We’re excited to introduce Orion 2.6, the latest version of WithSecure Cloud Protection for Salesforce. This update significantly bolsters your defenses against sophisticated cyber threats targeting files and URLs within Salesforce. Experience enhanced real-time protection with new capabilities that detect and neutralize malware hidden in password-protected archives and block newly registered, often malicious, domains.

What’s new in Orion 2.6:

• URL Protection: Block newly registered domains
• File Protection: Detect password protected archives
• Japan data residency: New data processing region in Japan
• UX Improvements: Updated analytics view
• See all updates and fixes in the release notes

File Protection: Detect password-protected archives

Detect password-protected archives in real time to prevent hidden malware threats.

WithSecure™ Cloud Protection for Salesforce introduces the capability to scrutinize password-protected archives in Orion 2.6. As cybercriminals often disguise malware within encrypted archives – especially in highly targeted industries like finance – this feature is essential for mitigating carefully concealed threats on Salesforce.

Password-protected archive files are detected and removed upon upload and download based on feature settings. Alerts and events are generated to clearly indicate when a password-protected archive has been detected. By default, any removed archive is replaced with a placeholder text file, similar to other removed file-based threats.

This advanced feature covers all popular archive formats and requires both Advanced Threat Analysis and the Connected App to be enabled.

URL Protection: Block newly registered domains

Analyze the the age of a domain and block newly created domains, which are often malicious

WithSecure™ Cloud Protection for Salesforce enhances your defenses against sophisticated cyberattack tactics by blocking access to newly registered domains. Cybercriminals frequently register new domains to bypass reputational URL checks; studies show that over 70% of domains less than 32 days old are deemed malicious or suspicious. This feature allows you to block domains based on their age, choosing from thresholds of 7, 14, 30, 60, or 90 days, to help filter out suspicious newly created sites.

Alerts, events, and email notifications will indicate when a domain has been blocked due to its age.

For new installations, the default setting is to block domains registered less than 30 days ago. For organizations updated to version 2.6, the default setting allows domains of all ages. We recommend administrators customize this setting according to their security needs as soon as possible to protect against new phishing URLs.

New data processing location in Japan

WithSecure™ Cloud Protection for Salesforce allows customers to select the geographic location for processing their Salesforce security data. Our new Japan data center joins existing locations in the EU, US, Australia, and Singapore, enhancing our Asia-Pacific footprint. This expansion supports compliance with regional data protection standards and improves operational efficiency. Opt for manual selection or let the system automatically determine the best processing location based on availability and proximity, ensuring robust, compliant data security.

New analytics page

We updated Analytics interface to the Lightning Web Components (LWC) framework, enhancing user experience with faster loading times and improved performance. This update begins with key sections such as Alerts, File Events, and URL Events, along with related modals like alert and event history. You will experience more responsive interactions and streamlined access to critical data.

Please note: The False Positive/False Negative pages within the Analytics section are temporarily unavailable as they transition to LWC, with a complete migration expected in upcoming releases. Future updates will also introduce features like actionable alerts and structured queries to further enhance the utility and efficiency of the Analytics function.

In case you missed it (ICYMI)

QR code scanning

WithSecure™ Cloud Protection for Salesforce now includes QR code scanning to effectively combat quishing attacks. This feature extends our malicious URL scanning capabilities beyond files to include QR codes, addressing the emerging threat where cybercriminals use QR codes to direct end-users to malicious sites. Quishing attacks deceive users into scanning QR codes with their mobile devices, potentially leading to theft of credentials or malware infections. To activate this protection, enable Advanced Threat Analysis and the Connected App, ensuring comprehensive security against these evasive threats and safeguarding both mobile and desktop end-users.

URL Protection across custom fields and objects

URL Protection now extends from Salesforce’s standard objects and fields to also cover your customized ones. This update has been highly requested by users.

You can extend your org’s data on Salesforce by defining custom objects, which are custom database tables that store information unique to your organization.

You can now build your custom workflows more securely than ever. In Orion 2.5, you can configure the scanning directly from the URL Protection Settings UI.

Detect and block shortened url threats

Shortened URLs, often used to mask risky content, can bypass traditional security controls. Our latest release now uncovers and blocks these threats, ensuring that every link is verified, whether shortened for convenience or masking something more sinister. This functionality is automatically enabled as part of the URL Protection feature.

Detect malicious URLs in files

Malicious links can lurk inside file attachments, waiting to be clicked. With our latest update, you can detect and block malicious URLs hidden within files uploaded to your Salesforce platform. Detected threats will appear in the File Events report for admins. This functionality is automatically enabled as part of the File Protection feature, covering file types such as Microsoft Office files and PDFs.

Tips from the team

Admin tip #1: Enable URL Protection across all text and URL fields to protect against malicious URLs and phishing links.

Admin tip #2: Protect all Salesforce objects and fields – both standard and custom – to safeguard against exploits.

Admin tip #3: After setting up URL protection for custom objects, ensure file scanning is also activated for them.

Admin tip #4: Activate automatic updates for the latest security features and stable protection.

Admin tip #5: Utilize the connected app feature of WithSecure Cloud Protection for Salesforce to access advanced security capabilities like advanced threat analysis, URL scanning inside files and QR code scanning.

What’s next on the horizon?

As we continue our thrilling ride enhancing WithSecure™ Cloud Protection for Salesforce, can you guess the name of our next release series for 2025? Here’s a hint: While remaining true to our roots with rollercoaster theme, Orion took us on a stellar journey, and our next series promises to keep aiming for the stars. Stay tuned and keep elevating your Salesforce security with us.

WithSecure Cloud Protection for Salesforce Orion 2.5 introduces defenses against malicious QR codes, fortifying your Salesforce defenses against URL-based cyber threats. It also makes warding off URL-based cyber threats within Salesforce easier than ever by enhancing custom objects and fields scanning. Previously introduced in Orion 2.4, URL scanning in custom objects and fields is now simple to configure straight from the UI, eliminating the need for Apex code.

What’s new in Orion 2.5:

• QR code scanning against quishing attacks
• URL Protection across custom fields and objects now offers straightforward configurations from the UI
• Enhanced digital fingerprinting of files sharpens detection accuracy without impacting performance
• Revised Click-Time URL Protection settings are now easier to access

Stop quishing attacks with QR code protection

WithSecure™ Cloud Protection for Salesforce now includes QR code scanning to effectively combat quishing attacks across Salesforce. Sparked by a real-life attack targeting a Salesforce customer, this feature extends our malicious URL scanning capabilities to include QR codes, addressing the emerging threat where cyber criminals use QR codes to direct end-users to malicious sites. Quishing attacks trick users into scanning QR codes with their mobile devices, leading to potential theft of credentials, or malware infections.

To activate this protection, enable connected app and turn on Advanced Threat Analysis under File Protection settings. We also recommend reviewing your file type coverage under File Protection settings to include all image file types.

Want to learn more about malicious QR codes and quishing attacks on Salesforce? Check out our dedicated article with antiquishing tips.

Block malicious URLs across custom objects and fields – with easy settings

Expanding from standard to custom Salesforce objects, this update addresses a highly requested feature by our users. With Orion 2.5, defining and securing custom objects and fields has never been easier. This release allows you to:

• Directly configure URL scanning settings within the UI
• Seamlessly integrate robust security measures into your Salesforce custom workflows

Enhanced digital fingerprinting of files

Our upgraded file hashing technology not only improves the detection accuracy but also maintains system performance. The new hashing sets more complex defenses for files against crafty attackers.

Click-Time URL Protection configuration change

Previously included in WithSecure™ Cloud Protection, Click-Time URL Protection now features simplified settings adjustments. Now located under URL Protection -> General -> Configure Objects, this update ensures real-time protection by scanning URLs at the moment of access, safeguarding against any post-upload modifications by attackers.

In case you missed it (ICYMI)

We greatly bolstered URL scanning capabilities bolstered in the Orion 2.4 release earlier in 2024. If you missed it, here’s the recap:

• Block shortened URL threats: Automatically identify and block malicious shortened URLs on Salesforce, ensuring comprehensive verification of every link’s true destination.
• Detect malicious URLs in files: Enhanced scanning capabilities now detect and block harmful URLs hidden within Salesforce file uploads, such as Microsoft Office documents and PDFs, increasing your defense against indirect cyber attacks.

Tips from the team

Admin tip #1: Enable URL Protection across all text and URL fields to protect against malicious links.

Admin tip #2: Protect all Salesforce objects and fields – both standard and custom – to safeguard against exploits.

Admin tip #3: After setting up URL protection for custom objects, ensure file scanning is also activated for them.

Admin tip #4: Activate automatic updates for the latest security features and stable protection.

Admin tip #5: Utilize the connected app feature of WithSecure Cloud Protection for Salesforce to access advanced security capabilities like advanced threat analysis, URL scanning inside files and QR code scanning.

Cyber threat landscape

Explore the latest developments in the global ransomware scene with our Ransomware Landscape H1 2024 report. This detailed analysis provides insights into active ransomware groups, their methodologies, how they are organized, and their impact across industries.

We’ve also compiled key cloud, Salesforce and other relevant threat landscape news into a snapshot post. With this, you’ll get your knowledge up-to-date in a matter of minutes.

Fun facts about “Orion”

Our tradition of naming Cloud Protection for Salesforce product releases after famous roller coasters continues with Orion. It illustrates the thrilling progress in our work – and in the lives of cyber defenders like yourself. The name Orion was chosen for the 2024 release series not just for its cool factor, but as a symbol of the limitless heights and broad scope we aim for with our Salesforce security solution. It represents a new chapter in refining and enhancing our product to support your Salesforce security needs, promising a steady ascent and an exciting journey.

Introducing WithSecure Cloud Protection for Salesforce Orion 2.4 which enhances your defenses against URL-based cyber threats within Salesforce. This release extends URL scanning to include files, highly requested custom objects and fields, and shortened URLs.

Read on to find out how we are relentlessly enhancing Salesforce security capabilities to protect some of the largest enterprises and critical public organizations in the world. 

Detect malicious URLs in files

Files uploaded to your Salesforce platform present a cybersecurity risk, more than just them being malware. Malicious links can lurk in file attachments, waiting to be clicked.

Now, you can detect and block malicious URLs hidden inside files uploaded to your Salesforce platform. Detected threats will appear in the File Events report for admins. This functionality is automatically enabled as part of the File Protection feature when Adavanced Threat Analysis is turned on. You can find instructions on how to turn it on from our user guide.

Detect and block shortened URL threats

Shortened URLs are often a mask for risky content and can bypass traditional security controls. Our latest release now uncovers and blocks these threats, ensuring that every link is verified, whether shortened for convenience or masking something more sinister. This functionality is automatically enabled as part of the URL Protection feature. 

URL Protection across custom objects and fields

URL Protection is now expanded from Salesforce’s standard objects and fields to also cover your customized ones. The update has been much requested among users, and is unique. You can now freely build your custom workflows – more securely than ever.

In the version 2.4, we are releasing a tech preview version of the feature that requires scripting to set-up. Please contact our Customer Success team who will assist you with the configuration. Direct UI configuration will be released a bit later. 

Get expert insights on URL threats on Salesforce

Admin tips

Admin tip #1: We strongly recommend turning automated updates on to keep your environment secured with the latest defense mechanisms, and to save time and effort. Please note that the version 2.0 is scheduled for End-of-Life (EOL) on May 24th 2024. By using the latest version you not only get the benefits of the latest features , but also the most stable protection for your Salesforce environment.

Admin tip #2: To get the best value from WithSecure Cloud Protection for Salesforce, we recommend you to enable the connected app, which gives you access to the advanced security capabilities such as Advanced Threat Analysis. 

Admin tip #3: To scan URLs in files, make sure that you have connected app enabled, and Advanced Threat Analysis enabled in the File Protection feature. 

Admin tip #4: You can find all updates from new enhancements to what pesky bugs have been fixed in the release notes.  

Fun facts – greetings from the team

Kicking off our annual release series for 2024, we introduce ‘Orion’. Our tradition of naming releases after famous roller coasters continues, embodying the thrilling progress in our work – and in the lives of cyber defenders. The name Orion was chosen not just for its cool factor, but as a symbol of the limitless heights and broad scope we aim for with our Salesforce security solution. It represents a new chapter in refining and enhancing our product to support your Salesforce security needs, promising a steady ascent and an exciting journey with Orion.

In our product release of WithSecure Cloud Protection for Salesforce, Boulder 2.3, we provide you greater detection capabilities against disguised malicious files. We also enable you to report false positive and negative detections straight from the app. More details in the release notes. 

Stay ahead of the curve with:

• In-app reporting: False positives and missed detections can now be reported instantaneously within the app.
• Intelligent File Type Recognition: Sophisticated analysis of a file’s content bolsters defenses against covertly dangerous files.
• License model revision: The user licenses section now mirrors our updated licensing framework for streamlined access and comprehension.
• Expansion of data centers: With new centers in Australia and Singapore, we bring improved performance and stricter data residency control.
• Large file scanning: Our File Protection feature has been bolstered, scanning even larger files for potential threats.
• Government Cloud support: Extending our protective measures to Government Cloud products, ensuring that even the most sensitive operations are secured.

Intelligent File Type Recognition

Hackers disguise malware by renaming dangerous files to appear harmless—like masking an executable (.exe) as an image (.jpeg).

Advanced threat protection counters this by examining a file’s actual content, not just its name, to uncover hidden dangers.

Intelligent File Type Recognition enhances detection in your Salesforce environment. It probes a file’s true behavior, not just its nominal type, identifying real threats that names alone can conceal.

The in-depth analysis is conducted automatically as part of the File Protection feature—no extra configuration required.

Learn more about file type spoofing attacks – and why you should not trust the file names

In-app false positive and negative reporting

You can let us know right in the app if something safe is flagged or something malicious gets through.

New data centers available in Australia and Singapore

We have launched new Security Cloud regions in Singapore and Australia for WithSecure™ Cloud Protection for Salesforce. With the new data centers, we can offer you enhanced performance and more control of your data. 

• Local data processing: Optimize compliance and speed with data centers now in Australia and Singapore  
• Easy in-app configuration: Quickly choose your data processing location within the app  
• Automatic region selection: Set to ‘Automatic’ for the best performance based on your location  

What are data residency and sovereignty and why you should care

Enhanced Security for Salesforce Government Cloud

WithSecure™ Cloud Protection for Salesforce now extends to Salesforce Government Cloud. This expansion ensures that government agencies and public sector organizations leveraging Salesforce’s Government Cloud can now benefit from the same real-time protection against cyber threats as any commercial organizations.

With our app, public sector agencies can confidently manage their operations and handle sensitive and classified information in Salesforce, while ensuring compliance with stringent government security standards and regulations.

Administration tip: automated updates save your time and effort

We strongly recommend turning automated updates on to keep your environment secured with the latest defense mechanisms, and to save time and effort.

Check out our simple instructions for automated updates

Empower Your Salesforce with Boulder 2.2

In our version 2.2 product release, we’ve not only enhanced your defense mechanisms but also put you in the driver’s seat for data processing. Dive deep into zero-day file-based threat protection with advanced sandboxing and behavioral analytics. Plus, dictate where your data gets processed.

Advanced Threat Analysis: beyond the surface

Navigate a world where most Salesforce protection tools only scratch the surface. Our solution offers in-depth sandboxing, a rarity in today’s marketplace, especially among CASBs. Guard against elusive zero-day malware and advanced file-based attacks, and stay secure with our multi-stage threat analysis process. 

Advanced Threat Analysis: how it works

Check out the demo video to see the advanced threat analysis capabilities in action.

Advanced URL Analysis: a comprehensive safety net for every click

Every URL is a potential doorway to threats. But with our Advanced URL Analysis, you can ensure that these doors are either safe to enter or firmly shut. While a quick reputational check instantly blocks known harmful links, suspicious ones are escalated for deeper scrutiny. 

This means even the craftiest of malicious URLs don’t slip through. Get the assurance of URL safety and minimize risks, ensuring every link within Salesforce is trustworthy.

Decide your data’s destination

Whether staying local or going global, the choice is yours. With Boulder 2.2, align your data processing with business needs and regulatory requirements. Opt for the best processing location, whether it’s EU, US, Singapore or Australia. And always stay a step ahead with evolving data residency norms.

Why data destination matters? Understand data residency and sovereignty

Watch how to set up your data processing region

Prefer written formats? Please check out the tutorial article

Let’s continue to innovate and improve together

For a rundown of all the changes and enhancements in Boulder 2.2, our release notes are your go-to resource.

Big thanks to our loyal customers for being with us on this journey. Your feedback, trust, and dedication drive us to consistently innovate and improve Salesforce security.  

Identify and fix security misconfigurations based on actionable insights

WithSecure™ Cloud Protection for Salesforce gives you real-time visibility into your security status. You stay on top of what’s happening in your Salesforce environment, and can empower threat hunters with complete audit trails.

In our new product version, Boulder 2.1, we’ve introduced a new protection status view, providing even more clear-cut visibility into your Salesforce security configurations. 

New protection status view

New protection status dashboard offers you a consolidated overview of your current security levels from a single view. The dashboard points out where your security levels are compromised, 

as it tracks your configurations comprehensively. The actionable insights empower you to optimize your cloud defenses from File and URL Protection to connection status.

Benefits

• Understand your security status from a comprehensive dashboard
• See key security configurations at a glance from a single view
• Identify and fix security misconfigurations based on actionable insights

Want to understand how the protection status is scored?

Stronger defenses. More flexibility.

We know that Salesforce plays a fundamental part in your daily business operations. That’s why we keep fortifying your cyber defenses for your Salesforce environment, helping you realize the full potential of your cloud platform. We have taken a step into the next phase of our product’s journey with the release of Boulder 2.0.

Boulder 2.0 release highlights

Keeping up with the digital landscape and the complexities of cyber security can be a handful.

To keep things simple, we’ve collected all the highlights of the new  Boulder 2.0 release into this article. Read on to keep up to date with the latest developments of WithSecure™ Cloud Protection for Salesforce.

In short, this release gives you:

• More control and flexibility to detect and block malicious weblinks (URLs) such as phishing attacks in real-time
• Future-proof solution build that provides a solid foundation to deliver more advanced security capabilities
• New application type, Connected App, empowers scanning larger files faster, and strengthens our threat analysis capabilities
• More intuitive interface with consistent information of security events to help you better understand and keep track of what is happening in your environment

Gain full control of URL Protection and ward off phishing attacks and ransomware in real-time

Threat actors are increasingly using new methods to launch their attacks. In 2023, we expect to see a surge in phishing attacks that take route via legitimate SaaS platforms such as Salesforce instead of traditional email.

These attacks exploit functions such as file upload systems and chat services to delver malicious content. As well as malware-laden files, this includes URLs leading to deceptive phishing sites.

URLs can also be leveraged in advanced ransomware attacks where a malicious payload is attached to a seemingly benign weblink. The payload is a time bomb of sorts and can remain dormant on a website. This inactive camouflage makes the payload seemingly harmless, rendering it undetectable by most threat analysis engines – until it’s activated by the attacker.

This is why we have built our URL Protection two-fold: weblinks are scanned when first uploaded, and then rescanned when a user clicks the link in case a previously inactive threat has slipped in.

Now, you can switch Click-Time URL Protection on and off as you prefer for the Salesforce functionalities you want, which gives you better control of the digital experience you deliver. 

Connected app: scan large files for threats without limits

Due to execution limits in Salesforce platform, WithSecure™ Cloud Protection for Salesforce also has limitations when it comes to processing extra-large files. To overcome this, we have introduced a new application type called Connected App. A connected app is an application type that lets external systems to securely access and interact with data and functionalities within the Salesforce platform by leveraging APIs.

Connected App bolsters current file scanning and threat analysis capabilities and empowers us to deliver more advanced protection capabilities in the future.

Key benefits now

• Bolstered file scanning for very large files
• Enhanced overall performance
• More responsive threat analysis

Key benefits in the future

• Development of more advanced security capabilities for your Salesforce
• Faster new feature development

Enabling connected app

Learn how you can create an integration user and enable connected app from the video below or from the tutorial article here.

Have crisp and clear security information at your fingertips

Good security always starts with visibility. And it’s not enough to see, you also need to understand. To give you more clear-cut security information, we have redesigned File Events and URL Events pages. 

You can easily skim and filter information about file and URL scanning results and what actions have been taken based on detections.