Features File protection General Advanced threat analysis Scheduled scanning Connected app License management Reporting URL protection Advanced URL analysis Click-time URL protection General Configurable point of presence Protection status Installation Quick installation guide Updating the app User manuals Full user guide Testing guide Troubleshooting Frequently asked questions Problems and solutions

Advanced threat analysis

Enhanced sandboxing capabilities are integrated into our multi-stage threat analysis process, ensuring that potential zero-day threats receive a detailed behavioral analysis. 

While many Salesforce protection tools either neglect sandboxing or treat it superficially, our solution dives deeper. Our revamped Advanced Threat Analysis stands out in a marketplace where genuine in-depth sandboxing is rare, especially among CASBs. 

Enjoy bolstered defenses against a broad range of threats, including evasive zero-day malware and advanced file-based attacks. Experience peace of mind, knowing that advanced threats are managed efficiently, ensuring a secure Salesforce environment. 

Enabling advanced threat analysis

For users eager to leverage this feature, the process is quite straightforward: 

  1. Navigate to Administration. 
  2. Proceed to File Protection. 
  3. Access Settings. 
  4. Toggle the Advanced Threat Analysis option to "on." 
  5. Save your changes to activate the feature. 

However, an essential point to note is that the Advanced Threat Analysis employs cloud sandboxing coupled with behavioral analysis. This combination, while rigorous, could lead to extended scan durations. To maximize security, there's an option to block file downloads during the analysis. But, be prepared for potential brief user interruptions and wait times. 

Watch the demo video to see how to configure Advanced Threat Analysis:

How does the Advanced Threat Analysis work?

Cloud Protection for Salesforce Advanced Threat Analysis leverages our cloud-native sandboxing technology, incorporating the same advanced techniques found in our Endpoint Protection solutions such as DeepGuard. This allows for in-depth network behavior analysis on samples executed in a secure, isolated environment. The result is a comprehensive and nuanced understanding of the sample, significantly enhancing our ability to identify and counteract threats. 

Our approach to file sandboxing is governed by a proprietary set of rules, designed to optimize threat detection. While the specifics of these rules are confidential, they consider a range of indicators within the files. Even if initial scans do not identify a file as malicious, a suspicious profile could warrant deeper investigation. In such cases, the file is sent to the sandbox for a more extensive analysis that includes behavioral assessments, further safeguarding your system.  

In practice, imagine a scenario where an attacker attempts to compromise your system by uploading a malicious file to Salesforce. Initially, during its appearance in file events, it's tagged as safe since the file could not be confirmed to be malicious based on the first look. This is not the final verdict. The Advanced Threat Analysis is in motion. 

This file is subjected to meticulous scrutiny within our sandboxing environment. After some time, upon revisiting the file events, you'll notice an update. The in-depth analysis will have reached its conclusion. More often than not, files that might have otherwise escaped detection are identified as malicious, thanks to our sandboxing. 

Should you wish to review the findings, they are available in the Alerts view. The transformation from the file's initial "safe" tag to its final verdict is a testament to the Advanced Threat Analysis's thoroughness. 

Check out the demo video about how the analysis process works: