Code42’s exfiltration detector alerts when Salesforce data moves to an untrusted device

Code42 launched a data exfiltration detector in the Code42 Incydr product that detects when reports are exported from an organization’s Salesforce instance to an untrusted destination.

Code42 data exfiltration detector

This offering solves the risk tied to high turnover in sales personnel combined with access to valuable customer, prospect, pricing and pipeline data. The exfiltration detector uses Code42’s Trust capability to alert security teams when Salesforce data moves to the unmanaged personal laptops or mobile devices of malicious, negligent or careless insiders, and doesn’t block employee productivity or impede collaboration.

In a recent survey by Code42 and Pulse Research, a mere one in five security leaders are very confident that they have visibility to employees downloading Salesforce data to personal devices. When employees access, create and export cloud-based Salesforce reports to unmanaged devices – even for legitimate business purposes – confidential data is open to potential exposure and risk. That is because endpoint- and network-based security products cannot detect when data exfiltration happens from cloud-based applications, like Salesforce, via non-corporate devices.

“Our data shows that about two-thirds of employees take critical information with them when they leave to go to a new company. More times than not, they’re leaving for a direct competitor,” said Joe Payne, Code42 president and CEO. “Taking data often is as easy as downloading a report from Salesforce to a personal device. Finally with this new product capability, companies can protect their sales data without blocking employees from getting their jobs done, something that is critical to keep our sales teams productive and growing the business.”

Prioritize data governance of sales data in Salesforce

Security leaders agree that the data housed in Salesforce, if leaked, would open their company to a variety of risks. They also need to provide their security teams with tools that drive efficiency, not increase alert fatigue. In the same Pulse survey, 39% of security leaders ranked customer lists as the data they were most concerned about falling into the wrong hands, closely followed by target account lists (37%).

To help organizations prioritize the governance of their Salesforce data, the new Code42 Incydr exfiltration detector increases visibility into Salesforce and:

  • Detects exfiltration by monitoring organizations’ Salesforce application using an API-based integration, meaning it doesn’t require network layer technology that security teams must deploy and manage.
  • Is built using Code42’s unique Trust capability. It automatically distinguishes when files go to untrusted personal devices versus managed or trusted corporate devices, alerting security to investigate only when an exported report is downloaded to a device that is not monitored. It helps stop high-value customer and pricing data from leaking out of their organizations, mitigates fallout from leaked sales and customer data, and decreases alert fatigue.
  • Highlights critical activity and file movement and gives security teams the context they need to act appropriately. Incydr offers a wide range of response controls that ensure organizations take a right-sized response – in line with their organization’s unique risk tolerance – to contain, resolve and educate when insider risk events are detected.

“The download permissions for Salesforce reports are all or nothing, so it is difficult for security teams to control data loss,” said Dave Capuano, vice president of product for Code42. “With our exfiltration detector, security can protect data that is at risk of being downloaded to unmanaged devices without drowning in alerts for every single movement of data, including those that are for legitimate work purposes and to monitored corporate devices.”

Availability: The data exfiltration detector for Salesforce can be added as additional functionality to a Code42 Incydr subscription and supports both the Salesforce Sales Cloud and Service Cloud products. It is currently available to Incydr customers for purchase.




Share this