Cloud App Security 如何協助保護您的 Salesforce 環境How Cloud App Security helps protect your Salesforce environment

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

重要

Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

Salesforce 是主要的 CRM 雲端提供者,它會在您的組織內併入有關客戶、定價手冊和主要交易的大量機密資訊。As a major CRM cloud provider, Salesforce incorporates large amounts of sensitive information about customers, pricing playbooks, and major deals inside your organization. 身為業務關鍵的應用程式,Salesforce 是由您組織內的人員以及 (it 以外的其他人(例如合作夥伴和承包商) 基於各種用途)所存取及使用。Being a business-critical app, Salesforce is accessed and used by people inside your organization and by others outside of it (such as partners and contractors) for various purposes. 在許多情況下,存取 Salesforce 的大量使用者對於安全性的認知很低,而且可能會不慎共用您的機密資訊。In many cases, a large proportion of your users accessing Salesforce have low awareness of security and might put your sensitive information at risk by unintentionally sharing it. 在其他情況下,惡意執行者可能會取得您最機密的客戶相關資產的存取權。In other instances, malicious actors may gain access to your most sensitive customer-related assets.

將 Salesforce 連接到 Cloud App Security 可讓您更深入瞭解使用者的活動、使用以機器學習為基礎的異常偵測和資訊保護偵測來提供威脅偵測 (例如偵測外部資訊共用) 、啟用自動化補救控制項,以及偵測您組織中已啟用的協力廠商應用程式所帶來的威脅。Connecting Salesforce to Cloud App Security gives you improved insights into your users’ activities, provides threat detection using machine learning based anomaly detections and information protection detections (such as detecting external information sharing), enables automated remediation controls, and detects threats from enabled third-party apps in your organization.

主要威脅Main threats

  • 遭盜用的帳戶和內部威脅Compromised accounts and insider threats
  • 資料外洩Data leakage
  • 更高的許可權Elevated privileges
  • 安全性意識不足Insufficient security awareness
  • 惡意的協力廠商應用程式和 Google 附加元件Malicious third-party apps and Google add-ons
  • 勒索軟體Ransomware
  • 未受管理的攜帶您自己的裝置 (BYOD) Unmanaged bring your own device (BYOD)

Cloud App Security 如何協助保護您的環境How Cloud App Security helps to protect your environment

使用內建原則和原則範本來控制 SalesforceControl Salesforce with built-in policies and policy templates

您可以使用下列內建原則範本來偵測潛在威脅並通知您:You can use the following built-in policy templates to detect and notify you about potential threats:

類型Type 名稱Name
內建的異常偵測原則Built-in anomaly detection policy 來自匿名 IP 位址的活動Activity from anonymous IP addresses
罕見國家/地區的活動Activity from infrequent country
可疑 IP 位址的活動Activity from suspicious IP addresses
不可能的移動Impossible travel
終止的使用者 (所執行的活動 需要 AAD 作為 IdP) Activity performed by terminated user (requires AAD as IdP)
多次失敗的登入嘗試Multiple failed login attempts
勒索軟體偵測Ransomware detection
不尋常的系統管理活動Unusual administrative activities
異常檔案刪除活動Unusual file deletion activities
異常檔案共用活動Unusual file share activities
異常模擬活動Unusual impersonated activities
不尋常的多個檔案下載活動Unusual multiple file download activities
活動原則範本Activity policy template 從有風險的 IP 位址登入Logon from a risky IP address
單一使用者大量下載Mass download by a single user
潛在的勒索軟體活動Potential ransomware activity
檔案原則範本File policy template 偵測到與未授權網域共用的檔案Detect a file shared with an unauthorized domain
偵測使用個人電子郵件地址共用的檔案Detect a file shared with personal email addresses
使用 PII/PCI/PHI 偵測檔案Detect files with PII/PCI/PHI

如需建立原則的詳細資訊,請參閱 建立原則For more information about creating policies, see Create a policy.

自動化治理控制項Automate governance controls

除了監視潛在威脅之外,您還可以套用並自動執行下列 Salesforce 治理動作來補救偵測到的威脅:In addition to monitoring for potential threats, you can apply and automate the following Salesforce governance actions to remediate detected threats:

類型Type 動作Action
使用者治理User governance -通知使用者暫止的警示- Notify users of pending alerts
-傳送 DLP 違規摘要給檔案擁有者- Send DLP violation digest to file owners
-暫停使用者- Suspend user
-透過 Azure AD) 通知使用者警示 (- Notify user on alert (via Azure AD)
-要求使用者重新登入 (via Azure AD) - Require user to sign in again (via Azure AD)
-透過 Azure AD) 暫停使用者 (- Suspend user (via Azure AD)
OAuth 應用程式治理OAuth app governance -撤銷使用者的 OAuth 應用程式- Revoke OAuth app for users

如需從應用程式修復威脅的詳細資訊,請參閱 管理已連線的應用程式For more information about remediating threats from apps, see Governing connected apps.

即時保護 SalesforceProtect Salesforce in real time

請參閱我們的最佳作法,以 保護與外部使用者的安全, 以及 封鎖和保護將機密資料下載到未受管理或具風險的裝置Review our best practices for securing and collaborating with external users and blocking and protecting the download of sensitive data to unmanaged or risky devices.

下一步Next steps