into every user’s profile, then clicking into every single one of their permission sets, you can see all their effective permissions from one screen. Hovering over a checkmark shows you how that user gained access, or you can add permission sets to the column view to see everything side-by-side. This permissions view gives security teams unprecedented visibility into risks and overexposure in their environment.
In a sales organization with frequently changing territories and roles, it’s easy to see how permission sets can get out of hand. Varonis empowers security teams to take back control of sprawling permissions and dramatically reduce their risk.
On top of system-level permissions, Varonis extends visibility to the object and field level. We simplify access into a simple CRUDS model (create, read, update, delete, share) and show you exactly what level of access someone has to every object and field in your environment and how they gained that access.
In addition to seeing everything an individual user can access, you can also go the other route and take specific records and determine all the users who can access them. If you know certain records are sensitive, you’d want to make sure that only the right people could access them.
Within a specific record, you can drill down into the specific fields. You can quickly see the simplified CRUDS view of access and a more detailed view to see which permission sets give that access.
“We had eight instances of Salesforce — and it was a gaping black hole. I’d heard horror stories about Salesforce permissions and how literally hundreds can be applied in a manner of different ways, but I didn’t realize how complicated our permission sets had grown.”
-Tony Hamil, Senior Cybersecurity Engineer, Top Real Estate Organization
When someone leaves the company, you want to make sure they can’t access your corporate data anymore. Shockingly, three out of four ex-contractors can still access sensitive data after they’ve left the company. Varonis ties identities together across platforms to help you easily spot offboarding gaps, unsanctioned personal account use, or other compliance violations.
Varonis monitors Salesforce — and your broader SaaS environment — for suspicious activity. Our out-of-the-box alerts can detect internal and external threats, such as a user accessing an unusual number of Salesforce objects, deactivating a critical update, or escalating privileges. On top of built-in alerts, you can easily configure your own alerts without writing any Apex code.
Because we’re monitoring multiple SaaS apps in one platform, it’s easy to investigate incidents across your environment. We enrich events and correlate identities across cloud apps, making it easy to see something like a user logging in through Okta, accessing records in Salesforce, and then using their personal Gmail account to email themselves data.
Excessive permissions are a major way sensitive data can end up exposed, but misconfigurations are another way data can be at risk. Given how configurable Salesforce is, it’s easy to miss a checkbox somewhere along the line — and these misconfigurations can create big gaps in your security posture. Varonis highlights these misconfigurations in our SaaS Security Posture Management (SSPM) Insights Dashboard.
The Insights Dashboard includes findings from our elite cybersecurity research team. Such findings include Einstein’s Wormhole — a misconfiguration that exposed admins’ calendars through a Salesforce Community bug. Any time the team finds a potential SaaS configuration risk, Varonis can scan your environment and alert you if we think you’re exposed.
Varonis is blazing a new trail in Salesforce security, with never-before-seen permissions analysis capabilities and unmatched data classification capabilities that add to our already robust SaaS security platform. When it comes to protecting your sensitive data, knowing where it exists, who can access it, and what they’re doing with it are all critical questions to answer. Only Varonis is integrating all these critical data security capabilities into one platform.
Varonis not only protects Salesforce, but also other SaaS apps like Google Drive, Box, AWS, Zoom, Okta, GitHub, Jira, and Slack.
If you’re curious to see what risks may exist in your SaaS environment, reach out to start a trial. In minutes, we can have you up and running.