Salesforce is an enterprise cloud computing company that provides business software on a subscription basis. The company provides on-demand customer relationship management (CRM) solutions such as Sales Cloud, Service Cloud, Data Cloud, Collaboration Cloud, and Custom Cloud. As the Customer Zero team (CISO group), we are currently monitoring and securing access to Salesforce internally with a breadth of products that are developed and maintained by the development and QA teams. These capabilities include areas such as client enforcement, inline protection, API-enabled protection, SaaS security posture management (SSPM), and Cloud Firewall, to name a few. In this guide, we will provide a perspective of how Netskope’s products and capabilities are used internally for securing enterprise data.
Access is locked out when a user is not connected to corp tenant via NS client or when the client is disabled.
Policy capabilities currently in place:
For Salesforce, some of the real-time policies in place:
Netskope API Data Protection works by directly connecting to a cloud app using the APIs published by the app, and uses OAuth to gain delegated access to the app.
Netskope's API Data Protection provides a complementary deployment model to provide cloud visibility, policy, and data security services by directly connecting to a cloud service using the APIs published by the cloud services. The API Connector works in conjunction with the Netskope cloud proxy to provide defense-in-depth security services.
For Salesforce, we currently have the following API protection policies:
This ensures data is protected in the Salesforce instance at all times.
SaaS Security Posture Management (SSPM) is a service that provides an organization insight into the security posture of their SaaS applications. According to Gartner, SSPM is defined as “tools that continuously assess the security risk and manage the security posture of SaaS applications. Core capabilities include reporting native SaaS security settings' configuration and offering suggestions for improved configuration to reduce risk."
Some of the benefits of SSPM include:
Each of these rules satisfy the following compliance standards:
We have enabled the next gen SSPM flag on our tenant, which currently supports enhanced features for Salesforce security posture management. This provides some new features such as:
For both real-time as well as API-based Salesforce traffic, machine learning algorithms can be used and classified, as part of Netskope Behavior Analytics. Netskope's User Behavior Analytics tool looks at patterns of human behavior, and then applies algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Instead of tracking devices or security events, behavior analytics track users. There are a set of predefined Behavior Analytics rules that can be used to create policies for detecting any abnormalities in both real-time, as well as API connector-based Salesforce instances. Few of these are mentioned in the screenshot below.
We can see the trend in UBA alerts using Advanced Analytics for Salesforce over the last 30 days.
We would love to know how your team secures Salesforce and other critical SaaS apps using Netskope.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button belowSign In