Salesforce is being pressured to go on the offensive in security after an increased rate of cyberattacks in recent months.
Seemingly in response to these attacks, Salesforce has announced a partnership with cybersecurity expert CrowdStrike.
In a statement released last Wednesday, the two companies confirmed that they would be building a new strategic partnership to increase Salesforce’s security of AI agents, applications, and mission-critical workflows.
The collaboration will see Salesforce leveraging CrowdStrike’s Falcon Shield, an agentic security platform that will serve as a security measure to protect Salesforce’s customers’ third-party software.
The Falcon integration will use AI-powered analytics to prevent real-time breaches, flag detected risky behavior, and offer visibility and automated responses to any SaaS threats.
CrowdStrike will also integrate Charlotte AI, an agentic security analyst designed to assist security teams by flagging potential threats and recommend practical actions.
Charlotte AI will be available to Salesforce customers by the end of the year.
Why is Salesforce Partnering?
While the vendor has not confirmed why it is entering into an agreement with CrowdStrike, the numerous cyberattacks directed at its customers in recent months will have undoubtedly played a part.
Several of Salesforce’s high-profile customers have been the subject of increased data theft and extortion intrusions from cybercrime groups such as ShinyHunters and ScatteredSpider, including Google, Adidas and Farmers Insurance.
This is typically done through social engineering, tricking customers into thinking they’re Salesforce’s customer service or IT support, as well as convincing employees into giving them access to their devices and login credentials.
This partnership decision also follows from the FBI alert on September 12th, warning organizations using Salesforce platforms of various cybercriminal groups after reported cases of attackers stealing customer tokens on SalesLoft Drift.
Indeed, Salesforce hinted at its recent troubles in an interview with theCUBE, where Marla Hay, Senior Vice President of Product Management at Salesforce, emphasized that collaborating would be necessary to secure the customer journey into the “agentic enterprise.
We are absolutely thrilled to be partnering with one of the industry leaders in security. Our customers will now get the benefit of their entire ecosystem set of events monitoring, threat decisions via CrowdStrike.
Why Salesforce and CRM Systems Are Being Targeted
Salesforce and CRM systems are particularly sensitive to cyberattacks due to the high-value data they contain and the major role they play in modern digital transformation.
Moreover, the current stage of AI makes organizations such as Salesforce vulnerable, as it means there is more customer data than ever before.
A keynote delivered last Wednesday by CrowdStrike CEO, George Kurtz, explained how older models of SOCs are now being discarded by the industry for their inability to tackle AI-driven threats.
Now that generative AI is being weaponized, the speed at which SOCs can respond are obsolete, cybersecurity defenses are constantly being challenged in new ways, meaning it is therefore up to the industry to remain alert and prepared for any new changes.
But will the partnership actually help?
Salesforce will be hoping that the integration of CrowdStrike’s specialist solutions will help the company manage the AI agents that utilize and handle data.
Salesforce will also be able to trace these agents back to their human creators and identify their sources, as well as detect any other unusual activity inside the organisation in real time.
And with integrating systems such as Charlotte AI, human security teams will be able to respond quickly and take over responsibility for any compromised devices.
It is clear that Salesforce is taking the recent attacks very seriously. In order to combat a more sophisticated hacker toolkit, organizations must ensure their security measures are just as innovative and robust.
After all, if it can happen to Salesforce, it can happen to anyone.
