Cloud Protection for Salesforce from F-Secure

Cloud-based services have caught on fast, offering a range of benefits to organisations of every kind.

Adding security to these services has not always been as swift and this is compounded by the increased attack surface that cloud deployments create, especially when files and URLs are being frequently and routinely exchanged within what is considered to be a trusted community. Cloud-based services increasingly means that organisations place some of their most valuable and critical data assets in the cloud and this requires a focused and highly tactical response, if data loss is to be prevented, and legislative and regulatory penalties avoided.

There is a generic way to deal with this: Cloud Access Security Brokers (CASBs). But, because this in essence imposes additional network hops between service providers and consumers, it won't suit all use cases. F-Secure has addressed this challenge specifically for CRM provider Salesforce. Developed initially as an internal solution to protect its use of Salesforce, it has been well tested.

F-Secure is a Salesforce ISV partner and Cloud Protection is an embedded service, available from the Salesforce AppExchange. Because it is an embedded service, its deployment and operation is Salesforce native, without external network hops: installation is trivial.

The solution uses multiple AV engines, Machine Learning and Artificial Intelligence to scan files and URLs before they can be opened and connected. For Salesforce community users, this is unlikely to be noticeable; that is, unless an infected payload is intercepted, in which case they will be prevented from proceeding, keeping them and the data safe.

Installing from AppExchange was uneventful, with licence purchase complete. Our first stop was the Protection Dashboard to examine the default settings for File Protection, Notification, Exclusions and Advanced options. As you would imagine, Cloud Protection is working straightaway, using its default settings, and one strategy is to run this way, adjusting as required, based on results.

To test and experience the solution in action, we sent an infected attachment from a bona fide account. On reception, we could see the attachment from our Salesforce account and clicked on it when we received a standard message (it can be tailored), announcing that harmful content had been blocked. This file would have been identified by its signature as a known risk, but, if required, files with no known reputation are sent for Advanced Scanning by F-Secure. This is, in turn, used to community benefit, with the delivery of a new signature into the eco system. This may increase turnaround time, but it's unlikely that the user will notice.

With the user alerted, a member of the Security team can now consult the logs and analytics to establish more. Based on our test, we could see the attempt to open the file and that it was blocked. We could consult known data about the payload, and as it was quarantined (a default), we could manually delete it, which could also be automated. A similar test using a known bad URL produced a comparable outcome.

User interaction with Cloud Protection is minimal and, in fact, once set up to suit organisational requirements, it seems low on admin overhead. As you would expect, alerts can be set so that user support can be quick and insightful, and reports can be produced both manually and automatically. Because the solution saves data into salesforce as custom objects, salesforce reporting tools can be used, which are by design more extensive.

When combined with the appropriate point solutions, real-time anomaly detection and advanced cloud service protection such as this, the attack surface is reduced, risk contained and the community of users can be left to carry out its work with confidence.

Product: Cloud Protection for Salesforce
Supplier: F-Secure
Web site:
Telephone: +44 845 890 3300
Price: From £2.35 per user, per month