Enterprise Salesforce Security Breach Detection

Multi-National Manufacturing Organization with 5+ Salesforce Production Organizations


Security teams at this multinational manufacturer wanted an anomaly detection solution that automatically alerts abnormal Salesforce activity of a potential security breach. Specifically, analyzing Salesforce login history and event log files over a period of time across 5 Salesforce production organizations. Native Salesforce functionality had key limiters; a fixed retention period for login history and recurring query timeouts when attempting to search log history.


CapStorm’s Salesforce data extract functionality replicated login history and event logs to the organization’s relational database. The incremental nature of the solution meant data volumes, regardless of volume sizes, and frequent deltas could be stored locally. Data retention periods were set to meet security standards for each object, and CapStorms’ View solution was leveraged to create a single point of a query across all Salesforce organizations. This enabled automated cross-org analysis both in real-time and longitudinally to identify trends over long periods of time.


Automated threat detection protects the business against both internal and external risks, including a rogue employee or ransomware attempts. Analysis of login history trends over time also gives the business insight into user CRM utilization for individual users and user roles, making it simple to identify any groups that may need additional Salesforce training.

Like this article?

Share on facebook
Share on Facebook
Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share via Email
Become a CapStorm Insider

Subscribe to the CapStorm Forecast

This field is for validation purposes and should be left unchanged.