Gradient Pattern

Stop Salesforce Phishing Attacks

Arovy is the only solution that blocks unauthorized Salesforce integrations. With the rise of bad actors (e.g. UNC6040, ShinyHunters) targeting Salesforce customers, now is the time to lock down this risk surface.

Book a Demo
Untitled design (2)-3

Trusted by 250+ leading Salesforce customers

Salesforce has Unique Security Challenges

Relying on reactive security controls isn’t enough anymore. You need a dedicated, proactive security solution, tailored for Salesforce. Arovy is purpose-built to address the unique risks with Salesforce environments.

Detect Unauthorized & High-Risk Changes in Near-Real Time

Block Unauthorized Applications

  • Blocking

    Block

    Arovy can automatically block new applications without disrupting your business.

  • Bell Icon

    Alert

    Any new connected app that suddenly appears, or an existing app requesting expanded scopes, is detected and triggers an alert.

Monitor User Authentications

  • Map point icons

    Monitor

    Unexpected user authentications, especially OAuth logins from non-standard IP addresses, will generate real-time alerts.

Neglecting User Access Leads to Major Concerns
Optimize Shield Implementation-1

Event Monitoring

  • Application Security Monitoring icon-1

    Salesforce Shield Events

    Arovy ingests Salesforce Shield events and spots irregular data-exfiltration patterns (e.g., hundreds of records being mass-exported by a Data Loader instance).

  • Shield Icon

    Identify

    Correlating these anomalies with the connected-app alerts provide a clear signal that an active data theft is underway.

FAQ

If you have any additional questions, contact us.

What are the UNC6040 Attacks?
Toggle icon

A sophisticated hacking group known as UNC6040 targeted Salesforce customers in a highly coordinated phishing campaign—specifically vishing (voice phishing). Learn more here.

How would Arovy have prevented this attack?
Toggle icon

1. New Application Monitor

Any new connected app that suddenly appears, or an existing app requesting expanded scopes, is detected and triggers an alert.  Arovy can also automatically block unapproved applications.


In this case, the malicious Data Loader would have been flagged the moment it tried to register as a connected app.


2. New User Monitor
Unexpected user authentications, especially OAuth logins from non-standard IP addresses, generate real-time alerts.


3. Event Monitoring
Since Arovy ingests Salesforce Shield events, it would spot irregular data-exfiltration patterns (e.g., hundreds of records being mass-exported by a Data Loader instance).


Correlating these anomalies with the connected-app alerts would provide a clear signal that an active data theft was underway.

gradient

Stop Salesforce Attacks Today

See how Arovy would have stopped this type of attack:

Book a Demo

Additional Resources

hero image - Top 10 Use Cases for Salesforce Shield’s Event Monitoring

Overcoming the Top Security Challenges of Salesforce Shield Event Monitoring

Read
Untitled design (2)-3

UNC6040: Salesforce Voice Phishing (Vishing) Attacks: What You Need to Know

Read
hero image - Unlocking the Power of Salesforce Shield Event Monitoring to Secure Connected Apps in the Age of AI

Unlocking the Power of Salesforce Shield Event Monitoring to Secure Connected Apps in the Age of AI

Read