CloudSOC CASB Gateway

Hi everyone,

It is my first time in this forum and the reason that I come here is that I did not found anything about my trouble in other Internet sites. I am very frustrated, so i would appreciate any help you could give me.

Well, go ahead, I am looking a list about policies to develop in CloudSOC CASB for apply in Salesforce. Something basic and essential, the most initial and importat use case or policies to implement in CASB to improve the security in Salesforce. It very dificult to me, find information about it, maybe because nobody works thinking or implementing policies in Salesforce, but i am sure someone here knows about this subject.

Thanks so much  and I will wait for you answers.

Regards!

Hi Quipemo! Happy to try and help.

Are you protecting SalesForce via API (Securlet) or via Gateway (Gatelet)?

Let's get you going with a Securlet sample, creating a policy for blocking Malware uploads. Policy details:

Cloud Service: Salesforce

For Any Users, External Exposure type, Any domain, user, or sharing

File properties: Again, choose any

Threat Protection: Malware (VBA Macros also recommended)

Notify: Go for the User - they may not know they're infected.

Preserve Content: Move with Tombstone

Response Message Template: You'll need to fill in some templates, so having one for Securelets + Malware is ideal.

Log Policy Match/Severity Level - your choice, but I'd recommend High.

Or let's look at something behavioral/Role-based for Gatelet, like restricting permissions to export reports.

(This is definitely something to chat about with your Cloud planning group before enabling - see CCoE whitepaper link at the end.)

Cloud Service: Salesforce

For Users & Groups - Here's where you call out a group (like engineering?) that you don't want exporting customer lists. You can do it by individual names/logins, too.

Keep selecting Any until you get to Activities. Then:

Object Accessed: Report

Access Type: Export

Define Response: Notify (name of the admin you want to inform)

Block Activity.

Log policy match: Again, go with High Severity.

See how easy?

Best regards!

Cloud Center of Excellence Whitepaper link:

Hi Jeannie Warner, 

Thanks so much for your help. In my case, I am protecting SalesForce via API (Securlet). I take note about the Securlet sample that you comment (creating a policy for blocking Malware uploaded), because is very interesting and useful.

Have you got more examples or documentation, not only about data exposure, but also in other type like access monitoring, or threat score, file sharing policies, etc.?

Best regards!

Hi Quipemo!

Have you examined the Tech Notes for Protect?

With the new skin release on Friday, here's the navigation:

Left-hand icon is Knowledge base: https://app.elastica.net/static/ng/appKnowledgeBase/index.html#/

Look under User Guides for Protect. There are some really good examples on how to build.

LMK if you cannot find!

Hi Jeannie,

Thanks for the advice. I am going to have a look the tech note in the few next days and i tell you my impressions.

In other parallel work line, this policies or user cases (or whatever you want to call them), could be apply in workday cloud service (vía securelet)?

Thanks again and regards! ;)

Workday also has a Tech Note, same location under Knowledge Base. Give it a read, let me know if it helps.

Jeannie