Many organizations don’t consider the risk that Salesforce exposes them to and the importance of Salesforce security. Different Salesforce clouds and modules allow access to external customers, partners, suppliers and contractors, leaving the organization vulnerable to threats. In this blog, we will cover the use cases that expose organizations to potential risks, and the different solutions for how to best protect against them.
The CRM Threat
Any digital-first enterprise requires the processing of data; a lot of data, even more so for B2C companies which manage up to millions of customers. To do so they must rely on client management platforms – and foremost, Salesforce, the gold standard of CRM apps, used by over 150,000 companies, with multiple solutions and integrations for customer and partner management. With new open digital access, a new entry point has been created for 21st century attackers. Malicious actors, whether they are disgruntled customers or partners, or simply a hacker, can easily upload content with a malicious payload and trigger a malevolent attack chain sequence, causing severe damage to their target – either in the form of data theft or financial gains.
Salesforce Security should close the back door into your organization
Salesforce allows external parties to interact and collaborate with your employees through cloud environments such as Experience Cloud, Sales Cloud, and Service Cloud. Inside these environments, multiple modules (e.g. Chatter, “Email to Case”, web forms, and other systems feeding Salesforce information) allow external parties to add potentially malicious content in the form of text, URLs and files to your Salesforce instance. If you are using these environments without the proper protections, you are increasing the risk for malicious content to infiltrate your organization, which can result in severe damages in the form of data theft, ransomware and reputational damage. Native Salesforce security solutions do not protect you from these nefarious activities.
How does Salesforce expose your organization to Content-borne Threat Vectors?
Here are a few examples of how external parties can upload content to your Salesforce, thus exposing your organization to external threats.
- Chatter – Salesforce real-time collaboration application lets users talk to each other and share information, and is often open to external parties, where they can send content that goes into Salesforce which instantly reaches company employees and other parties that are part of the chatter group.
- Open tickets via email – the “Email-to-Case” Salesforce functionality allows the organization to automatically turn customer emails into cases in Salesforce. External parties will use the organization’s designated email address to send an email, which results in the opening of a Salesforce ticket with any file or URL that was included in the email.
- Web forms – Salesforce web forms allow capturing and importing information from external parties to Salesforce. For example, “Web-to-Case” will allow customers to submit support requests through web forms. Landing pages on the company’s website which include these forms, allow uploading of information into Salesforce by partners and suppliers. Portals like Salesforce Community (Experience Cloud) also have different types of externally-available forms.
- Third-party applications integrated with Salesforce – A simple Rest API integration can connect Salesforce to any other system. In this manner, external systems can integrate with your Salesforce and feed it any type of data.
How to protect Salesforce against external threats with enhanced Salesforce security?
It is evident that Salesforce is not an internal-only application and that external actors interacting with your Salesforce significantly increase your organization’s risk and exposure to cybersecurity threats. There are salesforce security solutions that can help your organization secure this attack vector.
- Salesforce native security – out of the box, Salesforce does not scan any of the content being uploaded to it. Although Salesforce does offer a security add-on, Salesforce Shield, it does not include scanning of content that is uploaded into Salesforce.
- Antivirus scanning – Antivirus software solutions that connect to Salesforce perform static scanning only, which uses code analysis tools to inspect the code for indications of common vulnerabilities. They also compare against a malware database with signatures of known malicious files. However, attackers know how to employ different evasion techniques that are not detected by antivirus software. They bury the malicious content inside another file, or slightly change a known malicious file so the hash of the file is different. Therefore, an antivirus only provides only partial protection, mostly against previously seen threats which leaves your organization vulnerable.
- Advanced threat protection – an advanced threat protection solution will protect against any Salesforce content-borne security threat – known or unknown, simple or complex. In addition to using static analysis and threat intelligence, it leverages advanced detection techniques, such as machine learning and other novel algorithms. It also employs anti-evasion algorithms to identify buried threats, to identify complex attacks and unknown threats, such as advanced persistent threats, such as zero-days. Most importantly, advanced threat protection solutions dynamically scan in real-time all content uploaded to Salesforce, detonating files & URLs inside an isolated environment (a next-gen sandbox) in order to detect malicious code execution.
Organizations preparing their Salesforce security strategy need to take into consideration that only a next-generation advanced threat protection solution can provide the required protection against all Salesforce content-borne threats and provide a seamless user experience.
Protect your organization with Perception Point’s Salesforce Security Solution
Perception Point’s Salesforce Security Solution, Salesforce Advanced Threat Protection, scans in real-time, all content uploaded to Salesforce from any module, to intercept malicious content before it reaches your employees. Perception Point’s Salesforce Advanced Threat Protection offers unprecedented protection against all types of content-borne attacks including APTs, zero-days, malware and phishing that can penetrate organizations through Salesforce. The SaaS solution scans every piece of content (including files and URLs) through its multi-layered platform, dynamically scanning 100% of content uploaded to Salesforce in near real-time in both Windows and Mac environments, up to 40x faster than other solutions. Perception Point’s solution also includes a 24/7, free-of-charge Integrated Incident Response service that efficiently analyzes, manages and remediates incidents, and drives continuous optimization of the security solution.
Perception Point has partnered with Salesforce to offer a solution that seamlessly integrates the Salesforce environment in just a few clicks, and adheres to Salesforce security standards. The solution is available in the Salesforce AppExchange.
To learn more about Perception Point’s salesforce security solution, download the Salesforce Advanced Threat Protection solution brief.