Threat management is the process of detecting, analyzing, and mitigating the security threats occurring on your network. Threat detection can be carried out through various methods, including rule-based, anomaly-based, and behavior-based detection methods. After a threat is detected, it should be analyzed immediately to identify the impact, origin, and other similar details so that you can mitigate threats before they turn into attacks.
In cloud applications that handle sensitive data, user activity logs are a crucial part of threat management. Salesforce event monitoring provides granular details of user activity including logins, logouts, report exports, API calls, and much more. However, in raw format, it is difficult to sift through this data and draw clear conclusions, which is why you need a security information and event management (SIEM) solution in place.
Log360 is a SIEM solution that detects security threats by extensively auditing Salesforce logs. It helps manage Salesforce threats by providing you the capability to detect threats, so you can take necessary action to resolve them immediately.
Log360 comes with an intuitive reporting console that provides trend graphs for Salesforce user activity, report activity, and content activity. These trend graphs help you detect any anomalies.
Moreover, the real-time alerting console lets you build alert profiles to detect any suspicious activities in Salesforce, such as unusual logon times, logon failures due to unauthorized access attempts, and more. With real-time email and SMS notifications, you can quickly act on threats.
Once a threat is detected, you can conduct extensive forensic analysis. With Log360'scomprehensive search tool, search for anything in the log message for any specified time period. Perform multiple character wildcard, grouped, boolean, and phrase searches and much more. You can perform multiple searches to gain a complete picture on the threat, and save the search queries. For instance, if you get an alert on unusual access from a user, you can readily sift through all the recent logs generated by the user with the search tool.
Consider a scenario of data exfiltration where Bob, a user, logs in after working hours and accesses critical account reports. Bob then proceeds to export multiple reports than usual and logs out. Log360 reports and alerts on both login activity and report export activity. With an alert rule configured for unusual logins followed by report exports, you can watch out for suspicious data exfiltration attempts in your Salesforce environment.
As soon as the admin is notified, they can take a quick glance at the trends in both report exports and login activity. They can investigate further by performing a quick forensic analysis with the search tool, and access all the logs that concern Bob. If the logs confirm suspicious activity, the admin can take necessary action.