Upload
dreamforce
View
1.129
Download
0
Embed Size (px)
Citation preview
Event Monitoring
Adam Torman Director, Product Management [email protected] @atorman
Use Powerful Insights to Improve Performance and Security
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Safe Harbor
1. Why Event Monitoring
2. What is Event Monitoring
3. Customer Stories
1. Cisco
2. Lending Point
3. SolarCity
4. What does the future hold
What will we cover today Agenda
Why Event Monitoring + what is Event Monitoring
Companies Are Running Their Business on the App Cloud
How do I know what my users are doing on the system? How can I ensure we are getting the best use of the platform? How do I provide the best support to my users?
1. Support
• Provide better, data-driven support for your end users
2. Audit
• Improve the security of your data
3. Optimize
• Fine-tune your application portfolio and business process
Visibility into user actions and behavior for every Salesforce application Event Monitoring
How does it work?
• Capture Data – 29 event types
captured – 30 days of events
retained – One day lag from
event occurrence to when it is available in the API
1 • Analyze the data – Use any analytics tool – Leverage pre-built
integrations with AppExchange partners
– Option to export to CSV file
2 • Take Action – Improve app
performance – Initiatives to increase
adoption – Modify governance
policies – Automation using
triggers and workflow
3
Cisco Systems, Inc Using Event Logs for Customer Data Protection
Bill Schongar Technical Leader [email protected] @uilleam
Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected.
At Cisco customers come first and an integral part of our DNA is creating long-lasting customer partnerships and working with them to identify their needs and provide solutions that support their success.
How to detect patterns of inappropriate data access by authorized users Do you really need to see that?
Ideally, we’d like to know:
• Do users have “enough but not too much” access to do their jobs?
• Is that access being used effectively and appropriately?
• Is anything out of the ordinary?
Event Log files give powerful visibility into per-User data access X-Ray vision for Data Access
• Event Log Data is extracted from SFDC, fed to in-house analytics system
• Analytics system examines authorized user behaviors for proper and efficient use
• Dashboards visualize usage patterns, Notifications provide alerting to potential issues
1. Event Logs are not (“yet”, right Adam?) realtime, so account for the delay in planning your use
2. In Data Security you learn from your “false positive” alerts. And that’s a good thing.
3. Open Source Toolchains work very well with ELF (eg Jenkins + Pentaho Community)
4. Minimize what logs you need until you really need them
5. ELF + Salesforce Wave would be a very handy thing!
Event log data analysis lessons for the data curious Some lessons learned
Lending Point Solving for Compliance with Event Monitoring
● Franck Fatras ● Founder / CTO ● LendingPoint ● [email protected] ● http://www.linkedin.com/in/franckfatras ●
LendingPoint Who We Are & Why We Are
LendingPoint is an online direct lender, extending personal loans to underserved, near-prime consumers
We offer fair rates and terms for consumers who typically do not have access to traditional lending options
Less than perfect credit doesn’t necessarily mean bad credit
We are on a mission to change the lending environment to treat those with fair credit fairly
5 Years +
RISK
+
-90 Days
Tradi4onal Lending 2005
Pay Day Lenders
Tradi4onal Banks
5 Years + RISK
+
-90 Days
Tradi4onal Lending 2014
What Were We Solving For?
• We must answer to: • Customers
• Investors
• Regulators
• Financial companies & PII (Personal Identifiable Information)
• External threats
• Internal threats
• Information security
• Real-time monitoring
A Build vs Buy Decision
Considerations:
• Cost to implement
• Time to market = Cost of Lost opportunities
• Scalability & Flexibility
• TCO (Total Cost of Ownership)
• Learning from others’ pitfalls
Event Monitoring
• Provides raw data for timely decisions
• With FairWarning, data is analyzed and customized alerts are built
• Able to react quickly and efficiently
• Analyze approximately 50M records a quarter
• When new requirements arise, new alerts can be created
FairWarning Dashboard
Key Takeaways Tips and questions to ask when considering a build vs buy decision
Map your timeline - how quickly do you need to be up and running?
Does the solution already exist?
Is it customizable and scalable?
Think about the costs of not getting to market or implementing quickly
Operational cost/benefit analysis of building versus buying
Solar City Using Event Monitoring to Build a Data-Driven Security Program
Bryan Yeung Senior Manager, Sales and Marketing Systems [email protected] @btyeung
Kate Slattery Data Scientist [email protected] @k_slat
Building a Security Program Salesforce Event Monitoring with Splunk
Salesforce Admin Team
2014
2015
Salesforce Users
Use Case Salesforce Event Monitoring with Splunk
Use Case Salesforce Event Monitoring with Splunk
Event Monitoring Roadmap
Setup Audit Trail API
GA Winter
‘16 Monitor Key Setup Events Escalate privileges, Login-As, User creation
Easily Integrate Build new apps or integrate with SIEM systems
Part of the Platform Not an add-on service or part of Salesforce Shield
Real Time Security Actions For User Activity Monitoring
Customizable Apex Policies Framework auto-generated policies
Define Real Time Actions Notify, Block, Force 2FA, Session Chooser
Enforce Session Constraints Control the number of active user sessions
New in Winter
‘16
Transaction Security Policy Framework: Concurrent Sessions
Pre-generated policy to control the number of concurrent user sessions
Control access based on profile, IP address or other common user info
New session chooser page allows users to select sessions to terminate
New in Winter
‘16
Login Forensics
Near Real-time Queryable Events Login
Session Tracking Differentiate actions by each login and device
Customizability Add extensible information like correlation ids
PILOT Summer
‘15
Admin Analytics Wave App
Pre-configured Dashboards and Lenses Audit, Optimize, Adopt
Customizability Edit or create new dashboards on logs
Shareability Share specific log use cases with different groups
PILOT Summer
‘15
Data Leakage Pilot Key Features
Track who’s accessing your
records
API only
SOQL Queryable (with constraints
- see considerations)
Raw API event data
Near real-time
API queries via SOAP, REST, and
BULK APIs
Pilot Summer
‘15
Create powerful new Wave applications
Api Events + Login Events Wave Dashboard
is an example of an application you can build
- it is not shipping with the release
Track trends Login behavior
Find a needle in the haystack of users and
behaviors
Profile API Query access of records including
sensitive data accessed (e.g. PII), rows
processed, and elapsed time by user, object, IP,
and user agent
Apex Limit Event Pilot Key Features
API Only
Hard Limits Only
• e.g. Too Many SOQL Queries
Near Real-time Events
• similar to batch Apex
• < 5 min in general
Admin Controlled - Org Preference
6 Hourly Roll-up Metrics
Pilot Summer
‘15
Key Capabilities: Create powerful new applications ApexLimitEvents
Visualforce page with Google Charting API is
an example of an application you can build
- it is not shipping with the release
Track trends in changes over time
Capture most recent ten events
Sample app: http://bit.ly/apexLimitApp
Event Monitoring Roadmap
Apex Limit Event Transaction Security: Concurrent Sessions
Admin Analytics Wave App
Setup Audit Trail API
Reduced Time for Event Log File
Generation
Winter ‘16 Spring ‘16 Summer ‘16 2nd Half 2016
Data Leakage Detection
Login Forensics
Today!
Introducing: Salesforce App Cloud
FORCE HEROKU ENTERPRISE THUNDER
AppExchange Trailhead
Shared Identity & Data Model Integration Shield
Trusted and Connected Platform Run all your apps on a trusted platform Speed and Agility Every employee can build fast with clicks or code Complete Enterprise Ecosystem Best place to learn, build, buy, and sell apps
Win one of ten SONOS speakers at the App Cloud Keynote!
App Cloud Product Showcase
Moscone North
IT Ranger Station in the Dev Zone
Moscone West, 2nd Floor
Thursday, September 17, 2pm — Moscone South
Tod Nielsen
EVP, App Cloud Salesforce
Mike Anderson
CIO Crossmark
Herry Stallings
AVP App Dev USAA
Heather Quiqley-Allen
VP Marketing Bosma Enterprises
Learn more about App Cloud:
Q&A
Thank you