Salesforce security Archives - WithSecure™ Cloud Protection for Salesforce

New attack surface, new urgency

Agentforce security – the new security aspect to consider in 2025.

Agentforce is changing how you work — and how attackers get in.

AI agents now handle sales, service, and support autonomously, rapidly processing vast amounts of data. But while your operations scale at agentic speed, your attack surface does too.

There’s no built-in scanning for files or links. No phishing awareness in agents. No default safety net.

Malicious content moves at machine speed. That means threats like malware or credential phishing can flow through Agentforce workflows instantly: uploaded by a user, retrieved by an agent, delivered to your team or customers.

And attackers have noticed. Recent campaigns by groups like UNC3944 show how SaaS platforms like Salesforce are now primary targets for phishing, identity compromise, and lateral movement. As attackers shift toward SaaS platforms like Salesforce, this new AI-driven workflow introduces real risk.

Unless your security keeps pace, Agentforce could automate risk as fast as it automates work.

Securing Agentforce data is your responsibility

Agentforce accelerates business. But it also accelerates risk. AI agents process files and URLs from portals, forms, and integrations like Slack or WhatsApp, without human review or built-in threat scanning.

That means your security perimeter now includes:
- Phishing links: Instantly shared by agents, leading to credential theft or account compromise.
- Malicious files: Uploaded by customers or partners, containing ransomware or other threats.
- Human-agent interactions: Agents hand off data to employees, spreading threats across teams.
- Collaboration tools: Shared files and links extend risk beyond Salesforce to every connected tool.
Salesforce doesn’t scan this content by default. And agents don’t know how to spot threats.

According to the Shared Responsibility Model, it’s up to you, the cloud customer, to secure the data flowing in and out of your Salesforce environment. Whether it’s touched by a human or an agent, protecting that data is your responsibility – including how it’s configured, accessed, and what’s allowed to pass through.

What an Agentforce attack path looks like

Without real-time scanning, threats can move faster than your defenses.

Imagine this:
1. A customer uploads a file through your portal, which it looks like a PDF, but it’s hiding malware.
2. An AI agent retrieves the file to process a support request or sales inquiry.
3. The agent sends it to an employee or forwards it to another tool like Slack or email.
4. The file is opened and malware executes. It’s already inside your environment.
5. From there, it spreads laterally, compromising accounts, data, and connected systems.
No human saw the file. No one clicked a phishing link. But the threat still made it in.

This is how agentic speed becomes attacker speed. Unless you scan every file, URL, and agent action in real-time.

How to secure Agentforce workflows

Agentforce makes decisions in seconds. Your security needs to move even faster.

WithSecure™ Cloud Protection for Salesforce is built to protect both human and agent workflows in real time. It operates right inside the Salesforce platform. No delays, no friction, no missed threats.
- Real-time protection at agent speed
  Files and URLs are scanned instantly at upload, download, click, or agent retrieval before they can cause harm. Our detection completes faster than most AI agents can act.
- 100% Salesforce-native integration
  No external processing. No added complexity. No hidden vulnerabilities. Just seamless, frictionless, certified protection inside the platform.
- Secures every interaction
  From customer uploads and portal forms to collaboration tools like Slack or WhatsApp — threats are intercepted wherever they enter.
- Built for uptime and trust
  Protects workflows without disrupting AI autonomy, ensuring agent efficiency and security go hand in hand.
Preparing for scale

Agentforce adoption is only accelerating. As your teams deploy AI across more workflows and process more unstructured data, the security stakes grow just as fast.

More files. More links. More risk – unless your protection can keep pace.

WithSecure™ Cloud Protection for Salesforce helps you stay ahead of these changes. Our native solution scales with your AI transformation, giving you:
- Consistent protection across all agent and human touchpoints
- Real-time coverage that scales as fast as your workflows do
- Confidence to expand, knowing your security keeps up with your AI transformation
Agentforce will help you move faster. We make sure you move securely.

Still have questions?

At WithSecure™, we’re committed to helping you make the most of Salesforce and Agentforce while fulfilling your security responsibilities. Together, we can ensure your agent-powered digital transformation is secure, seamless, and future-ready. If you’d like to learn more about how we can help safeguard your workflows, let’s connect.

Doesn’t Salesforce protect against these threats already?

Salesforce doesn’t scan links or files shared in Agentforce workflows unless you implement an additional security layer. It’s your responsibility to protect the data flowing through your AI workflows and automations.

We already have endpoint/email protection. Isn’t that enough?

Files and links can bypass traditional tools completely. If your AI agent clicks a phishing link or opens a malicious file inside Salesforce, your other tools may never see it. Only a native solution scans content where the agent acts, and at the point of entry.

How does this integrate with our setup?

WithSecure™ Cloud Protection is 100% Salesforce-native. It integrates seamlessly with your environment – no external routing, no added complexity, and no impact on agentic performance. The Agentforce extension comes with the main managed package at no additional cost. There’s no separate management portals or interfaces, no extra charge.

What makes this better than other security tools?

Only WithSecure scans inside Salesforce in real time — at the point of agent action. Competitors scan externally, after the fact, or not at all. That’s why real-time + native + agent-aware protection is unmatched.

Is this compliant and auditable?

Yes. You get full audit-ready logs, policy history, and certified trust (ISAE 3000 Type 2 / SOC 2 Type 2, ISO 27001). Every scan and decision is traceable, even the seemingly invisible agent actions.

Secure your agent workflows — in real time, with zero friction

WithSecure™ Cloud Protection protects what Agentforce accelerates. Real-time file and link scanning. 100% native. No added cost. No added complexity.

Talk to us
When mobile reps became an unexpected attack vector, a leading manufacturing firm needed help to close the gap.

When most people think about Salesforce security, they focus on access controls, user permissions, or app integrations. But in industries like manufacturing, the real risks often hide inside the workflows themselves.

One of our largest customers operates across multiple industrial and construction sites. Their Salesforce environment is a critical system, used daily by hundreds of mobile field reps visiting construction zones, factories, and customer facilities. These reps use Salesforce on tablets or phones (often personal or temporary work-issued devices) to:
- Upload site photos and equipment images
- Send and receive customer agreements
- Share inspection documents
- Communicate with internal teams
This is exactly what Salesforce Field Service is built for: fast, flexible, on-the-ground engagement. And with Salesforce Agentforce introducing generative AI features, productivity is only accelerating. But so is the attack surface.

The hidden threat: Files from the field

This customer’s security team didn’t come to us looking for a Salesforce plugin. Their concern began with one simple, urgent question:

“How do we make sure files coming in from the field aren’t putting us at risk?”

Under the Shared Responsibility Model, Salesforce secures its infrastructure, but ensuring uploaded files are safe is up to the customer. And that’s where things got risky. The reps were uploading more than just notes. We’re talking about:
- PDFs and Excel files
- CAD drawings
- Scanned contracts
- High-resolution images and videos
Many of these uploads came from unmanaged, personally owned, or third-party devices with unknown security standards. Once in Salesforce, those files were shared across legal, procurement, and other departments—making it easy for malware to propagate silently through the organization.

From pain point to protection

Rather than jumping to a product pitch, we started by mapping the real-world risks:
- Mobile reps using unmanaged or temporary devices
- A daily flow of rich, unverified content into Salesforce
- No visibility into file safety at the point of entry
- Agentforce likely increasing this content stream
- Internal risk from lateral movement of threats
The solution? A native security layer inside Salesforce itself.

By scanning every file upload and download in real time—within the Salesforce environment—they were able to:
- Close the file security gap without slowing reps down
- Extend protection to devices outside IT’s control
- Support audit and compliance even with third-party contributors
Best of all, the fix didn’t disrupt the workflow. Reps kept using Salesforce as usual. No new apps. No retraining. Just fast, invisible protection—average scan time under a second.

Why this matters for manufacturing

This isn’t just one company’s story. We’re seeing the same challenge across manufacturing, logistics, and construction—anywhere mobile or contract-based workforces rely on Salesforce. These environments often involve:
- Temporary labor and outsourced contractors
- Mobile uploads from remote job sites
- Complex document workflows spanning departments
Unchecked, these uploads can bypass traditional perimeter defenses. That’s why embedding security inside Salesforce—where the files actually land—is essential.

Bigger than one customer

Sometimes, the vulnerability isn’t in the code. It’s in how legitimate users interact with powerful tools. A mobile workforce, doing their job, can unintentionally open doors to attack. That’s why security has to follow the workflow—not the other way around.

In this case, that mindset led to one of our most impactful deployments—and a safer, smarter way to support sales teams in the field.

Curious if something similar is happening in your Salesforce environment?

Find out more on our solutions page
ABC News Australia, a national broadcaster, recently revealed a large-scale malware operation that stole credentials from employees and customers of several top-tier Australian banks.

While this breach did not involve Salesforce directly, the methods used should raise red flags for any organization relying on cloud-based platforms like it. Credential theft and session hijacking—whether targeting banking portals, CRM systems, or collaboration tools—are part of a broader trend in cybercrime that exploits the weakest link: end users.

If Salesforce is your organization’s central hub for customer interactions, service, or internal operations, this kind of attack offers a clear warning. It’s not about whether your platform was the entry point—it’s about how easily attackers can pivot into cloud environments using valid credentials.

What the credential theft malware attack revealed

The malware campaign, believed to be operated out of Eastern Europe, compromised over 60,000 devices in Australia, including thousands of employee and customer endpoints linked to major financial institutions.

Key facts:
- Malware captured login credentials, cookies, and session tokens.
- At least 250 employee devices from major banks were affected.
- Customer banking credentials and multi-factor authentication bypass data were harvested.
- The stolen information was sold on dark web marketplaces, ready to be used for account takeovers, phishing campaigns, and lateral movement into connected platforms.
Why Salesforce security is at risk from credential theft

Even though this wasn’t explicitly a Salesforce-linked attack, and if your organization wasn’t directly impacted, there are some key lessons here for those responsible for securing Salesforce environments:

Your users are the new attack surface.

This campaign didn’t exploit system vulnerabilities—it targeted individual users. When attackers obtain valid login details, especially those that can bypass security checks, they can gain access to cloud platforms like Salesforce with little resistance. This breach involving stolen Jira credentials shows just how easily attackers can pivot into connected platforms like Salesforce using legitimate access.

Credential dumps enable targeted phishing and impersonation.

Once user data is exposed, attackers often move quickly—crafting convincing messages, impersonating employees, and targeting systems that trust those identities.

Think it couldn’t happen in Salesforce? think again

Salesforce is one of the most trusted enterprise platforms in the world; however, like any cloud service, it operates on a shared responsibility model. Salesforce secures the infrastructure, while you are responsible for your data, users, and access controls.
- Malware on an endpoint device, such as on a user’s laptop, can still compromise Salesforce session tokens or browser credentials.
- API integrations and third-party apps can be exploited if access controls are too permissive.
- Threats such as phishing links and harmful file uploads can still bypass native protections, particularly in tools like Salesforce Experience, Service Cloud, or Email-to-Case, Web-tO-case, real-time Agentforce conversations, and messaging solutions connected to Salesforce.
How to strengthen Salesforce security against credential-based attacks

This incident is a wake-up call for organizations relying on Salesforce. Fortunately, you can take practical steps now to reduce your exposure.

Harden access and session controls
- Watch for unusual login patterns—even those from recognised users.
- Apply the principle of least privilege to user roles and access.
Inspect what your users upload or click
- Malicious attachments and phishing links can be injected into Salesforce records.
- Native platform defenses don’t always catch modern threats – use advanced scanning tools that analyze content in real time.
Protect beyond the login screen
- Threat actors don’t need to “break in” when they can walk in with valid credentials.
- Invest in behavior-based threat detection to spot suspicious activity inside the platform.
- Identity Protection tools will help you quickly identify users with stolen credentials and take action.
Why endpoint security isn’t enough for Salesforce protection

As this breach shows, once an attacker has valid credentials or hijacks a session, traditional defences often fall short, especially when malicious content is introduced after login, via uploads, links, or third-party integrations.

To reduce risk within Salesforce, security controls must extend beyond the perimeter. They need to work inside the platform—scanning for threats, detecting unusual activity, and protecting the areas where attackers are most likely to strike.

Importantly, these protections must function within the Salesforce environment, not merely at the perimeter or endpoint. Many security strategies overlook this gap, where risk quietly accumulates.

Malware doesn’t stop at endpoints – and neither should your security. When attackers access credentials and session data, any cloud service in your stack, including Salesforce, becomes a target. The recent breach should be a stark reminder: you can’t afford to treat Salesforce security as an afterthought.

This latest breach is a reminder: the threat is already in motion. The question is—how prepared are you?
Let’s talk about something that matters to everyone using Salesforce – security. Not the dry, technical stuff (though we’ll touch on that), but the real-world implications of how we protect data in Salesforce today.

Remember when Salesforce first showed up 25+ years ago? They weren’t just selling software—they were asking businesses to do something radical: “Hey, trust us with your customer data on this internet thing.” Pretty bold ask back then!

That fundamental need for trust hasn’t changed. If anything, it’s become more critical as more of our business lives move to the cloud. Ensure you are deploying only enterprise-grade and certified solutions.

Navigating the regulatory maze

The regulatory landscape has gotten… complicated, to put it mildly. While there aren’t many cloud-specific regulations, we’re all feeling the impact of GDPR, CCPA, Australia’s Privacy Act, and similar laws worldwide.

What’s interesting is how these regulations are actually driving innovation. Cloud providers are constantly evolving their offerings to meet higher standards, from data residency options to local data centers to better cross-border transfer solutions.

Also, make sure your cybersecurity vendor is certified with excellence by the ones that matter, like ISO27001 and ISAE300 Type 2 (SOC2 Type 2).

Being resilient when (not if) things go wrong

Let’s be real—cyber incidents will happen. The question isn’t if, but when. That’s why cyber resilience matters so much.

Being resilient means you can keep your business running even when facing cyber problems. It’s about preparing beforehand, detecting issues quickly, responding effectively, recovering smoothly, and adapting for next time.

And make sure your cyber security solutions provide full visibility of the content activity within your cloud solutions – without that you are flying blind when the proverbial hits the fan.

Who’s responsible for what? The cloud security dance

One of the biggest misunderstandings in cloud security is who handles what. It’s a partnership, not a handoff:
- Salesforce handles the security OF the cloud (infrastructure, data centers, platform security)
- You handle security IN the cloud (user access, configurations, data, malware, and phishing protection)
The problem? Many organizations think moving to the cloud means transferring all security responsibilities to the provider. Not true! And this misunderstanding creates dangerous security gaps.

Even more frustrating, many organizations aren’t using the security features they’re already paying for. Tools like event monitoring, encryption options, malware and phishing scanning options, and log analysis often sit unused.

AI: Double-edged sword

AI is changing everything in the security world. On one hand, it’s giving security teams superpowers—helping them detect threats faster, respond more accurately, and cover more ground with fewer people. And cyber security companies like us have only expanded the usage of AI since we started automated analysis in 2006.

But there’s a flip side:
- AI can amplify biases from training data
- Data privacy becomes trickier when large datasets are involved
- Attackers can fool AI systems with adversarial techniques
- Deepfakes make verification harder than ever
- Ethical questions emerge when AI makes important decisions
The key is finding the balance—leveraging AI’s benefits while carefully managing these risks.

Different industries, different challenges

If you’re in financial services, healthcare, or the public sector, you know the compliance burden is especially heavy. Each region has its own requirements, too—Australia has IRAP, the US has FedRAMP, Germany has C5, and Japan has ISMAP.

Interestingly, these highly regulated industries also see more “shadow AI” use, where employees bypass official channels to use productivity-enhancing AI tools. This highlights why clear policies and education are so important.

Getting CRM and security teams on the same page

Here’s something that happens all too often: CRM teams plan and implement Salesforce without bringing security experts in early enough. By the time security gets involved, major decisions are already locked in.

The better approach? Involve security from day one of planning. Help them understand what data you’re storing, what business processes you’re supporting, how your community is interacting, and how everything connects.

This partnership approach builds security in from the start rather than bolting it on later. Typically, when you open your Salesforce to external communities, the threat level jumps through the roof.

What this all means for you

The bottom line is that securing Salesforce today requires understanding that it’s a shared responsibility. It means being prepared for incidents rather than just trying to prevent them. And it requires thoughtful governance around new technologies like AI.

The organizations that get this right aren’t necessarily the ones spending the most money. They’re the ones fostering collaboration between business, security teams, and cybersecurity vendors, making full use of existing security features, and staying adaptable as the landscape continues to evolve.

What security challenges are you facing with your Salesforce implementation? The conversation is just beginning.

Take a look at the fireside chat I had with Chetan Sansare, Senior Director Security and Regulatory Compliance APAC and Gayan Benedict, CTO (ANZ), Salesforce for an even deeper dive.
Let’s be clear – when Salesforce becomes your digital front door, your responsibility doesn’t end at deployment. That’s where it begins.

The security responsibility is yours (and Salesforce’s)

There’s a persistent myth: “Salesforce handles all the security stuff.” This isn’t the case.

Yes, Salesforce provides world-class infrastructure – the data centers, the failover systems, the platform fundamentals. But everything inside your org? The users, custom apps, and most importantly, your data? That’s entirely your responsibility.

If someone uploads malicious content or a team member accidentally nukes a critical dataset, Salesforce isn’t swooping in to save the day. You need your own safety nets.

That’s exactly why we created WithSecure Cloud Protection for Salesforce back in 2015. We couldn’t find a native solution to scan incoming files and URLs from Experience Cloud users, so we built one ourselves. Today, hundreds of organizations rely on it for real-time protection.

The hidden danger: unstructured data

One of the biggest blind spots is unstructured data – all those files, images, and links coming in through portals, forms, chat interfaces, and partner connections. These are malware superhighways.

Agentforce only amplifies this risk. It’s designed to respond quickly by drawing from multiple data sources. If that data isn’t properly scanned and secured, you’re essentially building a high-speed highway to your most sensitive information.

Our solution scans files and links in under a second, and that timing matters. Agentforce needs to respond in about 1.5 seconds to meet user expectations. If your security can’t keep pace, it becomes either a bottleneck or something teams will work around (which is even worse).

Backup isn’t enough (but It’s a start)

Let’s talk about what actually happens when things go wrong. In my experience, data loss rarely comes from dramatic hacks. It’s usually something mundane: a cleanup job gone sideways, a picklist error, or a field mismatch that cascades across thousands of records.

When that happens, you need more than just a backup – you need precision recovery. You need to know exactly what changed, what needs fixing, and which data is valid.

And as your org grows? Performance starts to suffer. Reports crawl, dashboards lag, and users can’t find what they need. That’s where strategic archiving becomes crucial – keeping your Salesforce instance lean and responsive while preserving historical context that your AI tools need to function effectively.

AI doesn’t have a conscience

Here’s something that keeps me up at night: AI models will happily process whatever data they’re given, including highly regulated or sensitive information. They don’t know any better.

It’s up to us to control what these models see and don’t see. That means implementing data masking, tokenization, and encryption before data even enters the AI pipeline. At WithSecure, we partner with companies like Odaseva to ensure sensitive information stays encrypted end-to-end, never exposed, not even during processing.

This way, you get the intelligence without the regulatory nightmares.

The missing link: collaboration

Want to know a common vulnerability I encounter? It’s not technical – it’s organizational. Salesforce admins and cybersecurity teams simply aren’t talking to each other.

When they do collaborate, magic happens. Risk decreases. Deployment speed increases. Compliance becomes manageable rather than painful.

The best results come when these teams work as one unit – building policies together, selecting tools together, and responding to incidents with a unified approach. Security isn’t a solo act – it’s the ultimate team sport.

What you should do today

If you’re expanding your Salesforce footprint or implementing Agentforce, here’s my practical advice:

Know what’s lurking in your org – If you’ve used Salesforce for years, there’s likely already malware sitting quietly in old files or attachments. A comprehensive scan can identify and remove these threats.

Reassess risk whenever anything changes – New user groups? New data types? New features? Each one brings potential vulnerabilities. Don’t wait for something to break.

Watch those chat interfaces – Agentforce increasingly operates across WhatsApp, Messenger, websites, and more. These are high-risk entry points where unstructured data flows fast and often unfiltered.

Test your recovery plan – Don’t just have backups; run simulations. Test restoration. Create response playbooks. When something goes wrong, you want muscle memory, not panic.

The bottom line

Agentforce is genuinely transformative. It enables faster, smarter, always-on service that customers increasingly expect. But it also significantly increases both the complexity and exposure of your Salesforce environment.

Here’s the good news: you don’t have to choose between innovation and security. With the right tools and partnerships, you can build a Salesforce experience that’s fast, intelligent, and secure by design.

And that’s how you unlock the real value of Agentforce – without risking everything else in the process.

I recently took part in a conversation about this very topic. Take a look below!
Files are essential to your Salesforce workflows, but they’re also an easy attack vector. Whether it’s contracts uploaded through a customer portal, invoices submitted via Service Cloud, or internal attachments exchanged in agent chats, every file entering your Salesforce environment carries risk.

That’s why choosing the right file security solution for Salesforce isn’t about ticking boxes. You need to ensure you have deep, real-time protection against the full spectrum of file-based cyber threats. This means everything from well-known malware to emerging, never-before-seen zero-day attacks.

Two kinds of file-based threats — and why you need protection against both

Attackers aren’t just reusing the same old tricks. They’re evolving, and often hiding malicious content inside seemingly harmless files like PDFs, Word docs, and image files.

1. Commodity malware
These are widespread threats that security vendors have seen before. This includes viruses, trojans, and ransomware families that have recognizable digital “fingerprints.” Many legacy antivirus products rely on signature-based detection alone, which can be effective here… if you’re lucky and the signature database is up to date.

2. Zero-day and polymorphic malware
These pesky threats are the real problem today. Zero-day malware is completely new, often crafted specifically to bypass traditional detection. Polymorphic malware, meanwhile, mutates its code every time it spreads, evading both basic signature detection and one-time-only scanning. These threats are harder to spot, and can cause real damage before anyone notices.

That’s why a file security solution for Salesforce must go beyond static scanning to get results. And accuracy counts.

Proven protection: AV-TEST award-winning threat detection

When selecting a file security solution for Salesforce, you need assurance that your protection is tested and proven – not theoretical marketing pitches.

That’s exactly what WithSecure delivers. Our advanced malware detection engine, used in WithSecure™ Cloud Protection for Salesforce, is the same core engine behind WithSecure Elements, which earned AV-TEST’s Best Protection Award 2024 after achieving flawless detection results across an entire year of enterprise-grade testing.

Throughout 2024, AV-TEST rigorously evaluated WithSecure Elements across more than 90,000 malware samples as part of its Enterprise Protection Test. The result? A perfect malware detection rate. Not a single threat slipped through. WithSecure effectively blocked every attack and prevented any damage to the test systems.

“This result demonstrates the relentless dedication of WithSecure Intelligence, as well as our R&D and cyber security teams, whose expertise ensures our customers stay protected against both known and emerging threats,” says Paolo Palumbo, VP, W/Intelligence at WithSecure.

This recognition from AV-TEST (which is one of the most trusted independent testing organizations in the cybersecurity industry) offers assurance that WithSecure’s detection capabilities are not only fast and intelligent, but validated in real-world conditions.

For Salesforce customers, this means that WithSecure Cloud Protection for Salesforce brings the same industry-leading protection into your cloud environment — scanning every file that touches your business, from support tickets and partner portals to automated chat workflows.

Whether it’s a known virus or a zero-day threat disguised in a PDF, you can trust WithSecure to stop it before it spreads.

Real-time, multi-layered defense that fits Salesforce

WithSecure Cloud Protection for Salesforce goes far beyond a basic upload-time file scan. It delivers continuous, multi-layer protection at every stage of your Salesforce workflows — from file uploads and downloads to dynamic interactions via forms, support cases, partner portals, Slack, and more.

Here’s how it works:

Multi-layered file analysis engine

Every file is evaluated using a robust stack of detection technologies, including:
- Signature-based scanning for known malware variants
- AI-powered behavioral analysis to detect suspicious patterns and polymorphic malware
- Cloud sandboxing for deep inspection of complex or unknown file types
- Real-time threat intelligence feeds, always up-to-date
This ensures your Salesforce environment is secured against both commodity malware and zero-day threats — no matter where the file comes from or how it’s shared.

Real-time protection at every entry point

WithSecure doesn’t wait to act — it scans files immediately when they’re:
- Uploaded to Salesforce (e.g. via cases, forms, portals, chats)
- Downloaded by users or agents
- Accessed or shared within Agentforce workflows or messaging integrations (e.g. WhatsApp, Slack, Web Chat)
This real-time scanning capability is key in detecting threats like polymorphic malware, which may change form depending on who interacts with it — a major blind spot for conventional AV tools.

Advanced detection of malicious URLs & QR Codes

Files today are more than just files — they’re often delivery vehicles for phishing links or embedded QR codes pointing to malicious sites. WithSecure scans inside documents and images, detecting:
- Malicious links, shortened URLs, redirects
- QR codes embedded within files
- Obfuscated or hidden content
These capabilities are critical in stopping phishing attacks and preventing social engineering threats from reaching your team through Salesforce channels.

Native to Salesforce — not bolted on

Unlike external integrations or API-based workarounds, WithSecure Cloud Protection for Salesforce is a truly Salesforce-native application, meaning:
- No middleware, no added infrastructure
- Deployed directly from AppExchange
- Integrates seamlessly into Salesforce UI, objects, and workflows
- Works with standard and custom objects, Experience Cloud, Sales Cloud, Service Cloud, Government Cloud, omni-channel Agentforce workflows, and more
It’s fast to deploy, easy to configure, and fully aligned with Salesforce’s architecture. Truly native does not equal just an app’s management interface on Salesforce, but the actual way that it is built and integrated.

WithSecure Cloud Protection is already trusted by Fortune 500 companies and public sector organizations worldwide. It meets the highest requirements for security, compliance, and reliability.

File security is the foundational element of Salesforce security

Malicious files are still one of the easiest ways into cloud platforms like Salesforce. It’s also one of the hardest to detect without advanced protection. Without a purpose-built solution, there is no visibility into file-based threats on Salesforce, making incident response and forensics expensive and time-consuming.

WithSecure Cloud Protection for Salesforce uses multi-layered, real-time analysis to detect both commodity malware and elusive zero-day threats. Powered by industry-leading engines and embedded natively in Salesforce, it stops what others miss before it ever reaches your data, workflows, or users.
In a growing spree of targeted cyberattacks, the HELLCAT threat group has breached at least six organizations in just five months by exploiting exposed Jira credentials. Victims include high-profile enterprises like Telefonica, Orange Group, and Jaguar Land Rover (JLR). In the JLR case alone, attackers exfiltrated and leaked over 700 internal documents, including source code, development logs, tracking data, and sensitive employee information.

These weren’t isolated incidents. HELLCAT followed a consistent playbook: targeting Jira for its central role in enterprise operations and its integration into broader ecosystems. The platform often holds architectural plans, API keys, internal communications, and workflow data. Sounds like a goldmine for attackers.

Stolen credentials are the culprit in the cloud

So, what made these attacks possible? It was stolen credentials harvested by infostealer malware, often from external third parties. In one case, Jira credentials belonging to an LG Electronics employee still granted access to JLR’s Jira instance—years after the initial compromise. Those credentials had been exposed for years yet remained valid.

This isn’t a corner case. Credentials compromised – for example in old infostealer campaigns – are still readily available on the dark web. And as long as they work, attackers will continue using them. Many organizations don’t consider these risks in their security plans. This is the case especially when the credentials belong to external users like partners, contractors, or vendors.

The lesson is clear: in cloud environments, access doesn’t end at the walls of your organization.

Breached Jira credentials: The Salesforce parallel

From the attacker’s point of view, Jira is not unique. Salesforce mirrors Jira closely:
- Vast amounts of sensitive data – customer records, contracts, invoices, case files, product roadmaps
- Extensive third-party access – via customer portals, partner users, and even agent automation.
- Central to workflows – tightly integrated with other platforms through APIs and automation, even more than Jira
- Credential risk blind spots – these are ticking time bombs especially for community users and partners outside core IT controls
Salesforce is targeted more and more by sophisticated cyber attacks

Just like Jira, Salesforce is increasingly targeted. Many companies still don’t enforce MFA across all user types. Infostealer dumps are often loaded with credentials tied to cloud accounts, including Salesforce user accounts, which may go unmonitored or unchanged for years. Identity compromise is practically invisible to traditional security layers – until it’s too late.

The HELLCAT breaches aren’t just a Jira credential risk. They’re a SaaS ecosystem wake-up call.

WithSecure helps mitigate identity risks on Salesforce

Salesforce isn’t just a business app or CRM anymore – it’s an infrastructure and a backbone to critical commercial operations. Without proper visibility into identity risk and real-time file and URL-based threats, the door is wide open.

WithSecure Cloud Protection for Salesforce provides:
- Real-time threat scanning of all files and URLs inside Salesforce
- Blocking of phishing links that direct to credential harvesting sites – even when hidden inside files or behind QR codes
- Stopping files that hide malware and ransomware, including infostealers and never-before-seen zero-day threats
- [COMING SOON!] Credential compromise detection to identify at-risk users
Switch roles from an administrator to Salesforce defender

Salesforce customers need to think like defenders, not just administrators. You should treat Salesforce like the critical platform it is. Understand who’s accessing it.

And don’t assume that credentials leaked five years ago aren’t still being exploited today.

Soon, we can help you monitor for credential compromises – especially among external users with our upcoming Identity Protection capabilities.

Trusted by highly regulated Fortune 500 enterprises globally, WithSecure Cloud Protection for Salesforce delivers scalable, quick-to-deploy Salesforce native protection. No added complexity, hindrance to your operations, or impact on your custom workflows. Just award-winning detection capabilities delivered in real-time.

Curious about the upcoming Identity Protection feature? Contact us from the form below.
The future of Agentforce is marked by swift business operations, and constant stream of AI-driven value. More and more AI agents process vast amounts of data, automate customer touch points, and interact across multiple platforms. At the same time, the cyber threat landscape will also be in flux. Here are our key predictions when it comes to cyber threats, and security strategies for adapting to them.

Prediction 1: Agent efficiency drives exponential growth in data volumes

AI agents, like those powered by Agentforce, excel at streamlining workflows, automating routine tasks, and enabling organizations to scale operations. By eliminating artificial restrictions, such as hiding customer service contact forms, businesses can handle significantly more inbound cases.

As a result, the sheer volume of data being processed – both structured and unstructured – will rise dramatically.

With an influx of data, the need for robust, real-time file and URL scanning solution for Agentforce workflows will grow exponentially in the future. Organizations must deploy scalable, efficient threat detection systems like WithSecure™ Cloud Protection for Salesforce to mitigate risks without compromising operational agility.

Prediction 2: New ways of processing and distributing content

In the future, Agentforce agents will manage and distribute files and URLs at an unprecedented scale, both within organizations and externally to customers and partners. Agents may inadvertently share malicious content, amplifying the spread of threats.

The risk of malware and phishing attacks increases as malicious files and URLs spread more freely through automated systems.

Organizations need advanced real-time scanning solutions that proactively detect and neutralize threats. WithSecure’s cloud-native protection layer ensures that files and URLs are scanned immediately as they enter the platform, and again when a user interacts with them. They are effectively neutralized before they can disrupt operations or damage customer trust.

Prediction 3: Integration with collaboration tools expands the attack surface

Agentforce integrates with tools like Slack, WhatsApp, and Salesforce Messaging for In-App and Web (MIAW), facilitating seamless communication. For instance, a recruitment AI agent might share links to candidate portfolios or PDF resumes in Slack channels. However, these conveniences come with risks.

Collaboration tools will become a more prominent vector for malicious content, with harmful files or phishing links reaching large audiences quickly.

To address this, businesses must prioritize centralized security solutions that sit where data is processed and stored – within Salesforce itself. By centralizing protection at the source, organizations can ensure that all files and links handled by Agentforce agents are safe before they reach external platforms.

What does the future of Agentforce look like from the threat landscape’s point of view?

In the grand scheme of things, how does the AI and Agentforce dominant future change the threat landscape? We are already seeing a significant surge in SaaS breaches – +300% year-on-year to be precise. The same growth rate can unfortunately be seen also in malicious content on Salesforce, as detected in the customer environments we protect. SaaS applications, including platforms such as Salesforce, are increasingly targeted by cyber criminals.

If the detection ratio of malicious files and phishing links remains the same or grows, and the volume of unstructured data grows, the risk of a data breach through these agentic workflows becomes a more pressing concern.

GenAI has been seen as a disruptor in cyber threat landscape for a while now with services like FraudGPT rising in popularity. However, GenAI has also become the disrupted. Vulnerabilities of services like DeepSeek and Meta’s Llama make it clear that the same weaknesses apply to AI services as any other software.

Although the future of GenAI and agentic AI has many uncertainties, cyber defenders can prepare and take action.

The good AI vs. bad AI race will keep on going.
Defenders should adopt advanced security measures that leverage AI and machine learning to detect threats as fast as the agents operate. At the end of the day AI is fast. Agents are fast. Attacks that leverage AI are fast. Similarly, speed in preventative measures is crucial.

What you can do to secure your Salesforce data in the age of agents
- Adopt real-time scanning: Implement AI-powered solutions like WithSecure™ Cloud Protection for Salesforce to ensure continuous protection for growing data volumes. Secure files and URLs shared via Slack, WhatsApp, and other platforms to reduce exposure.
- Focus on centralized protection: Since agents operate within Salesforce, protecting the Salesforce environment directly is more effective than securing individual endpoints or third-party tools.
- Regularly audit and update data: Maintain clean, accurate, and secure datasets to minimize the risk of inaccuracies in AI-driven workflows.
- Apply the principle of least privilege: Only give agents the access and permissions they require to do their job. Manage access and authentication vigilantly.
- Educate and train teams: Equip users with the knowledge to manage and secure AI-powered operations effectively.
100% Salesforce native threat protection for Agentforce workflows

Agentforce boosts efficiency by automating customer touchpoints, but it also increases exposure to malware and phishing risks through the handling of files and links.

WithSecure™ Cloud Protection for Salesforce addresses these gaps with real-time scanning that integrates natively into Salesforce workflows. By stopping threats at the source, it ensures both AI agents and human users operate safely, preventing disruptions and securing sensitive interactions.

Trusted by highly regulated Fortune 500 enterprises globally, WithSecure Cloud Protection for Salesforce delivers scalable, quick-to-deploy Salesforce native protection. No added complexity, hindrance to your operations, or impact on your custom workflows. You are fully empowered to leverage Agentforce’s potential without compromising the safety of your data.
Real-life evidence of NRD risks

Cyber attackers use phishing in the majority of data breaches – IBM reports a staggering 41% of all attacks attributed to it, while Deloitte notes that phishing accounts for two in every five attacks. The Anti-Phishing Working Group (APWG) underscores that 77% of phishing domains are specifically registered for malicious purposes. These domains frequently serve as launchpads for extensive phishing and malware attacks, making their scrutiny a critical security practice.

Similarly, Interisle Consulting Group observed that a significant increase in phishing is linked to the use of domain names, with an 85% jump in domains used for cyberattacks.

Research from Palo Alto reinforces these concerns, and indicates that at one point, over 70% of newly registered domains (NRDs) were “malicious,” “suspicious,” or “not safe for work.” This statistic underscores the consistent risk posed by newly established domains over the years.

NRDs are employed not only for phishing but also as vectors for malware distribution and command-and-control operations. Cybercriminals can rapidly register and activate new domains. In response, they can rapidly deploy and evolve their attacks, and bypass traditional detection methods. This creates urgent challenges for cybersecurity defenses in environments like Salesforce.

Why combating phishing on Salesforce is crucial

Phishing attacks pose a significant threat to organizations using Salesforce, exploiting the platform’s extensive functionalities to carry out sophisticated cyberattacks. These threats primarily target human error, using deceptive emails or malicious URLs to manipulate users into divulging confidential information such as login credentials, thereby compromising entire systems.
1. Data integrity and security: Salesforce serves as a repository for vast amounts of sensitive corporate and customer data. Phishing attacks gain unauthorized access to data, causing data breaches that severely damage a company’s reputation and lead to substantial financial losses.
2. User trust and compliance: Customers trust organizations to safeguard their personal information. A successful phishing attack can erode this trust, damage customer relationships, and potentially violate compliance regulations that protect user data.
3. Operational continuity: Phishing attacks disrupt the normal business operations of Salesforce, which leads to downtime and decreased productivity.
Proactive NRD blocking is the simplest and the most effective strategy

Managing NRD threats effectively requires a combination of technology and strategy tailored to an organization’s specific risk tolerance. Although user awareness is important, no Salesforce user should be expected to act as a phishing detective. Enterprises with low risk tolerance should proactively block NRDs from interacting with their Salesforce systems.. By utilizing real-time intelligence, WithSecure Cloud Protection for Salesforce empowers organizations to selectively block NRDs. The solution analyzes the domain’s age. Customers can configure settings to block domains registered within recent time frames, including 7, 14, 30, 60, or 90 days.

Incident response insights

Our incident response team has identified attacks on Salesforce environments where NRDs were a factor. These observations have reinforced the need for robust NRD management and influenced the development of product features that meet the stringent compliance requirements of many enterprise customers. These customers often mandate that newly created domains should not gain access to their Salesforce platforms.

“Many enterprises, particularly financial institutions, have stringent requirements. For instance, they mandate that domains less than 32 days old are not allowed on their network or platform ,” Anssi Korpilaakso, Director of Business Operations at WithSecure Cloud Protection for Salesforce, concludes.

The problem calls for systemic intervention

To curb the misuse of newly registered domains (NRDs) in cyberattacks more effectively, authorities need to take broader regulatory actions instead of merely placing the responsibility for risk management on the victims.
- Regulatory oversight: Authorities could impose stricter controls on service providers that disproportionately enable cybercriminals, possibly penalizing those that consistently supply the means for cyberattacks.
- Identity verification: Introducing stringent identity verification or certification requirements for bulk domain registration can prevent misuse by making it harder for cybercriminals to anonymously acquire domains.
- Limiting resources: Restricting the number of accounts and subdomains one can register with free or inexpensive web hosting services could curtail the ability of attackers to proliferate harmful domains.
- Automated monitoring: Deploying automated systems to monitor and screen suspicious registration and usage patterns can preemptively catch potentially malicious activities.
Comprehensive phishing protection – 100% Salesforce-native

WithSecure™ Cloud Protection for Salesforce enhances defenses against URL-based threats, including the risks associated with newly registered domains (NRDs). This constantly updated suite of URL scanning features actively addresses the hidden dangers of malicious URLs within Salesforce.

Stop phishing and url-based threats instantly: URL Protection feature actively guards against phishing and malicious websites. It scans URLs upon upload and when clicked. This real-time scrutiny is crucial for intercepting threats before they impact your system.

Dynamic protection against evolving threats: The nature of URL threats is volatile. A link that was once deemed safe can turn malicious later. Click-Time URL Protection feature dynamically evaluates URLs at the point of access and adapts to the mutating threats.

Block newly registered domains: You can block access to domains based on their registration age. Settings are adjustable from 7 to 90 days old domains. This effectively reduces the risk of falling victim to attacks that are launched from newly established malicious sites.

Comprehensive detection of malicious URLs: The solutions detects and blocks harmful URLs that are within files and behind QR codes. This extends protection beyond visible links in text fields. This comprehensive approach helps thwart hidden malware and phishing attempts encoded within document uploads.

Block shortened URL threats: Shortened URLs, often used for their convenience, can mask dangerous destinations. Our system ensures every link is verified, enhancing security against camouflaged threats that could otherwise bypass detection.

Tailored security for high compliance sectors: We have designed the solution with the needs of highly regulated industries in mind. Robust protection aligns with the stringent security requirements of finance and public sectors.

Concerned about malicious URLs entering your Salesforce environment? Contact our team for a free consultation.
What is DORA?

The Digital Operational Resilience Act (DORA) is a European Union regulation crafted to boost the operational resilience of financial institutions. It ensures they can withstand, respond to, and recover from ICT-related disruptions, including cyberattacks. It mandates rules for ICT risk management, incident reporting, resilience testing and third-party risk management (TPRM). The regulation applies as of 17 January 2025.

What’s the purpose of DORA?

DORA aims to ensure EU financial institutions can effectively manage and mitigate ICT risks, diminish the impact of cyber threats, and sustain business continuity during disruptions.

Who does DORA apply to?

DORA applies to the majority of financial institutions operating in the EU. It covers a broad spectrum of financial entities, such as banks, investment firms, payment service providers, insurance companies, and ICT third-party providers like cloud services that support financial institutions.

DORA’s ICT risk management framework mandates that a firm’s management body bears ultimate responsibility for managing ICT risks, setting and approving the digital operational resilience strategy, and approving policies related to the use of ICT Third Party Providers (TPPs), among other duties.

How does DORA change the current regulatory compliance?

There have been previous guidelines similar to DORA such as 2019 EBA Guidelines on ICT Security and Risk Management and the 2020 EIOPA Guidelines on ICT Security and Governance. However, as DORA is primary legislation, the level of supervisory scrutiny that firms are subject to is now increasing significantly.

Key requirements for financial entities:
- ICT risk management: Financial entities must develop robust governance and control frameworks to manage ICT risks. This includes risk identification, protection measures, system monitoring, and incident recovery.
- Incident reporting: Entities are required to report significant ICT-related incidents to authorities to enhance oversight and facilitate a coordinated sector response.
- Testing and audits: Regular testing, including penetration tests and security audits, is mandatory to identify and address vulnerabilities.
- Third-party risk management: Financial institutions must ensure that third-party ICT providers adhere to equivalent standards, including conducting thorough due diligence for outsourcing critical functions.
DORA compliance and Salesforce security

DORA mandates comprehensive oversight across critical business areas, focusing on firm management’s accountability for ICT risks. It includes crafting a digital operational resilience strategy and managing ICT Third Party Providers (TPPs). Breaches could lead to penalties enforced by competent authorities.

Salesforce is a cloud-based platform that is critical to many financial organizations and their operations. The financial entity will need to ensure that their use of Salesforce complies with DORA’s requirements regarding ICT risk management, third-party oversight, incident reporting, and testing.

As a leading CRM provider, Salesforce has already taken steps to ensure that the platform’s data governance aligns with DORA – along with other data protection regulations. Collaboration with partners like WithSecure™ is part of Salesforce’s commitment to trust and security according to Natalie Pope, Lead Solutions Engineer at Salesforce: “DORA is an important step in elevating our offerings to financial services customers, ensuring data and operational resilience are at the forefront their business goals and company ethos. Our collaboration with partners like WithSecure™ demonstrate Salesforce’s commitment to our number one value of trust, allowing us to offer robust and compliant solutions as part of a trusted digital infrastructure.”

Key actions to secure Salesforce and comply with DORA

New DORA regulation impacts all SaaS products, including Salesforce. When it comes to Salesforce security and risk management, financial institutions should take action in the following areas:
- Set up ongoing auditing practices to continually assess security risk related to Salesforce and other services connected to it. Implement proper security measures to remediate any gaps.
- Develop and refine incident management strategies to ensure prompt detection, reporting and resolution of issues. Implement security measures directly for Salesforce that support your strategy.
- Review and update contracts with ICT providers to meet DORA standards.
In which Salesforce DORA obligations can WithSecure™ Cloud Protection for Salesforce help

WithSecure™ Cloud Protection for Salesforce stops malware and phishing threats on Salesforce in real-time. It helps financial organizations meet their DORA obligations on Salesforce in the following areas:

DORA mandate for incident reporting: “Financial entities shall report major ICT-related incidents to the relevant competent authority”, “Financial entities shall produce, after collecting and analysing all relevant information, the initial notification and reports referred to in paragraph 4 of this Article using the templates referred to in Article 20 and submit them to the competent authority. In the event that a technical impossibility prevents the submission of the initial notification using the template, financial entities shall notify the competent authority about it via alternative means.” (Chapter 19, Article 1)

DORA mandate for detection capabilities: “Financial entities shall devote sufficient resources and capabilities to monitor user activity, the occurrence of ICT anomalies and ICT-related incidents, in particular cyber-attacks.” (Chapter 2, Article 10)

DORA mandate for incident management: “Financial entities shall define, establish and implement an ICT-related incident management process to detect, manage and notify ICT-related incidents.” (Chapter 17, Article 1)

How WithSecure™ Cloud Protection for Salesforce helps financial organizations meet their DORA obligations

WithSecure™ Cloud Protection for Salesforce helps financial institutions detect anomalies such as malware and phishing threats on Salesforce. It provides real-time monitoring capabilities into cyber threats and incidents across the Salesforce environment. It empowers financial institutions with automated threat remediation capabilities, along with prompt alerts.

WithSecure™ Cloud Protection for Salesforce’s native reporting features support incident reporting to authorities, as mandated by DORA. Reports offer vast details about the threat, who has interacted with it, and when. This not only enables sufficient reporting to authorities, but also speeds up incident management process significantly. Without the reporting tools with full event logs and forensics trails, investigating a malware outbreak is costly and time consuming.

While remediating the immediate threat of malware, solutions like Cloud Security Access Brokers (CASBs) can introduce more risk by adding vulnerable integrations and data flows to the mix. For this reason, we built the natively integrated, minimally vulnerable and simplified AntiVirus and AntiPhishing solution WithSecure™ Cloud Protection for Salesforce. With this simplified and seamless approach, financial institutes can mitigate risk without invertedly adding more in the process. You can deploy the native security layer in minutes and strengthen your compliance instantly.

WithSecure™ Cloud Protection for Salesforce is built with 30+ years of cyber security experience in close collaboration with Salesforce. The solution has achieved ISAE 3000 Type 2 certification (international equivalent to SOC 2 Type 2), and WithSecure™ is ISO 27001 certified, proving the resilience of operations in accordance with DORA’s third-party risk management agenda.

Ensure Salesforce DORA compliance

Protect your Salesforce environment against advanced ransomware and phishing attacks in real-time. Natively integrated WithSecure™ Cloud Protection for Salesforce is up and running in minutes. Comprehensive reporting capabilities help you meet DORA incident reporting requirements.

Get to know the product

New attack surface, new urgency

Securing Agentforce data is your responsibility

What an Agentforce attack path looks like

How to secure Agentforce workflows

Preparing for scale

Still have questions?

Doesn’t Salesforce protect against these threats already?

We already have endpoint/email protection. Isn’t that enough?

How does this integrate with our setup?

What makes this better than other security tools?

Is this compliant and auditable?

Secure your agent workflows — in real time, with zero friction

Prediction 1: Agent efficiency drives exponential growth in data volumes

Prediction 2: New ways of processing and distributing content

Prediction 3: Integration with collaboration tools expands the attack surface

What does the future of Agentforce look like from the threat landscape’s point of view?

What you can do to secure your Salesforce data in the age of agents

100% Salesforce native threat protection for Agentforce workflows

Real-life evidence of NRD risks

Why combating phishing on Salesforce is crucial

Proactive NRD blocking is the simplest and the most effective strategy

Incident response insights

The problem calls for systemic intervention

Comprehensive phishing protection – 100% Salesforce-native

What is DORA?

What’s the purpose of DORA?

Who does DORA apply to?

How does DORA change the current regulatory compliance?

Key requirements for financial entities:

DORA compliance and Salesforce security

Key actions to secure Salesforce and comply with DORA

In which Salesforce DORA obligations can WithSecure™ Cloud Protection for Salesforce help

How WithSecure™ Cloud Protection for Salesforce helps financial organizations meet their DORA obligations

Ensure Salesforce DORA compliance

Product

Resources

Company

Support

Social media

New attack surface, new urgency

Securing Agentforce data is your responsibility

What an Agentforce attack path looks like

How to secure Agentforce workflows

Preparing for scale

Still have questions?

Doesn’t Salesforce protect against these threats already?

We already have endpoint/email protection. Isn’t that enough?

How does this integrate with our setup?

What makes this better than other security tools?

Is this compliant and auditable?

Secure your agent workflows — in real time, with zero friction

The hidden threat: Files from the field

From pain point to protection

Why this matters for manufacturing

Bigger than one customer

What the credential theft malware attack revealed

Why Salesforce security is at risk from credential theft

Think it couldn’t happen in Salesforce? think again

How to strengthen Salesforce security against credential-based attacks

Harden access and session controls

Inspect what your users upload or click

Protect beyond the login screen

Why endpoint security isn’t enough for Salesforce protection

Navigating the regulatory maze

Being resilient when (not if) things go wrong

Who’s responsible for what? The cloud security dance

AI: Double-edged sword

Different industries, different challenges

Getting CRM and security teams on the same page

What this all means for you

The security responsibility is yours (and Salesforce’s)

The hidden danger: unstructured data

Backup isn’t enough (but It’s a start)

AI doesn’t have a conscience

The missing link: collaboration

What you should do today

The bottom line

Two kinds of file-based threats — and why you need protection against both

Proven protection: AV-TEST award-winning threat detection

Real-time, multi-layered defense that fits Salesforce

Multi-layered file analysis engine

Real-time protection at every entry point

Advanced detection of malicious URLs & QR Codes

Native to Salesforce — not bolted on

File security is the foundational element of Salesforce security

Stolen credentials are the culprit in the cloud

Breached Jira credentials: The Salesforce parallel

Salesforce is targeted more and more by sophisticated cyber attacks

WithSecure helps mitigate identity risks on Salesforce

Switch roles from an administrator to Salesforce defender

Prediction 1: Agent efficiency drives exponential growth in data volumes

Prediction 2: New ways of processing and distributing content

Prediction 3: Integration with collaboration tools expands the attack surface

What does the future of Agentforce look like from the threat landscape’s point of view?

What you can do to secure your Salesforce data in the age of agents

100% Salesforce native threat protection for Agentforce workflows

Real-life evidence of NRD risks

Why combating phishing on Salesforce is crucial

Proactive NRD blocking is the simplest and the most effective strategy

Incident response insights

The problem calls for systemic intervention

Comprehensive phishing protection – 100% Salesforce-native

What is DORA?

What’s the purpose of DORA?

Who does DORA apply to?

How does DORA change the current regulatory compliance?

Key requirements for financial entities:

DORA compliance and Salesforce security

Key actions to secure Salesforce and comply with DORA

In which Salesforce DORA obligations can WithSecure™ Cloud Protection for Salesforce help

How WithSecure™ Cloud Protection for Salesforce helps financial organizations meet their DORA obligations

Ensure Salesforce DORA compliance