This global enterprise is headquartered in Switzerland with subsidiaries around the globe. The complex network of 250+ factories, suppliers, and distributors is bolstered by a multi-org Salesforce implementation leveraging multiple Salesforce clouds including Service, Sales, and Pardot. These geographically segmented Salesforce organizations effectively create data silos with limited ability to monitor user activity across each environment. CapStorm enables data driven automated thread detection with aggregation across all Salesforce environments.
Salesforce is used with multiple divisions to support Sales, Support, and Marketing with each Salesforce Production organization designed to meet the needs of a different geographic region. This regional segmentation has inadvertently created data silos and limited the ability of the security team to efficiently monitor for potential threats. The ever-grown Salesforce user count has also led to a wide range of Salesforce access configurations, with little standardization across each geographic area. As a further complication, the business struggled with Salesforce’s limits related to two key data points. Retention periods for login history are too short to provide meaningful trends. Query timeouts are frequent when attempting to access event history.
Data is replicated incrementally from Salesforce into the enterprises’ on-premises relational databases. This replication retrieves key login and history data which is critical for threat detection analysis. The incremental nature of the Salesforce data extract ensures that the database is a mirror replica of the current state of Salesforce. Each replication also contains a Salesforce metadata backup and schema update, automatically modifying the databases to match Salesforce’s structure.
Each Salesforce organization maintains a unique SQL database which ensures the fidelity of the data and allows for individual org analysis. In addition, key tables are consolidated automatically by CapStorm’s CS:View solution into a single repository. This automation creates a single source of query across all Salesforce environments.
The single source of Salesforce activity is connected to an analytics tool, enabling visualization of trend data across all Salesforce production organizations. Automatic notifications create alerts when abnormal activity is present, ensuring proactive ransomware protection. Metadata analysis across environments is also key to maintaining consistent user credentialing and enforcing a least privileged security model. The self-hosted solutioning allows the business to maintain both long and short views into user trends, bypassing all Salesforce native limitations for event and history data.
Automated threat detection reduced enterprise risk with near real-time precision alerting.
A one-source privilege comparison ensured that the business enforced a global standardization for Salesforce data access.
Forecast accuracy increased as trend data for all Salesforce objects can now be monitored over a long period of time, impacting Sales, Service, and the companies’ overall revenue.