Real-time threat protection for Salesforce

Cloud security responsibilities are split according to Shared Responsibility Model. Salesforce’s robust infrastructure security is just the beginning. As the data owner, you’re responsible for securing your data within the cloud platform. The solution is designed in close collaboration with Salesforce to complement the platform’s native security capabilities seamlessly, so that you can easily comply with your security responsibilities. You also get visibility into cyber threats, which cuts incident response costs significantly.

WithSecure™ Cloud Protection for Salesforce detects and remediates sophisticated malware, ransomware, viruses, phishing, URL-based threats and breached user credentials. It uses multi-engine anti-malware technology that combines threat intelligence and behavioral analysis in an isolated and secure cloud sandbox environment to detect threats from common to zero-day.

WithSecure Cloud Protection for Salesforce offers real-time threat protection inside Salesforce — there’s no rerouting, no delay. Here’s what the process looks like:

Intercept: Scans every upload, link, and user action the moment it happens.

Detect: Blocks malware, phishing, and QR-based threats instantly, while continuously checking Salesforce credentials for breach exposure.

Analyze: Sandboxes suspicious files safely outside your org for deeper inspection.

Alert: Notifies admins and guides users automatically.

Monitor: Provides ongoing visibility, audit trails, and compliance reporting.

Scanning happens directly inside Salesforce, with minimized data traffic outside Salesforce. Only encrypted, anonymized metadata leaves the platform, ensuring speed, privacy, and compliance.

Security Cloud can scan all file types up to 800 MB file size during uploads and downloads to your Salesforce platform. This is the highest in category.

Files are scanned when your Salesforce user uploads them and downloads them from Salesforce cloud. Similarly, URLs are scanned when a user uploads them or clicks them, providing real-time protection at all interactions. Files can be scanned across your entire environment at any time on-demand, or scheduled for automated scans.

URL protection guards against phishing and other malicious websites in real-time – by scanning URLs  upon upload and click. It can also detect and block malicious URLs hidden behind QR codes and inside files uploaded to your Salesforce platform. The URL scanning also inspects shortened URLs that can mask a hazardous destination.

Yes. We have discovered from our product back-end and threat intelligence that URL-based threats are more common than file-based in Salesforce environments. In general, phishing is used by cyber criminals in more than 40% of cyber attacks, and typically involves URLs. Phishing attacks are more and more common on public facing apps – such as your Salesforce cloud. Your users are not as phishing aware on Salesforce as on some other channels such as email, increasing the risk of human error. And they shouldn’t be phishing detectives anyway. Attackers view your Salesforce the same as they view your email. Based on that, you should apply similar phishing defenses on Salesfore as you do on your email.

Our streamlined native solution architecture gives you a click-and-go deployment experience with minimal configuration hassle and no agents to install on endpoints. There’s no need for network configuration changes, additional cloud hosting, or extra middleware. The entire installation process takes only minutes, plus you’ll have our Customer Success experts by your side.

You can manage WithSecure™ Cloud Protection for Salesforce directly from your Salesforce interface. You don’t need to worry about additional portals. Configurations and reporting capabilities are simple, and they follow familiar Salesforce mechanisms.

WithSecure™ Cloud Protection for Salesforce uses a cloud-based threat analysis service called WithSecure™ Security Cloud. The service is hosted on AWS. You don’t need to worry about hosting yourself, and there are zero hidden hosting costs.

The cloud service is hosted on data centers located in Ireland, US, Japan, Singapore and Australia. You can choose your point of presence, in other words where your data is located, and effectively control your data residency.

Integration with external SIEM is easy, allowing you to leverage your existing investments and workflows. There are no extra portals to handle as the solution is managed directly from Salesforce’s user interface.

No, WithSecure™ Cloud Protection for Salesforce is Salesforce native and designed to be non-invasive to your dynamic environment. There is zero impact on your customizations and workflows, even for the vast and complex Salesforce implementations.

You can find customer reviews of WithSecure™ Cloud Protection for Salesforce on Salesforce’s AppExchange market place. You can also check out our customer references. Salesforce Ben has also reviewed the solution thoroughly. Salesforce file scanning capabilities use the same anti-malware engines as WithSecure™ endpoint security solutions, which have achieved 100% effectiveness in detecting both commodity and zero-day malware in AV-TEST Institute’s independent evaluations.