VP of Product Management

How Enverus secures Salesforce Data and prevents data breaches with Varonis. Discover how Enverus partnered with Varonis to enhance Salesforce data security, improve threat detection, and prevent a major data breach. Last updated May 22, 2026 As Enverus expanded, its security team needed visibility into the entire data estate, the controls in place, and whether those controls were being enforced, especially within Salesforce, one of its most business-critical platforms. Enverus partnered with Varonis to gain deep visibility into sensitive data, access, permissions, and activity. Its partnership strengthened security, accelerated investigations, improved threat detection, and helped prevent a major data breach tied to a large-scale SaaS supply chain attack. Who is Enverus? Enverus is a decision-support platform serving organizations across the energy and energy infrastructure space, from small independent operators to the world's largest supermajors. The company manages large volumes of data spanning geophysical, petrophysical, operational, and infrastructure workloads, combining proprietary intellectual property with large public and third-party datasets. Visibility across a distributed data estate With data spread across cloud platforms, SaaS applications, and on-premises data centers and databases, each with its own permissions model, configurations, and operational team, Enverus needed consistent data security across its entire environment. The security team needed to answer fundamental questions: * What sensitive data exists across the enterprise? * Where does it live? * Who can access it? * Are controls consistently enforced across environments? A unified platform and security partner Varonis provided Enverus with unified data security across multiple platforms, including AWS, Azure, Salesforce, and Microsoft 365. Varonis gives the security team a comprehensive view of what sensitive data exists, where it lives, who can access it, and whether controls are consistently enforced. Varonis mapped identities across platforms and greatly reduced the blast radius. What had previously been difficult to operationalize became straightforward: identify the highest-risk access, right-size permissions, and report progress against enterprise policy. Enverus was able to move beyond static reviews and spreadsheet-driven analysis. "What surprised us most was Varonis' insight into the data plane from an identity and access perspective. That wasn't what we initially came for, but it's proven to be critical." Alex Acosta, Vice President of Security, Enverus At Enverus, the security and GRC teams define enterprise-wide security and data policies, while application teams own day-to-day platform operations. Varonis helps bridge these teams, providing dashboards and reporting, aligning platform controls to enterprise policy, and delivering consistent controls and visibility. The result is a unified approach that supports both security requirements and business objectives. Simplifying Salesforce data security Salesforce sits at the center of Enverus' operations, with numerous integrations, workflows, and data flows moving in and out of the platform. Salesforce combines business-critical data with complex identity controls and numerous integration points, making data security challenging. Over time, overlapping profiles, permission sets, roles, sharing rules, and connected apps can accumulate, making it difficult to understand a user's effective permissions or identify excess access. The challenge is compounded by the multitude of apps, agents, APIs, and sandboxes that can move data in and out of production and often retain long-lived tokens or create backdoors. Enverus needed: * Complete insight into identity-based permissions within Salesforce * Clear visibility into data flows and workflows * Confidence that access controls were aligned with enterprise security and compliance policies Without a centralized view, answering these questions required manual analysis and spreadsheet-driven reviews that were difficult to operationalize. Get started with its Salesforce Data Risk Assessment. Get your assessment Applying identity security to Salesforce With Varonis, Enverus began applying identity threat detection and response (ITDR) principles directly to Salesforce and other SaaS platforms. What had once been complex, static spreadsheet reviews became: * Clear prioritization of high-risk access * Actionable insights into who and what needed remediation * Simple, repeatable reporting aligned to enterprise policy This transformation empowered both the security team and Salesforce operators to focus on what mattered most. "We now have a far more complete picture of Salesforce than we ever had before." Alex Acosta, Vice President of Security, Enverus Improved Salesforce threat detection In 2025, Enverus' security operations team processed hundreds of alerts per day across its environment. Salesforce emerged as a particularly important attack surface due to its scale, connectivity, and data sensitivity. While most observed activity aligned with legitimate business workflows, a small subset required deeper investigation. Varonis helped to improve threat detection and reduce the deluge of alerts: * Salesforce-specific detections and monitoring * Guidance from a dedicated threat research team * New detection strategies that had not previously been on Enverus' radar This partnership enabled Enverus to investigate novel activity more effectively, validate behavior, and proactively design new detections to reduce future risk. "It felt like Salesforce-specific MDR. We gained a trusted partner with deep Salesforce security expertise that we could lean on as an advisor." - Alex Acosta, Vice President of Security, Enverus Spotlight: Protecting against a large-scale SaaS supply chain attacks In early 2025, by compromising Salesloft's GitHub repos, a threat actor known UNC6395 stole the OAuth tokens that allowed Drift, a widely used chatbot owned by Salesloft, to connect to customers' Azure, Salesforce, Google Workspace, and other integrated platforms. Between August 8 and 18, UNC6395 used those tokens to impersonate the trusted Drift application, bypass MFA, and systematically exfiltrate data from more than 700 organizations including Cloudflare, Zscaler, Palo Alto Networks, and Proofpoint. For most victims, the attack went unnoticed because OAuth abuse appears as normal API traffic, and attackers deleted query jobs to cover their tracks. The majority of affected organizations only learned of the breach when Salesforce and Salesloft notified them more than two weeks after the attack. Enverus was the exception. With Varonis deployed across the environment, Enverus detected, contained, and neutralized the attack before it fully materialized: Step 1: Cross-platform detection. Varonis initially flagged Drift activity in Azure as abnormal since its OAuth token refreshes originated from unusual IP addresses and its API call volumes exceeded Drift's baseline for Enverus. As a result, Varonis issued an alert and started checking Drift activity in other systems. Step 2: Salesforce telemetry confirms the threat. Salesforce Shield Event Monitoring provided detailed logs that allowed Varonis to identify abnormal activity in Salesforce by the Drift connected app, like logins from suspicious IPs and unusual API queries. Step 3: Varonis MDDR responds. Varonis correlated the Azure and Salesforce signals, and its Managed Data Detection and Response (MDDR) team engaged alongside Enverus' security operations to immediately take a series of actions to prevent a breach: * Suspended the compromised identity and revoked OAuth tokens * Classified sensitive fields and attachments to assess potential exposure * Removed excess high-risk permissions, including Export Reports and Create Public Links * Remediated overly permissive sharing rules and misconfigured Salesforce Sites Within two hours, Enverus had full containment and forensic proof that no sensitive data had been exfiltrated. Looking ahead Following the success across Enverus' environment, the team continues to expand its partnership with Varonis. They plan to further build on Salesforce-specific detections, monitoring, and threat prevention strategies while extending visibility and governance across additional platforms. "Varonis has been highly impactful for us, and it's something we're continuing to build on moving forward," Alex shared. What should I do now? Below are three ways you can continue your journey to reduce data risk at your company: Schedule a demo with Varonis Systems, Inc. to see Varonis in action. Varonis Systems, Inc.'ll personalize the session to your org's data security needs and answer any questions. See a sample of its Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation. Follow Varonis Systems, Inc. on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more. Nolan Necoechea Nolan Necoechea is a product marketing strategist at Varonis. He has spent more than a decade working with data and AI innovators.

Varonis: the platform advantage for security. Explore how Varonis' unified approach enhances data, AI, and email security, reduces costs, and prevents breaches through automated solutions and comprehensive visibility. Last updated May 20, 2026 What should I do now? Below are three ways you can continue your journey to reduce data risk at your company: Schedule a demo with Varonis Systems, Inc. to see Varonis in action. Varonis Systems, Inc.'ll personalize the session to your org's data security needs and answer any questions. See a sample of its Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation. Follow Varonis Systems, Inc. on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more. Eugene Feldman Eugene Feldman is a Product Marketer at Varonis, specializing in helping customers secure their data in SaaS applications such as Salesforce, Snowflake, and other enterprise platforms. Before joining Varonis, Eugene worked as a product marketer at Salesforce and several smaller enterprise software and security companies.