Event Monitoring: Use Powerful Insights to Improve Performance and Security
3 likes3,720 views
The document discusses Salesforce's event monitoring capabilities, highlighting its utility in enhancing performance and security through data analysis and user behavior insights. It includes real-world applications from companies like Cisco, LendingPoint, and SolarCity, demonstrating how they leverage event monitoring for security and compliance. The presentation outlines features such as customizable alerts, real-time security actions, and a roadmap for future enhancements.
Event Monitoring: Use Powerful Insights to Improve Performance and Security
- 1. Event Monitoring Adam Torman Director, Product Management atorman@salesforce.com @atorman Use Powerful Insights to Improve Performance and Security
- 2. Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. Safe Harbor
- 3. 1. Why Event Monitoring 2. What is Event Monitoring 3. Customer Stories 1. Cisco 2. Lending Point 3. SolarCity 4. What does the future hold What will we cover today Agenda
- 4. Why Event Monitoring + what is Event Monitoring
- 5. Companies Are Running Their Business on the App Cloud How do I know what my users are doing on the system? How can I ensure we are getting the best use of the platform? How do I provide the best support to my users?
- 6. 1. Support • Provide better, data-driven support for your end users 2. Audit • Improve the security of your data 3. Optimize • Fine-tune your application portfolio and business process Visibility into user actions and behavior for every Salesforce application Event Monitoring
- 7. How does it work? • Capture Data – 29 event types captured – 30 days of events retained – One day lag from event occurrence to when it is available in the API 1 • Analyze the data – Use any analytics tool – Leverage pre-built integrations with AppExchange partners – Option to export to CSV file 2 • Take Action – Improve app performance – Initiatives to increase adoption – Modify governance policies – Automation using triggers and workflow 3
- 8. Cisco Systems, Inc Using Event Logs for Customer Data Protection Bill Schongar Technical Leader bschonga@cisco.com @uilleam
- 9. Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. At Cisco customers come first and an integral part of our DNA is creating long-lasting customer partnerships and working with them to identify their needs and provide solutions that support their success.
- 10. How to detect patterns of inappropriate data access by authorized users Do you really need to see that? Ideally, we’d like to know: • Do users have “enough but not too much” access to do their jobs? • Is that access being used effectively and appropriately? • Is anything out of the ordinary?
- 11. Event Log files give powerful visibility into per-User data access X-Ray vision for Data Access • Event Log Data is extracted from SFDC, fed to in-house analytics system • Analytics system examines authorized user behaviors for proper and efficient use • Dashboards visualize usage patterns, Notifications provide alerting to potential issues
- 12. 1. Event Logs are not (“yet”, right Adam?) realtime, so account for the delay in planning your use 2. In Data Security you learn from your “false positive” alerts. And that’s a good thing. 3. Open Source Toolchains work very well with ELF (eg Jenkins + Pentaho Community) 4. Minimize what logs you need until you really need them 5. ELF + Salesforce Wave would be a very handy thing! Event log data analysis lessons for the data curious Some lessons learned
- 13. Lending Point Solving for Compliance with Event Monitoring ● Franck Fatras ● Founder / CTO ● LendingPoint ● ffatras@lendingpoint.com ● http://www.linkedin.com/in/franckfatras ●
- 14. LendingPoint Who We Are & Why We Are LendingPoint is an online direct lender, extending personal loans to underserved, near-prime consumers We offer fair rates and terms for consumers who typically do not have access to traditional lending options Less than perfect credit doesn’t necessarily mean bad credit We are on a mission to change the lending environment to treat those with fair credit fairly 5 Years + RISK + - 90 Days Tradi4onal Lending 2005 Pay Day Lenders Tradi4onal Banks 5 Years + RISK + - 90 Days Tradi4onal Lending 2014
- 15. What Were We Solving For? • We must answer to: • Customers • Investors • Regulators • Financial companies & PII (Personal Identifiable Information) • External threats • Internal threats • Information security • Real-time monitoring
- 16. A Build vs Buy Decision Considerations: • Cost to implement • Time to market = Cost of Lost opportunities • Scalability & Flexibility • TCO (Total Cost of Ownership) • Learning from others’ pitfalls
- 17. Event Monitoring • Provides raw data for timely decisions • With FairWarning, data is analyzed and customized alerts are built • Able to react quickly and efficiently • Analyze approximately 50M records a quarter • When new requirements arise, new alerts can be created
- 19. Key Takeaways Tips and questions to ask when considering a build vs buy decision Map your timeline - how quickly do you need to be up and running? Does the solution already exist? Is it customizable and scalable? Think about the costs of not getting to market or implementing quickly Operational cost/benefit analysis of building versus buying
- 20. Solar City Using Event Monitoring to Build a Data-Driven Security Program Bryan Yeung Senior Manager, Sales and Marketing Systems byeung@solarcity.com @btyeung Kate Slattery Data Scientist kslattery@solarcity.com @k_slat
- 21. Building a Security Program Salesforce Event Monitoring with Splunk Salesforce Admin Team 2014 2015 Salesforce Users
- 22. Use Case Salesforce Event Monitoring with Splunk
- 23. Use Case Salesforce Event Monitoring with Splunk
- 25. Setup Audit Trail API GA Winter ‘16 Monitor Key Setup Events Escalate privileges, Login-As, User creation Easily Integrate Build new apps or integrate with SIEM systems Part of the Platform Not an add-on service or part of Salesforce Shield
- 26. Real Time Security Actions For User Activity Monitoring Customizable Apex Policies Framework auto-generated policies Define Real Time Actions Notify, Block, Force 2FA, Session Chooser Enforce Session Constraints Control the number of active user sessions New in Winter ‘16
- 27. Transaction Security Policy Framework: Concurrent Sessions Pre-generated policy to control the number of concurrent user sessions Control access based on profile, IP address or other common user info New session chooser page allows users to select sessions to terminate New in Winter ‘16
- 28. Login Forensics Near Real-time Queryable Events Login Session Tracking Differentiate actions by each login and device Customizability Add extensible information like correlation ids PILOT Summer ‘15
- 29. Admin Analytics Wave App Pre-configured Dashboards and Lenses Audit, Optimize, Adopt Customizability Edit or create new dashboards on logs Shareability Share specific log use cases with different groups PILOT Summer ‘15
- 30. Data Leakage Pilot Key Features Track who’s accessing your records API only SOQL Queryable (with constraints - see considerations) Raw API event data Near real-time API queries via SOAP, REST, and BULK APIs Pilot Summer ‘15
- 31. Create powerful new Wave applications Api Events + Login Events Wave Dashboard is an example of an application you can build - it is not shipping with the release Track trends Login behavior Find a needle in the haystack of users and behaviors Profile API Query access of records including sensitive data accessed (e.g. PII), rows processed, and elapsed time by user, object, IP, and user agent
- 32. Apex Limit Event Pilot Key Features API Only Hard Limits Only • e.g. Too Many SOQL Queries Near Real-time Events • similar to batch Apex • < 5 min in general Admin Controlled - Org Preference 6 Hourly Roll-up Metrics Pilot Summer ‘15
- 33. Key Capabilities: Create powerful new applications ApexLimitEvents Visualforce page with Google Charting API is an example of an application you can build - it is not shipping with the release Track trends in changes over time Capture most recent ten events Sample app: http://bit.ly/apexLimitApp
- 34. Event Monitoring Roadmap Apex Limit Event Transaction Security: Concurrent Sessions Admin Analytics Wave App Setup Audit Trail API Reduced Time for Event Log File Generation Winter ‘16 Spring ‘16 Summer ‘16 2nd Half 2016 Data Leakage Detection Login Forensics Today!
- 35. Introducing: Salesforce App Cloud FORCE HEROKU ENTERPRISE THUNDER AppExchange Trailhead Shared Identity & Data Model Integration Shield Trusted and Connected Platform Run all your apps on a trusted platform Speed and Agility Every employee can build fast with clicks or code Complete Enterprise Ecosystem Best place to learn, build, buy, and sell apps
- 36. Win one of ten SONOS speakers at the App Cloud Keynote! App Cloud Product Showcase Moscone North IT Ranger Station in the Dev Zone Moscone West, 2nd Floor Thursday, September 17, 2pm — Moscone South Tod Nielsen EVP, App Cloud Salesforce Mike Anderson CIO Crossmark Herry Stallings AVP App Dev USAA Heather Quiqley-Allen VP Marketing Bosma Enterprises Learn more about App Cloud:
- 37. Q&A
- 38. Thank you