Slack is fast becoming one of the most popular communication and collaboration tools for business, corporate and professional users. Its elegant interface and overall ease of use has allowed Slack to outpace most other instant messaging deployments. With over 10 million daily active users, it’s even making a run at replacing email in some organizations.
In terms of protecting messages from outside eyes, the Slack platform does a good job. It features end-to-end encryption which includes data at rest. The platform also holds high-level security and compliance certifications from both government and private sector regulatory organizations.
As good as messaging protection is in Slack, a native installation of the application remains vulnerable in a few key areas. For one, Slack has over 900 bots and apps to connect it to third-party programs like Salesforce and Google Drive. That means that vulnerabilities in any of those external programs could carry over to Slack.
More critically, while protecting messages from unauthorized and outside users is handled well, Slack natively does not scan for malware, protected content, personal information or even objectionable material. Whether by unintentional users, turncoat insiders or hackers who have compromised an authorized user’s credentials, there is nothing preventing Slack from being used to spread malware or acting as a jumping off point for lateral movement by skilled attackers.
To lockdown, monitor and control internal messages and content within Slack, the company opened up the platform to third-party developers. Now about 80 apps are designed to do everything from filtering URLs to blocking malware to remediating threats within Slack. Here are ten tools that can help protect your Slack deployment.
Avanan Cloud Security Platform
One of the most comprehensive security applications available within Slack, the Avanan platform offers an umbrella of protection that incorporates lots of tools from other vendors in a single, unified platform. It can scan every file that goes through Slack looking for malware as well as filter URLs to block content coming from questionable sites or those that don’t comply with company policies. It can also look at data and check for compliancy issues, blocking things like personal or financial information, or protected company content.
From the control panel, administrators can track things like suspicious user behavior, potential phishing attacks and even help to remediate threats that are attacking the organization’s Slack network. The biggest advantage to the Avanan Platform is the fact that it brings together a lot of protection under one application instead of trying to add everything together piecemeal.
Moderate Content
Whereas some Slack security apps perform many tasks, Moderate Content only does one thing, but in an area that is often overlooked. The Moderate Content app scans all image files being sent through your organization’s Slack network, rates them based on things like adult or violent content, and censors images that break company policy. Users still see that an adult or violent image was sent, but only heavily pixelated with an explanation as to why. Because images are being sent through the Moderate Content servers for analysis, it adds a couple seconds to transmission times.
The app is fully configurable, allowing administrators to tweak the filtering to include things like smoking, alcohol use or suggestive material.
McAfee Skyhigh for Slack
While the McAfee name is most associated with antivirus, for Slack the Skyhigh app looks at data protection and user behavior. For data loss prevention, Skyhigh can examine both files sent through Slack and the messages themselves. Besides blocking protected information from being shared, the app can also take several actions including coaching users, notifying an administrator, encrypting content, quarantining a message for human examination or deleting it.
Suspicious user behavior is handled though a machine learning engine that examines everything a user has ever posted on Slack to look for anomalies. If actions are taken, Skyhigh incorporates that into its artificial intelligence so that it can become more accurate over time.
DBOT by Demisto
DBOT by Demisto is a smaller app, technically a bot, that scans all URLs, files and IP addresses looking for malicious content. Unlike most security tools with elaborate administrator interfaces, DBOT directly warns users when it finds something like a file being served from an IP with known malware. It is also a free and open source tool that can be quickly added to any Slack installation for an extra layer of protection.
Cisco Cloudlock
Served up as part of their cloud access security broker (CASB) offering, Cisco Cloudlock extends Cisco’s malware protection to the Slack platform. As part of the CASB program, Cloudlock has access to data gathered by 10 million installations and over a billion collected threats each day. With seamless integration into network proxies and firewalls, Cloudlock can automatically configure defenses against malware spotted anywhere in the world.
MetaCert Security
Designed to protect all direct messaging inside Slack, MetaCert Security scans links and compares those results to their internal database of categorized URLs, which is one of the largest in the world. The database is so comprehensive that several other applications are licensed to tap into the MetaCert data pool.
MetaCert also provides anti-phishing protection and a full dashboard of link and file analytics. It can show administrators what users are sharing across the entire Slack network.
ZeroFOX for Slack
Offered through a software as a service (SaaS) platform, ZeroFOX has an advanced administrator interface that lets security managers point to the Slack channels and groups that need monitoring, and how to protect them. Options include looking for malicious links, malware, abusive posts, inappropriate language and advanced threats.
Once a threat is discovered, ZeroFOX can automatically remediate it in real time to protect users from exposure. As a unique offering, ZeroFOX can also ensure that all company executive locations are never accidentally shared, keeping them safe from physical threats like kidnapping.
Metashield Bot
Because Slack can be used to easily share office documents, it puts users at risk of threats that can be hiding inside them, like corrupted or malicious metadata. Metashield Bot can scan and remove those threats before users activate them. The app can also find confidential information hidden in metadata and remove it before it gets accidentally shared.
Broadcom (Symantec) CloudSOC
The CloudSOC application, which Broadcom recently acquired from Symantec, is another CASB offering that has been extended to Slack. Within Slack, CloudSOC uses machine learning to detect threats, scan for protected data, watch for users acting suspiciously and malware. In addition to stopping attacks, CloudSOC offers a full forensic analysis tool to show what tactics hackers tried to use.
SecurityAdvisorBot
The SecurityAdvisorBot is a little bit different from other offerings in that its focus is on training users how to safely use Slack. When it detects protected data being shared, abusive language or other content and behavior that breaks policy, it will notify an administrator and provide offending users with a brief training session. It can also be used to educate first time users on Slack company policies and on good cybersecurity in general.
Questions to ask when implementing Slack security apps
Almost every Slack security app offers a trial version for testing these days, and a few are available for free. Before you start installing them, there are a few questions that you should probably ask.
Will your chosen app or apps completely protect your Slack installation, company data and users?
Although some Slack tools offer multiple protections, many specialize in one or two areas. Be sure that if you choose an app that only offers malware scanning, you add another that provides URL scanning, phishing safeguards or whatever extra protections your organization needs. Even something like insider threat protection might be useful in high-security or heavily regulated industries like government, finance and healthcare.
Do you want to monitor a security dashboard?
Some apps like MetaCert Security, ZeroFOX and McAfee Skyhigh offer internal dashboards that track threats, almost like miniature security information and event management (SIEM) consoles. A few like Symantec CloudSOC even offer forensic analysis of attacks. Others like DBOT are more lightweight and directly warn users about threats it finds.
Having a dashboard might seem like a good thing, but only if you have a security team ready and willing to monitor yet another SIEM-like tool.
Do you need real-time protection?
Applications like the Avanan Cloud Security Platform, Moderate Content, ZeroFOX and MetaCert Security can scan and take action on a Slack message within seconds. Others might take a bit longer, which might be problematic in fast-moving organizations or those with thousands of users. Thankfully, almost every Slack security app offers a free trial period. Speed of scanning and remediation should be right up there with accuracy in terms of testing.
Do you want or need another CASB vendor?
Many of the Slack security applications are served through CASB vendors. In general, this means that the protection was created for other applications and then applied to Slack. Others like MetaCert Security were designed specifically for the platform.
Many of the CASB offerings are already mature and proven with millions of users. CASBs generally work by protecting multiple platforms at reducing costs, so bringing in a CASB vendor just for Slack might prove expensive. If you already have a CASB agreement for your organization, be sure to ask them if they can extend it to Slack before bringing in something new.