Salesforce Service Monitoring with SecurityCenter Continuous View
Note: Tenable SecurityCenter is now Tenable.sc. To learn more about this application and its latest capabilities, visit the Tenable.sc web page.
Salesforce is one of the most prevalent SaaS applications in business, running sales operations platforms for organizations to gain productivity and efficiency, and to enable better communication. With so much critical business happening inside Salesforce, what would happen if someone compromised it or exported your sales data? How would you even know it happened? How well do you trust your administrators?
SecurityCenter Continuous View™ (SecurityCenter CV™) now has the ability to connect directly to Salesforce, via RESTful API and collect activity logs so that you can monitor what users are doing inside Salesforce, as well as detect any changes they are making to accounts, permissions, and system configuration.
Salesforce event monitoring enables you to see at a glance who is accessing Salesforce, and who is making changes.
In the broader context of your security program, you can see Salesforce events alongside other account modifications and drill down into users who might be misusing administrative permissions network-wide. Access failures in Salesforce will correlate with the rest of your account monitoring, to indicate brute force or password guessing attempts, as well as successful access post-attack. Threatlist events monitor any known bad traffic accessing your Salesforce instance, as well as users originating from hostile IP addresses.
Salesforce events merge into “detected-change” alerts, as SecurityCenter CV tracks account activity across your organization. Users who have never accessed Salesforce before, or who are accessing from a previously unknown IP are pulled out as “New_User_Source” and “New_User_Destination” events, providing visibility into these unusual connections. Deviations from normal Salesforce activity are also captured, sending those events up through SecurityCenter CV and feeding further alerting as indicators of suspicious behavior.
Salesforce is one of the first cloud platforms supported by SecurityCenter CV for API monitoring and is an example of Tenable’s commitment to increasing visibility across organizations’ IT infrastructures and assets; whether they are physical, virtual, or in the cloud.
Consult the Tenable documentation for more information on how to integrate Salesforce monitoring into your security program.
See Auditing a Salesforce.com Account with Nessus for more information on securing Salesforce with Tenable.
Related Articles
New AWS Control Policy on the Block
November 18, 2024AWS has released an important new feature that allows you to apply permission boundaries around resources at scale called Resource Control Policies (RCPs). Read on to learn what RCPs are all about and how to use them, as well as how Tenable Cloud Security already factors them into its analysis.
The Dark Side of Domain-Specific Languages: Uncovering New Attack Techniques in OPA and Terraform
November 18, 2024Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and beyond).”
Cybersecurity Snapshot: Five Eyes Rank 2023’s Most Frequently Exploited CVEs, While CSA Publishes Framework for AI System Audits
November 15, 2024Check out the CVEs attackers targeted the most last year, along with mitigation tips. Plus, a new guide says AI system audits must go beyond check-box compliance. Meanwhile, a report foresees stronger AI use by defenders and hackers in 2025. And get the latest on cloud security, SMBs' MFA use and the CIS Benchmarks.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
Volt Typhoon: What State and Local Government Officials Need to Know
November 19, 2024Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.
- Cloud
- SecurityCenter