SaaS Security - Slack

Avanan provides a security solution for Slack, as part of a long line of SaaS services it protects. Slack Security includes Data Loss Prevention (DLP) scan of text messages and files, and Malware scan for files.

 

Avanan Cloud Security for Slack

Slack is a solution for work collaboration and includes instant messaging, file sharing and other features that made a very popular service. While Slack provides (i.e. multi-factor authentication), it lacks many other basic security features.

Avanan provides a unique security solution for Software as a Service (SaaS) platforms. Avanan scans direct messaging and channels, scanning private (internal users) and private-to-public communication. The engine can quarantine malicious content, and automatically remediates threats in every channel, direct message, and connected app.

The solution offers:

  • DLP scan of posted text messages and files

  • Malware scan of files

 

Benefits

  • Secure Slack communication, scanning for Malicious files and Data Leakage (DLP).
  • Generate actionable events on Slack malicious content.
  • Integrated solution to protect SaaS platforms, including Slack.

 

Default Policies

There are 2 default Security Policies for Slack:

  1. Slack DLP: scans posted text messages for potentially leaked information, such as Credit Card and SSN.
  2. Slack Threat Protection: scans files loaded to Slack for malicious content.

The policies include an option to skip generating events on internal communication.

 

Actions

  1. Tombstone message/file: move a message/file to a quarantine area in Slack servers.
    Example:
    slack0
  2. Restore message/file: restore a message/file quarantined to the original location.
  3. Alert owner: sends an email to the owner of an affected file or message.

 

Prerequisites

  • Licensing: Discovery API support is required to scan messages. The following plans are supported:
    • Enterprise Grid: supported by default.
    • Plus: Reach out to Slack to discuss the options.
  • Permissions
    • Onboarding user must have admin access to the workspaces that would be protected.
    • For Enterprise Grids, the onboarding user should be part of the workspace that you want to protect.

 

Configurations

On-boarding

  1. Navigate to SaaS Apps and click Start on the Slack app.
  2. A new browser window will open with Slack sign-in.
    slack2
  3. Sign in to your Slack account as an Admin.
  4. A permission approval dialog will show. Approve access to Avanan Cloud Security.
    wizard2
  5. The Slack App configuration dialog will show.
    wizard3
    The configuration includes the following:
    1. Configure Tombstone text for messages and files.

 

New Policy Creation

  1. Navigate to Policy page.
  2. Add new policy by click on the + button near Slack.
  3. On “Choose Security” combo-box select DLP or Malware.
  4. Next.
  5. On “Mode” combo-box select protection mode (Detect and Protect or Monitor).
  6. Based on the policy type:
    1. Select the requested DLP rules.
    2. Choose if you want to activate the scans on internal messages (not shared with external users).
    1. Select the tools you want to activate in the scan.
    • DLP
    • Malware
  7. Click “Save and Apply”.

 

Stop Slack protection

  1. Go to SaaS Apps and click Stop on the Slack app.
    stop

 

Forensics

Slack detections are recorded as events for forensic and auditing purposes. The events types depend on the policy type that created the event. For DLP the events include what type of sensitive information was potentially leaked (PII, HIPAA, etc.). 

The events can be viewed in the “Events” screen.
events-1