PRODUCT OVERVIEW
Your business relies on Salesforce. Your security stack does not cover what moves through it.
Attackers increasingly target SaaS workflows, shared content, and exposed identities — and Salesforce is no exception.
Trusted by Fortune 500 companies and governments around the world
Native to Salesforce. Built for Salesforce teams.
WHAT WE PROTECT
Everything your Salesforce users and agents interact with.
One native solution that scans files, links, identities, and AI workflows in real time, without touching your configuration or slowing your team down.
File protection
Files uploaded through portals, cases, and web-to-lead forms land in Salesforce without ever passing through your email or endpoint controls. We scan every file at upload before your team or your agents open it.
URL protection
Links shared inside Salesforce cases and Experience Cloud portals never pass through your email filter. We inspect every link at upload and re-checks it at click time.
Identity protection
Salesforce has no native way to flag users with breached credentials or excessive permissions — gaps that attackers exploit long before anyone notices. We surface every at-risk identity in your org so you can act before they’re used against you.
Analytics and visibility
You can’t protect what you can’t see and most security teams have no idea what normal looks like inside Salesforce. Cloud Protection for Salesforce gives you continuous visibility into every file uploaded, every link clicked, who shared what with whom, and how your data moves across the org. Once you can see normal, you can spot what isn’t.
Protection for Agentforce
Service agents handle requests from anyone on the internet including links that lead to phishing sites, malware, or credential theft. We inspect every link before your agent acts on it or surfaces it to the customer.
QR code protection
QR codes embedded in files uploaded through portals, cases, and forms can redirect users to phishing sites while bypassing most existing security tools. We extract and resolve them before every QR code before anyone scans it.
FILE PROTECTION
Block malware before anyone opens it
Every file uploaded through Salesforce is a potential entry point. Cloud Protection for Salesforce scans at upload, download, and on-demand, catching threats your email security never sees.
100% detection rate: proven, AV-TEST awarded WithSecure engines
Layered threat detection: catches spoofed file types, password-protected files, and malicious links embedded inside documents
URL PROTECTION
Stop phishing at upload and at click
Phishing links arrive through cases, chats, and portals, not just email. Cloud Protection for Salesforce scans every URL at the point it enters Salesforce and again at the moment someone clicks it.
At upload and at click: two layers of protection for every link, including shortened and redirected URLs
Real-time verdicts: no waiting, no batch processing, no window for a user to click before a scan completes
Covers all Salesforce clouds: Sales, Service, Experience, and Agentforce workflows
IDENTITY PROTECTION
See the risk before attackers do
Salesforce identities are growing. Employees, contractors, partners, community users, AI agents — all operating with varying levels of access and no single place to see who is a risk. Cloud Protection for Salesforce gives you one dashboard to find them and act immediately.
Breached credential detection: see which human identities have credentials exposed in third-party data breaches, before an attacker uses them
Over-privilege visibility: flag all human and non-human identities with ModifyAllData, ViewAllData, or other high-risk permissions
One-click response: freeze an account, initiate a reset password, or edit permissions without leaving the Salesforce dashboard
AGENTFORCE PROTECTION
Keep your AI workflows safe
Agentforce agents process content at machine speed, inheriting the permissions of the users they act as. A single malicious url e.g. phishing link can propagate across your org before anyone notices. Cloud Protection for Salesforce intercepts threats before an agent or a human acts on them.
Audit-ready: full event logs for every Agentforce scan, ready for security sign-off
Real-time interception: scans URLs inside Agentforce workflows at the moment of action
ANALYTICS
Salesforce visibility for your whole team
Your security team needs visibility into threats. Your Salesforce admin needs to stay focused on the platform. Our solution gives both teams a shared, real-time view of every threat across files, URLs, identities, and Agentforce workflows, native inside Salesforce, with nothing extra to install or configure.
Audit-ready reports: exportable event logs your compliance team can use directly, no manual assembly required
Real-time dashboards: live threat data across files, URLs, identities, and Agentforce workflows in one view
OUTCOMES BY ROLE
Built for every stakeholder in the room
22%
of all data breaches globally start with stolen credentials
Source: Verizon DBIR 2025
30%
of corporate passwords are reused across services, exposing Salesforce when other platforms are breached
Source: SpyCloud 2024
8x
growth in malicious detections in Salesforce from Q1 to Q4 2025
Source: WithSecure Threat Landscape 2026
James, VP Platform Technology at Example.com
Responsible for his company’s Salesforce strategy across Sales Cloud, Service Cloud, and a new Agentforce rollout.
OUTCOME
Get Agentforce approved faster
Give your security team a documented, auditable security layer over Agentforce so they can evaluate it without a six-week delay.
OUTCOME
Stop security blocking your roadmap
When a purpose-built, Salesforce-reviewed security tool is already in place, projects move. Security becomes a green light, not a gate.
OUTCOME
Audit seasons that do not drain your team
CPSF gives the security team the visibility they need, freeing up their time to focus on valuable tasks.
Priya, Salesforce Administrator at Example.com
The person who knows the Salesforce org better than anyone and keeps it running day to day
OUTCOME
Always have the answer ready
When the security team asks how you detect compromised users or malicious content in Salesforce, you send them a Cloud Protection for Salesforce report. No scrambling.
OUTCOME
One place to see and act on identity risk
See which users have breached credentials or over-privileged access. Freeze an account, initiate a reset password, or edit permissions in one click without leaving Salesforce.
OUTCOME
Agentforce coverage at no extra cost
Agentforce protection is included free for existing customers. No new vendor, no new portal, no new budget line to justify.
Sofia, CISO at Example.com
Responsible for security posture across the enterprise, including cloud platforms and SaaS tools
OUTCOME
Close the shared responsibility gap
Salesforce secures its infrastructure. Cloud Protection for Salesforce secures what moves through it. Files, links, identities, and AI workflows, all covered in real time.
OUTCOME
Audit-ready evidence without asking the Salesforce team
Native dashboards and event log your team can access directly. No dependency on the platform admin every audit cycle.
OUTCOME
Salesforce-reviewed and AppExchange-listed
Our solution has passed a Salesforce security review. Your procurement and compliance teams get a vendor already vetted by the platform itself.
Not sure where your Salesforce stands?
Run a free risk assessment and see exactly what is exposed in your org before you evaluate anything.
WithSecure Cloud Protection for Salesforce FAQ
Salesforce has plenty of security capabilities. Why do I need to add advanced threat protection?
Cloud security responsibilities are split according to Shared Responsibility Model. Under Salesforce’s Shared Responsibility Model, Salesforce secures its infrastructure. You are responsible for securing the data inside it — files your users upload, links they click, identities accessing your org, and content your Agentforce agents process. Cloud Protection for Salesforce is purpose-built for exactly that scope.
Does Salesforce already have built-in malware scanning?
Yes, but it covers one object type using basic signature detection only. It does not scan URLs, QR codes, Attachments, Agentforce workflows, or identities. For a full breakdown of what is and is not covered, see our detailed comparison. Link: https://cloudprotection.com/salesforce-built-in-file-scanning-vs-withsecure-cloud-protection-for-salesforce/
How does WithSecure Cloud Protection for Salesforce work?
WithSecure Cloud Protection for Salesforce offers real-time threat protection inside Salesforce — there’s no rerouting, no delay. Here’s what the process looks like:
Intercept: Scans every upload, link, and user action the moment it happens.
Detect: Blocks malware, phishing, and QR-based threats instantly, while continuously checking Salesforce credentials for breach exposure.
Analyze: Sandboxes suspicious files safely outside your org for deeper inspection.
Alert: Notifies admins and guides users automatically.
Monitor: Provides ongoing visibility, audit trails, and compliance reporting.
Scanning happens directly inside Salesforce, with minimized data traffic outside Salesforce. Only encrypted, anonymized metadata leaves the platform, ensuring speed, privacy, and compliance.
You can manage WithSecure™ Cloud Protection for Salesforce directly from your Salesforce interface. You don’t need to worry about additional portals. Configurations and reporting capabilities are simple, and they follow familiar Salesforce mechanisms.
Why is my existing email security not enough for Salesforce?
Email security only sees what passes through email. Files uploaded through Experience Cloud portals, Web-to-Lead forms, and email-to-case arrive directly inside Salesforce and never pass through your email filter. Links shared inside Salesforce cases and chats bypass it too. Cloud Protection for Salesforce is the only layer that covers this traffic.
What is the layered protection model and why does it matter?
A single threat often uses multiple vectors at once. A file uploaded through a partner portal might contain a malicious URL embedded inside a QR code inside the document. Cloud Protection for Salesforce scans each layer independently — the file itself, URLs inside it, QR codes, the identity of the user who uploaded it, and whether the content is safe for Agentforce to process. Because each layer is independent, catching one does not depend on catching another.
Does it protect Agentforce?
Yes. Agentforce agents process content from leads, cases, and forms submitted by anyone on the internet. They cannot distinguish legitimate data from malicious instructions. Cloud Protection for Salesforce scans that content before your agents act on it and logs every agent interaction for your security team.
Can a Salesforce user’s account be compromised without anyone knowing?
Yes. Salesforce has no native way to flag users whose credentials have appeared in an external data breach. An attacker with stolen credentials can access your org as a legitimate user for weeks before anyone notices. Cloud Protection for Salesforce continuously monitors every internal and external Salesforce identity against verified breach data, including community portal users, with up to 12 months of breach history.
How long does deployment take?
Minutes. Cloud Protection for Salesforce is installed directly from Salesforce AppExchange with no agents, no network configuration changes, and no external middleware. It runs natively inside your existing Salesforce environment without touching your configuration or workflows.
How is WithSecure Cloud Protection for Salesforce hosted?
Cloud Protection for Salesforce uses a cloud-based threat analysis service called WithSecure™ Security Cloud. The service is hosted on AWS. You don’t need to worry about hosting yourself, and there are zero hidden hosting costs. The cloud service is hosted on data centers located in Ireland (EU), US, Canada, Japan, Singapore and Australia. You can choose your point of presence, in other words where your data is located, and effectively control your data residency.
Does WithSecure Cloud Protection for Salesforce alter my Salesforce environment?
No, Cloud Protection for Salesforce is Salesforce native and designed to be non-invasive to your dynamic environment. There is zero impact on your customizations and workflows, even for the vast and complex Salesforce implementations.
Where can I find user reviews?
You can find customer reviews of WithSecure™ Cloud Protection for Salesforce on Salesforce’s AppExchange market place. You can also check out our customer references. Salesforce Ben has also reviewed the solution thoroughly. Salesforce file scanning capabilities use the same anti-malware engines as WithSecure™ endpoint security solutions, which have achieved 100% effectiveness in detecting both commodity and zero-day malware in AV-TEST Institute’s independent evaluations.