Enterprise Salesforce Security Breach Detection

Multinational Manufacturing Enterprise

Proactively detects threats to reduce risk of ransomware

This global enterprise is headquartered in Switzerland with subsidiaries around the globe. The complex network of 250+ factories, suppliers, and distributors is bolstered by a multi-org Salesforce implementation leveraging multiple Salesforce clouds including Service, Sales, and Pardot. These geographically segmented Salesforce organizations effectively create data silos with limited ability to monitor user activity across each environment.  CapStorm enables data driven automated thread detection with aggregation across all Salesforce environments.

Graphic of a cog in the CapStorm blue color.


Icon of a person's silhouette in CapStorm blue.

Company Size

Puzzle piece icon in the CapStorm blue color.


Icon representing tech stacks in the CapStorm blue color.

Tech Stack

Blue, black and white cubes floating and falling.


This enterprise’s multi-org Salesforce environment created a security gap as there was no way to proactively monitor for potential security breaches across all systems of record

Salesforce is used with multiple divisions to support Sales, Support, and Marketing with each Salesforce Production organization designed to meet the needs of a different geographic region. This regional segmentation has inadvertently created data silos and limited the ability of the security team to efficiently monitor for potential threats. The ever-grown Salesforce user count has also led to a wide range of Salesforce access configurations, with little standardization across each geographic area. As a further complication, the business struggled with Salesforce’s limits related to two key data points. Retention periods for login history are too short to provide meaningful trends. Query timeouts are frequent when attempting to access event history.


  1. Secure Data Extract

    Data is replicated incrementally from Salesforce into the enterprises’ on-premises relational databases. This replication retrieves key login and history data which is critical for threat detection analysis. The incremental nature of the Salesforce data extract ensures that the database is a mirror replica of the current state of Salesforce. Each replication also contains a Salesforce metadata backup and schema update, automatically modifying the databases to match Salesforce’s structure.

  2. Data Consolidation

    Each Salesforce organization maintains a unique SQL database which ensures the fidelity of the data and allows for individual org analysis.  In addition, key tables are consolidated automatically by CapStorm’s CS:View solution into a single repository. This automation creates a single source of query across all Salesforce environments. 

  3. Security Analysis

    The single source of Salesforce activity is connected to an analytics tool, enabling visualization of trend data across all Salesforce production organizations. Automatic notifications create alerts when abnormal activity is present, ensuring proactive ransomware protection. Metadata analysis across environments is also key to maintaining consistent user credentialing and enforcing a least privileged security model. The self-hosted solutioning allows the business to maintain both long and short views into user trends, bypassing all Salesforce native limitations for event and history data.

Graphic of white, black and CapStorm blue colored cubes stacked on each other.


Checkmark inside of a white circle.

Automated threat detection reduced enterprise risk with near real-time precision alerting.

Checkmark inside of a white circle.

A one-source privilege comparison ensured that the business enforced a global standardization for Salesforce data access.

Checkmark inside of a white circle.

Forecast accuracy increased as trend data for all Salesforce objects can now be monitored over a long period of time, impacting Sales, Service, and the companies’ overall revenue.

Want results like this?

Become a CapStorm Insider

Subscribe to the CapStorm Forecast

This field is for validation purposes and should be left unchanged.