Testing guide

This guide describes how you can test WithSecure Cloud Protection for Salesforce and offers tips and techniques that you can use to plan further tests

WithSecure Cloud Protection for Salesforce is a cloud-based security solution that is designed to improve and extend the native security capabilities of the Salesforce platforms.

WithSecure Cloud Protection for Salesforce analyzes the content that enters or leaves the Salesforce cloud, so that files and URLs that are uploaded or downloaded from a Salesforce organization cannot be used in cyber attacks against your company, partners, or customers.

The solution comprises a native Salesforce application and WithSecure Security Cloud that provides file and website reputation and security services. The WithSecure Cloud Protection application isinstalled on Salesforce Sales, Service, or ExperienceCloud (previously known asCommunityCloud)that your company uses. You do not need to install any othersoftware or make any changesto your network configuration.

WithSecure Security Cloud is a cloud-based threat analysis and response system. It analyzesthe threatintelligence thatis gathered by ourmillions ofsensor nodes, creating a vast database of digital threats that builds a real-time picture of the global threat situation.

WithSecure Cloud Protection for Salesforce leverages this data to respond to changes in the global or local threat landscape within minutes. For example, when our heuristic and behavior analysis identifies a new zero-day attack, the information is shared with all our customers - rendering the advanced attack harmless very soon after the initial detection.

The solution is designed to reduce delays and it does not hinder the use of Salesforce. When analyzing files or content, the solution uses a multi-stage processthat leverages WithSecure Security Cloud. The steps within this process are triggered based on the risk profile ofthe content. For example, only high-risk files go through a deeper analysiswith our Smart Cloud Sandboxing technology, which is designed to prevent attacks using zero-daymalware and other advanced threats.

WithSecure provides three different ways to test WithSecure Cloud Protection for Salesforce.

1. Book a live demo from WithSecure.

Send an email to cloudprotection@WithSecure.com to book a solution walkthrough and live demo session.

2. Take a Test Drive in a preconfigured Salesforce organization.

SalesforceAppExchange Test Drive offers an easy way to test WithSecure Cloud Protection for Salesforce. The solution is already installed in a test organization and you can try out downloading or uploading malicious files, uploading or clicking malicious and disallowed URLs, and take a closer look at WithSecure Analytics, reports, and settings.

3. Install a 30-day free trial in your Salesforce organization.

Install WithSecure Cloud Protection in your own Salesforce organization for more in-depth testing. You can install the solution in minutes from Salesforce AppExchange, and after that the solution is automatically running in 30-day trial mode. Follow the WithSecure Quick Installation Guide when installing the solution.

To make it easier and more convenient for you to test WithSecure Cloud Protection for Salesforce, there is a preconfigured Salesforce Test Drive that includes the Anti-Malware Testfile (EICAR) and WithSecure URLs for testing.

Note: EICAR is an antimalware test file and it is not harmful to your computer. For more information, see https://www.eicar.org/.

Follow these steps to start testing Cloud Protection for Salesforce in Test Drive.

1. Click Take a Test Drive in the WithSecure Cloud Protection app listing.

2. Log in to AppExchange using your Salesforce account.

You now have access to the Salesforce Test Drive organization and will see the WithSecure Cloud Protection for Salesforce Protection Dashboard.

Follow these instructions to see an example of how file protection works.

1. Go to App Launcher and open Sales.

2. Click Accounts and select WithSecure Demo Account.

You can see that WithSecure Cloud Protection for Salesforce has removed a malicious file on upload and replaced it with a text file: [HARMFUL CONTENT REMOVED] Example_MaliciousFile.

3. Try to download Example_MaliciousFile.docx.

WithSecure Cloud Protection for Salesforce blocks the download.

Follow these instructions to see an example of how URL protection works.

1. Go to App Launcher and open Chatter. WithSecure Cloud Protection for Salesforce has rewritten original URLs for analysis purposes.

2. Try clicking the WithSecure test URLs. WithSecure Cloud Protection for Salesforce blocks access to the harmful and disallowed websites.

WithSecure Cloud Protection for Salesforce includes an analyticssection where you can see all of the eventsfor files and URLs that have been checked.

1. Go to App Launcher and open Cloud Protection.

2. Go to the Analytics > File Events tab. You will see all file analytics events and have access to the file event history.

3. Click View in the History column for an event. The File Event History view opens, showing the details of the upload and download actions for the selected file.

4. Go to the Analytics > URL Events tab. You will see all URL analytics events and have access to the URL event history.

5. Click View in the History column for an event.

The URL Event History view opens, showing the details of the post and open actions for the selected URL.

The Summary tab shows you an overview of your Salesforce content.

Click the Summary tab. This dashboard shows you the full statistics for your Salesforce content that WithSecure Cloud Protection for Salesforce has checked.

Note: The More reports option is available in trial and production versions of the solution.

In Test Drive, you cannot change the settings for WithSecure Cloud Protection for Salesforce, but you can see what settings are available.

Click the Administration tab.

This shows you the settings that are available for the file and URL protection components as well as general settings for the solution.

WithSecure offers a free 30-day trial test period for all Salesforce customers.

You can install WithSecure Cloud Protection for Salesforce in a few minutes to yoursandbox, development, or production organization directly from Salesforce AppExchange.

Follow the instructions in the Quick installation guide when installing the solution.

Follow these instructions to test the file protection with the Eicar test file.

1. Download the Eicar.com test file from https://www.eicar.org/download-anti-malware-testfile/ and rename it to Example_MaliciousFile.docx.

Note: Even though it is not harmful, Eicar.com isidentified as malware fortesting purposes. If your anti-malware protection blocks the file, exclude a folder from real-time scanning and place the Eicar.com file there.

2. Upload Example_MaliciousFile.docx and any clean file to Salesforce Files or Chatter.

3. Go to App Launcher and open Cloud Protection.

4. Go to the Analytics > File Events tab. This shows you one clean file and one blocked file.

5. Try to download both files. You can download the clean file, but the malicious file is blocked.

6. Go back to the Analytics > File Events tab to see the download events.

7. Click View to see the full event history.

This shows you all upload and download actions for the selected file.

Follow these instructions to test the URL protection using the test domains.

1. Go to App Launcher and open Cloud Protection.

2. Go to the Administration > URL Protection tab.

3. For this test, make sure that Gambling is selected in the Select disallowed categories list.

4. Post two example URLs unsafe.fstestdomain.com and gambling.fstestdomain.info to Salesforce Chatter.

5. Open Chatter to see two new posts where URLs has been rewritten.

6. Go back to WithSecure Cloud Protection and go to the Analytics > URL Events tab. This shows you two new Chatter posts.

7. Go back to Chatter and try to open both links. You will see Harmful web site blocked and Disallowed web site blocked block pages.

8. Go back to WithSecure Cloud Protection and go to the Analytics > URL Events tab again. This shows you two URL opening events.

9. Click View to see the full event history. This shows you all posting and opening actions for the selected URL.

The Summary tab shows you an overview and reporting tools for your Salesforce content.

1. Click the Summary tab. This dashboard shows you the full statistics for your Salesforce content that WithSecure Cloud Protection for Salesforce has checked.

2. Click More reports to access the available built-in reports. The solution includes three built-in dashboards: Protected Content Analytics, File Protection Details, and URL Protection Details. You can also create your own dashboards and reports using the available attributes. Attributes for file reports:

• Created By: Full Name
• Created Date
• Date/Time
• File Extension
• File Name
• File Scan ID
• File Size
• File Type
• IP Address
• Last Modified By: Full Name
• Last Modified Date
• Name
• Owner: Full Name
• Record Id
• Scan Type
• SHA1
• Location
• User: Full Name
• Verdict
• Owner (First Name, Full Name, Last Name, Owner ID, Phone, Profile: Name, Rule: Name, Title, Username, Email, Alias, Active)
• Reason
• File Prevalence
• File Reputation Rating

Attributes for URL reports:

• URL Scan: ID
• URL Scan: Name
• Action
• Categories
• Date/Time
• Direction
• IP Address
• Location
• Reason
• Reputation
• Reputation Description
• URL
• User
• Verdict
• Owner Name
• Owner Alias
• Owner Role
• Created By
• Created Alias
• Created Date
• Last Modified By
• Last Modified Alias
• Last Modified Date

In the trial version of WithSecure Cloud Protection for Salesforce, you can change the settings that are described in the Quick Installation Guide.

Click the Administration tab.

This shows you the settings that are available for the file and URL protection components as well as general settings for the solution.