WithSecure™ Cloud Protection for Salesforce
Protecting manufacturers goes far beyond endpoint security
Dealers, suppliers, and service partners don’t breach your perimeter. They’re already inside it, submitting warranty claims, uploading parts documentation, registering vehicles, and routing service requests through Salesforce every day.
This access is legitimate by design. But when an account is compromised, a portal misconfigured, or content carries a malicious payload, your existing security controls don’t see it. They sit outside Salesforce, while the threat takes hold inside.
Connected supply chains and digital partner networks have created an attack surface that didn’t exist a decade ago
The shift to connected products, cloud-based distributor platforms, and digital supply chains has transformed the industry’s operational efficiency. It has also created a Salesforce-centered attack surface that spans every OEM, every dealer, every Tier 1 supplier, and every service partner in the network.
A single Salesforce environment in this sector can hold customer and product records, warranty and claims history, serial number and configuration data, and recall and compliance campaign data. Attackers in 2025 and 2026 targeted exactly this; not through perimeter exploits, but by walking in disguised as distributors and suppliers your teams already trust.
700%
increase in malicious Salesforce activity in 2025
98%
of all detected threats are URL-based
1000s
of all impacted organizations are US-based
Get the Salesforce Threat Landscape Report 2026
Our 2026 Salesforce Threat Landscape, and the numbers within it, proves that manufacturing firms cannot afford to assume the platform protects them.
Trusted by enterprises worldwide
Rolls-Royce & Partners Finance
“We know all files and links accessed by users are scanned for threats immediately and are safe. This achieves both compliance and peace of mind.”
Rolls-Royce & Partners Finance
ABN AMRO Insurances
“When we just started using WithSecure, we already had one file that was put into quarantine, which actually contained a virus.”
Roel van de Donk, Lead Product Owner
AXA Group Operations
“WithSecure Cloud Protection’s solution runs quietly in the background. It doesn’t get in the way, but it gives us the assurance that everything passing through Salesforce is safe.”
Xavier Léon, Head of Reinsurance Business Applications
These attacks aren’t sophisticated. They exploit the access you already gave your network. How many partners in your network have that same access right now?
In 2025 and 2026, threat actors targeted Salesforce ecosystems connected to manufacturing operations. These were not platform vulnerabilities. They were social engineering and configuration attacks that existing controls failed to catch. Why? Because they used legitimate access paths.
Dealer and partner impersonation
Attackers compromised partner accounts, accounts through credential theft and phishing, then used that legitimate access to move through Salesforce workflows undetected. Because the access looked like any other interaction, no alert fired. The data they reached was exactly what they came for.
Experience Cloud portal misconfigurations
Guest-user misconfigurations on distributor portals exposed sensitive data without authentication. These are not rare edge cases, they are endemic across manufacturing Salesforce deployments, where portals are often configured by operational teams without security oversight.
Malicious content through supplier workflows
Suppliers and service partners submit files – parts documentation, service records, compliance certificates – directly into Salesforce. Those files are not scanned. A malicious payload embedded in a supplier document arrives through a trusted channel, is opened by an employee, and bypasses endpoint security because Salesforce is not on the managed device.
The security gap has a specific shape in automotive and manufacturing
Your distributor and partner network is your largest attack surface
An OEM’s Salesforce environment is not accessed primarily by internal staff, but by thousands of authorized distributors and channel partners — each with their own staff, their own devices, and their own security posture. A compromised dealer credential looks identical to a legitimate one. Salesforce sees an authenticated user, but your security stack sees nothing.
Supplier portals accept content you can’t inspect
Tier 1 and Tier 2 suppliers upload parts documentation, technical certifications, compliance records, and service data directly into your Salesforce environment. None of it is scanned for malicious content. A supplier account that has been compromised, or a deliberately malicious file submitted by an untrusted source, enters via a channel your tools treat as inherently safe.
Vehicle and customer data sits without content-level protection
Customer records, operational product data, serial and warranty history, and recall campaign information are concentrated in Salesforce workflows that carry specific regulatory obligations – GDPR, CCPA, UNECE. Salesforce provides no native content inspection to detect the threats that could trigger a breach of that data, or the alerting needed to meet disclosure timelines when one occurs.
Every connection in your dealer and supplier network is a potential route in
These are the everyday workflows your commercial, service, and operations teams depend on:
- Distributor and partner portals. Thousands of dealers submit orders, upload documentation, and access pricing data through Salesforce every day. A compromised dealer account or a malicious file in a portal submission enters your environment through a channel treated as trusted.
- Warranty claims and service records. Dealers and service partners upload supporting documentation directly into Salesforce warranty workflows. Files arrive from external devices with no content inspection before they reach your teams.
- Supplier and parts documentation. Tier 1 and Tier 2 suppliers submit technical documents, compliance certificates, and parts records into Salesforce. Any one of those files could carry malware that bypasses your endpoint controls entirely.
- Recall and product campaign management. Recall workflows involve high volumes of external submissions from service partners and customers. The urgency of recall processing creates pressure to move fast — exactly the condition attackers look for.
- Pricing, margin, and commercial data. Salesforce holds sensitive pricing agreements, margin structures, and commercial terms shared with dealer networks. This data is a high-value target for competitive exfiltration, accessible to any account with dealer-level access.
- Customer and product portals. Connected vehicle owners interact with brand portals and service platforms built on Salesforce Experience Cloud. Links and files submitted by customers through these channels are uninspected and reach employees directly.
- Agentforce handling partner and customer content. Where AI agents triage warranty queries, route service requests, or handle dealer submissions in real time, they act on whatever content they receive — with no native inspection of what it contains.
The missing security layer for modern Salesforce threats
Stop malicious files, URL-based attacks, identity abuse, and AI-agent risks in real-time — before they disrupt your business continuity. Trusted by Fortune 500 companies and governments around the world.
Malware protection
Stop malicious files
URL protection
Stop malicious links
Identity protection
Protect your Salesforce users
Protection for Agentforce
Protect your AI agents
QR code protection
Stop QR code threats
Regulatory deadlines are live. The cost of a breach is rising daily
For manufacturing, the consequences of a Salesforce breach extend well beyond a regulatory fine. Operational disruption, supply chain exposure, recall workflow compromise, and the erosion of customer trust in a manufacturing brand can be severe — and lasting.
Here’s how the requirements map to Salesforce-specific risks, and what Cloud Protection does about each one.
United States
CCPA / State Privacy Laws
Requirement: Automotive companies collecting connected vehicle data, driver behavior information, or customer records from California residents must comply with CCPA, including data security obligations and breach notification requirements.
Salesforce risk: Connected vehicle and customer data in Salesforce service and dealer workflows is in scope for CCPA. A breach via a dealer portal or supplier submission may expose this data without alerting — and without the visibility needed to scope which customers were affected.
How we help: Adds the content inspection and identity monitoring required to protect CCPA-regulated data in Salesforce workflows, with real-time alerting to support breach assessment and notification timelines.
FedRAMP / DFARS (for defense and government vehicle contracts)
Requirement: Automotive and manufacturing companies with US government or defense contracts must align to FedRAMP and DFARS cyber security requirements, including supply chain risk management and incident reporting.
Salesforce risk: Salesforce workflows handling government contract data, technical documentation, or supply chain submissions sit outside most FedRAMP-aligned security architectures. Third-party supplier content enters uninspected.
How we help: Provides the content inspection and continuous monitoring needed to bring Salesforce workflows into alignment with FedRAMP and DFARS supply chain cyber security requirements.
European Union
| GDPR
Requirement: Automotive companies processing EU personal data — including driver records, connected vehicle data, and customer service history — must protect it against unauthorised access and notify supervisory authorities of breaches within 72 hours. Salesforce risk: Driver data, telematics records, and customer information held in Salesforce dealer and service workflows are in scope for GDPR. A breach via a compromised dealer account or malicious supplier file may expose this data without any native alerting — and with no mechanism to scope the affected records quickly. How we help: Real-time threat detection inside Salesforce means you know immediately when unauthorised access has occurred or been blocked, giving your team the visibility needed to assess GDPR notification obligations accurately and within the 72-hour window. |
NIS2 Directive
Requirement: NIS2 reaches manufacturing entities classified as important or essential, requiring proportionate risk management, supply chain security controls, and incident reporting within 24 hours of detection.
Salesforce risk: For automotive manufacturers in scope, Salesforce is a critical business system and a supply chain risk vector. Supplier and dealer portal access represents an uninspected third-party risk channel that most organizations have not formally addressed under NIS2.
How we help: Reduces supply chain ICT risk by inspecting content from connected dealer and supplier portals, and provides the detection capability that NIS2’s 24-hour reporting requirement depends on.
UNECE WP.29 / ISO/SAE 21434
Requirement: UNECE WP.29 requires OEMs to implement a Cybersecurity Management System (CSMS) covering the full vehicle lifecycle, including the supply chain. ISO/SAE 21434 provides the engineering standard for automotive cyber security risk management.
Salesforce risk: Salesforce workflows that handle vehicle data, supplier submissions, and recall campaign information are part of the automotive cyber security perimeter that WP.29 and 21434 address. Content flowing through these workflows is an uninspected cyber security risk that CSMS documentation must account for.
How we help: Provides the content inspection and monitoring capability needed to address Salesforce-specific cyber security risks within a WP.29-aligned CSMS, and the audit visibility required to support 21434 risk management documentation.
Australia
| Privacy Act / Notifiable Data Breaches / IRAP
Requirement: Automotive companies operating in Australia and holding personal information must notify the OAIC and affected individuals of eligible data breaches as soon as practicable. IRAP assessments apply where government contracts are involved. Salesforce risk: Customer and driver data in Salesforce dealer and service workflows is in scope for the Notifiable Data Breaches scheme. A breach via a compromised dealer account may be difficult to scope without dedicated Salesforce monitoring. How we help: Provides the detection and audit capability needed to identify eligible data breaches in Salesforce, scope the affected records, and support timely OAIC notification. |
United Kingdom
| UK GDPR / NCSC Cyber Assessment Framework
Requirement: Automotive companies processing UK personal data must report breaches to the ICO within 72 hours. Manufacturers with critical national infrastructure adjacency may also face NCSC CAF assessment requirements, including supply chain security. Salesforce risk: UK customer data and vehicle records in Salesforce dealer workflows are in scope for UK GDPR breach notification. The CAF’s supply chain requirements apply directly to the dealer and supplier portal access model common across automotive Salesforce deployments. How we help: Closes the Salesforce content inspection gap for UK GDPR compliance and supports supply chain risk management obligations under the NCSC CAF by monitoring dealer and supplier-submitted content. |
We are committed to high compliance
We provide all the necessary certificates and information to reassure you and your stakeholders. Find more details in our Trust Center.
ISAE 3000 Type 2
WithSecure™ Cloud Protection for Salesforce has ISAE 3000 Type 2 (international equivalent of SOC2 Type 2) assurance report, ensuring your data is managed securely,
ISO 27001
WithSecure™ is ISO 27001 certified, validating our rigorous data security practices. This prestigious certification confirms our adherence to the highest information standards.
EU GDPR
WithSecure™ helps organizations adhere to General Data Protection Regulation (GDPR) requirements, ensuring the secure handling of European citizens’ personal data.
SecurityScoreCard
WithSecure™ holds the highest cyber security vendor ranking from SecurityScoreCard, which evaluates companies on 10 key security factors, including remediation speed and risk mitigation.
Get a Free Demo
THE #1 SALESFORCE MALWARE PROTECTION SOLUTION
Fill the form and get:
Free 15-day trial – test the product without limitations
Real attack simulation and product demo
Free customized and actionable risk assessment
