What’s new in WithSecure™ Cloud Protection for Salesforce 2.6

We’re excited to introduce Orion 2.6, the latest version of WithSecure Cloud Protection for Salesforce. This update significantly bolsters your defenses against sophisticated cyber threats targeting files and URLs within Salesforce. Experience enhanced real-time protection with new capabilities that detect and neutralize malware hidden in password-protected archives and block newly registered, often malicious, domains.

What’s new in Orion 2.6:

• URL Protection: Block newly registered domains
• File Protection: Detect password protected archives
• UPCOMING data residency: New data processing region in Japan
• UX Improvements: Updated analytics view
• See all updates and fixes in the release notes

File Protection: Detect password-protected archives

Detect password-protected archives in real time to prevent hidden malware threats.

WithSecure™ Cloud Protection for Salesforce introduces the capability to scrutinize password-protected archives in Orion 2.6. As cybercriminals often disguise malware within encrypted archives – especially in highly targeted industries like finance – this feature is essential for mitigating carefully concealed threats on Salesforce.

Password-protected archive files are detected and removed upon upload and download based on feature settings. Alerts and events are generated to clearly indicate when a password-protected archive has been detected. By default, any removed archive is replaced with a placeholder text file, similar to other removed file-based threats.

This advanced feature covers all popular archive formats and requires both Advanced Threat Analysis and the Connected App to be enabled.

URL Protection: Block newly registered domains

Analyze the the age of a domain and block newly created domains, which are often malicious

WithSecure™ Cloud Protection for Salesforce enhances your defenses against sophisticated cyberattack tactics by blocking access to newly registered domains. Cybercriminals frequently register new domains to bypass reputational URL checks; studies show that over 70% of domains less than 32 days old are deemed malicious or suspicious. This feature allows you to block domains based on their age, choosing from thresholds of 7, 14, 30, 60, or 90 days, to help filter out suspicious newly created sites.

Alerts, events, and email notifications will indicate when a domain has been blocked due to its age.

For new installations, the default setting is to block domains registered less than 30 days ago. For organizations updated to version 2.6, the default setting allows domains of all ages. We recommend administrators customize this setting according to their security needs as soon as possible to protect against new phishing URLs.

New data processing location in Japan

WithSecure™ Cloud Protection for Salesforce allows customers to select the geographic location for processing their Salesforce security data. Our new Japan data center joins existing locations in the EU, US, Australia, and Singapore, enhancing our Asia-Pacific footprint. This expansion supports compliance with regional data protection standards and improves operational efficiency. Opt for manual selection or let the system automatically determine the best processing location based on availability and proximity, ensuring robust, compliant data security.

New analytics page

We updated Analytics interface to the Lightning Web Components (LWC) framework, enhancing user experience with faster loading times and improved performance. This update begins with key sections such as Alerts, File Events, and URL Events, along with related modals like alert and event history. You will experience more responsive interactions and streamlined access to critical data.

Please note: The False Positive/False Negative pages within the Analytics section are temporarily unavailable as they transition to LWC, with a complete migration expected in upcoming releases. Future updates will also introduce features like actionable alerts and structured queries to further enhance the utility and efficiency of the Analytics function.

In case you missed it (ICYMI)

QR code scanning

WithSecure™ Cloud Protection for Salesforce now includes QR code scanning to effectively combat quishing attacks. This feature extends our malicious URL scanning capabilities beyond files to include QR codes, addressing the emerging threat where cybercriminals use QR codes to direct end-users to malicious sites. Quishing attacks deceive users into scanning QR codes with their mobile devices, potentially leading to theft of credentials or malware infections. To activate this protection, enable Advanced Threat Analysis and the Connected App, ensuring comprehensive security against these evasive threats and safeguarding both mobile and desktop end-users.

URL Protection across custom fields and objects

URL Protection now extends from Salesforce’s standard objects and fields to also cover your customized ones. This update has been highly requested by users.

You can extend your org’s data on Salesforce by defining custom objects, which are custom database tables that store information unique to your organization.

You can now build your custom workflows more securely than ever. In Orion 2.5, you can configure the scanning directly from the URL Protection Settings UI.

Detect and block shortened url threats

Shortened URLs, often used to mask risky content, can bypass traditional security controls. Our latest release now uncovers and blocks these threats, ensuring that every link is verified, whether shortened for convenience or masking something more sinister. This functionality is automatically enabled as part of the URL Protection feature.

Detect malicious URLs in files

Malicious links can lurk inside file attachments, waiting to be clicked. With our latest update, you can detect and block malicious URLs hidden within files uploaded to your Salesforce platform. Detected threats will appear in the File Events report for admins. This functionality is automatically enabled as part of the File Protection feature, covering file types such as Microsoft Office files and PDFs.

Tips from the team

Admin tip #1: Enable URL Protection across all text and URL fields to protect against malicious URLs and phishing links.

Admin tip #2: Protect all Salesforce objects and fields – both standard and custom – to safeguard against exploits.

Admin tip #3: After setting up URL protection for custom objects, ensure file scanning is also activated for them.

Admin tip #4: Activate automatic updates for the latest security features and stable protection.

Admin tip #5: Utilize the connected app feature of WithSecure Cloud Protection for Salesforce to access advanced security capabilities like advanced threat analysis, URL scanning inside files and QR code scanning.

What’s next on the horizon?

As we continue our thrilling ride enhancing WithSecure™ Cloud Protection for Salesforce, can you guess the name of our next release series for 2025? Here’s a hint: While remaining true to our roots with rollercoaster theme, Orion took us on a stellar journey, and our next series promises to keep aiming for the stars. Stay tuned and keep elevating your Salesforce security with us.