Helsinki, Finland – October 2025: Attacks targeting Salesforce are on the rise as criminals exploit trusted access to slip past defenses. WithSecure™ Cloud Protection for Salesforce has launched Identity Protection, a new capability to the Salesforce threat protection solution, and the first of its kind to detect compromised partner and customer Salesforce accounts before they can be weaponized.

While enterprises invest heavily in identity security for employees, external users accessing Salesforce through partner, supplier, and customer portals often fall outside these protections. Security researchers consistently identify compromised credentials as a leading entry vector for data breaches.

In high-trust environments like Salesforce partner portals, external users can become the weakest link – a single compromised credential from a supplier or dealer can open the door to fraud worth tens of thousands of euros. That’s why identity threat detection and credential compromise visibility are now essential to keeping Salesforce secure.

Identity compromise: costly and hard to detect

These accounts can number in the tens of thousands per Salesforce customer – and when even one credential is stolen or reused across systems, attackers can gain access and remain undetected for months.

"The front door isn’t forced open anymore – it’s unlocked with stolen keys." said Juhana Autio, General Manager, WithSecure Cloud Protection for Salesforce. "Even companies with million-dollar security stacks can't defend against a trusted account that's already been compromised. External users have long been a blind spot in Salesforce, and we're closing it."

Identity-based intrusions are among the most expensive to remediate – and often the slowest to detect and contain.

Security that fits Salesforce – not the other way around 

WithSecure’s Identity Protection capability continuously monitors Salesforce user credentials against a live feed of exclusive breach intelligence – sourced from both public and dark web data – to detect when accounts have been exposed in third-party breaches.

The new capability is included with all user-based licenses of WithSecure Cloud Protection for Salesforce at the time of launch and is available now.

For more information, visit: https://cloudprotection.com/identity-protection/

About WithSecure™ Cloud Protection for Salesforce
WithSecure Cloud Protection for Salesforce safeguards your cloud environment against advanced cyber threats. You can run your digital business without disruption – free from ransomware, zero-day malware, viruses, trojans and phishing links. The bespoke solution is designed in close collaboration with Salesforce and managed directly from your Salesforce portal. 

Media contact
Elisa Mustonen

About WithSecure™

WithSecure™, formerly F-Secure Business, is Europe's cyber security partner of choice. Trusted by IT service providers, MSSPs, and businesses worldwide, we deliver outcome-based cyber security solutions that protect mid-market companies. Committed to the European Way of data protection, WithSecure prioritizes privacy, data sovereignty, and regulatory compliance.

Boasting more than 35 years of industry experience, WithSecure™ has designed its portfolio to navigate the paradigm shift from reactive to proactive cyber security. In alignment with its commitment to collaborative growth, WithSecure™ offers partners flexible commercial models, ensuring mutual success across the dynamic cyber security landscape.

Central to WithSecure's™ cutting-edge offering is Elements Cloud, which seamlessly integrates AI-powered technologies, human expertise, and co-security services. Further, it empowers mid-market customers with modular capabilities spanning endpoint and cloud protection, threat detection and response, and exposure management.

WithSecure™ Corporation was founded in 1988, and is listed on the NASDAQ OMX Helsinki Ltd.