Tag: JDS

Implementing Salesforce monitoring in Splunk

The problem

A JDS customer embarked on a project to implement Salesforce to provide their users a single user interface to fulfil their customer needs.  Their aim, to make the interface easy to use and reduce the time to process customer requests.  At the same time, the business had to ensure that their customer data stored in Salesforce was secure and to be able to detect any malicious use.

The Solution

Implementing Splunk with the Splunk Add-on for Salesforce enabled the collection of logs and objects from Salesforce using REST APIs.  This in turn, enabled proactive alerting and the creation of informative dashboards and reports to satisfy the business’ security requirements.

Scenarios detected:

  • Failed or unusual login attempts (same user tries to login from multiple IP addresses)
  • Large amounts of data extracted from Salesforce
  • Unauthorised changes in Salesforce configuration such as Connected Apps settings or Authentication Provider settings
  • Integration user account activity occurring outside of scheduled job runs
  • Privileged user activity
  • Apex code execution

All of this was achieved by setting up the required data inputs via the Splunk Add-on.  Creating lookups to enhance the alert content with meaningful information and macros for re-usability and ease of administration, then adding alerts to ensure the required conditions were notified to the operational support teams.

Splunk dashboards and reports built on Salesforce data allowed the business to easily view login patterns and analyse EventLog events and Setup Audit Trail changes.  Additionally, Salesforce data ingestion and alert summary dashboards were added to assist the support team to identify issues or delays in data ingestion as well as review the number of alerts being generated over time.

When developing any application that provides access to secure information, it’s important to not only monitor in terms of user experience, but also look at security aspects. Our customer was able to satisfy the security monitoring requirements of the business with the Splunk Add-on for Salesforce and achieved their go-live target date. The configured alerts will keep them informed of any potential security issues, giving them confidence that the platform is secure. The accompanying dashboards provide an intuitive summary of user actions, all backed by an extended data retention policy in Splunk to satisfy regulatory compliance. With SalesForce data now available in Splunk, they are planning additional use cases to not only monitor security, but get insights into how the platform is used by employees.

Why choose JDS?

JDS has experience and expertise in bringing SalesForce application data into Splunk . If your focus is on security, performance, or custom monitoring, speak to JDS today about how we can convert your SalesForce data into useful insights.

Security testing—the JDS approach

What is security testing?

Security testing, also known as penetration or vulnerability testing, actively assesses software applications for security weaknesses.  Such weaknesses may exist within the application’s code, configuration, or design, and allow the application to be exploited in a manner that will allow third parties to extract confidential and proprietary information.  

Application security testing is vital to good security practice, as it allows businesses to take control of their risks by identifying and reducing security concerns.  It provides the confidence that your organisational data is safe, and that your clients are protected in turn.

How does it work?

JDS provides an application security testing service that assesses your application’s controls, provides recommendations to remediate identified issues, and removes factors that could aid an attack upon your business.   We provide security testing for applications and environments specialising in web, mobile, and cloud applications.

JDS provides our security testing clients with reports containing both technical definitions of the security issues located and, importantly, the high-level business context for the vulnerability.  This includes scenario modelling in easily digestible language, enabling your business to make appropriate and timely business decisions and reduce your organisational risk profile.

A rigorous approach

JDS adopts the Open Web Application Security Project (OWASP) methodology for application security testing. This ensures all web, mobile, and cloud applications undergo a comprehensive assessment. All the findings and recommendations are made simple for organisations to digest and make informed decisions through the use of abuse cases, risk ratings, live exploit demonstrations, issue representation, and developer education.