Workplace communication platform Slack is releasing three new security features to help organizations detect suspicious behavior, protect their Slack instance with proactive alerts and configure 12 different identity providers to a single organization.
With remote and hybrid work proving to have staying power regardless of the existence of a health crisis, tools such as Slack will continue to be relied upon to help organizations connect and collaborate remotely. However, these workplace models create security and privacy challenges, which Slack is trying to solve with these new security features.
This month, Slack will be releasing audit log UI, the third of three new security features for enterprise customers designed to enhance the company’s security program. This is in addition to the already released session anomaly events and multi-SAML login feature, says Kevin Clark, Slack’s vice president of security.
Together, the tools make for a “broad security update that will help teams protect themselves from external and internal threats without any extra budget, head count or code needed,” Clark says.
The update includes a new audit log dashboard that allows admins to quickly review suspicious events via a no-code user interface designed for companies with a limited IT security staff and a budget for expensive SIEM tools.
This allows admins to see which public channels were previewed by an attacker that has compromised a user’s credentials. The log automatically flags activity for internal teams to review further, eliminating the need to manually search for the information.
“Using the dashboard, you can search for the attacker and our new event ‘public_channel_preview’ to see all channels the user previewed,” the company says. “You’ll also have the ability to allocate permission to admins, giving them access at an organizational level.”
The security update also includes a new feature that flags session anomaly events to an organization’s audit logs so they can perform internal reviews as needed. Slack will automatically analyze sessions to identify potentially malicious inconsistences, such as session-switching networks or cloning fingerprints from a token. Those events will be added to a customers’ audit logs, which are viewable via the API or UI, according to Slack.
Lastly, the company is enabling customers that use multiple identity providers to have multi-SAML, enabling users to securely sign in to Slack from up to 12 different identity providers. Rather than requiring some employees to use email and password, this option gives everyone more control and security, Slack says.
“These new security enhancements provide even more transparency and ease of use, so anyone—regardless of their technical background—can feel secure in this new era of work,” Clark says.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply