7 Reasons to use Netskope Introspection for Slack


Since its launch in 2014, Slack has grown rapidly, making its way into day-to-day use by enterprises large and small. More than just an instant messaging service, the ease with which Slack facilitates collaboration and communication has made it a sticky, “must-have” enterprise cloud service. To top it all off, Slack has continuously expanded its ecosystem, integrating with other applications and tools to increase its stickiness and enterprise criticality.

Information in Slack can be shared either with a group of users (via public or private channel) or with a single user (via direct message). The recipient could be someone inside or outside of your organization, as long as they are a member of your Slack team. Despite the ease of sharing, there is no easy way to restrict sharing information that should not be shared – a network password, authorization token, a certificate signing request, a code snippet, a confidential business plan, a malicious file – the list is endless and the footprint of the impact could be huge.

Slack supports two-factor authentication and single sign-on and offers access logs so that customers can control and monitor who is signing in to their Slack team. However, one of the bigger security challenges in Slack is tracking users’ activities after they sign inwho is sharing what and with whom. One way to gain visibility into activities is simply to be a member of the channel – you can see who are the users on that channel and what they are sharing. But how many channels can one possibly monitor this way? And in reality, since there is no limit to the number of channels that can be created in a team, depending upon the size of your company the number of teams and number of channels can grow from a handful to hundreds in no time. Should you stop your users from using Slack? Of course not. A smarter and manageable alternative is to use a cloud access security broker like Netskope that offers granular visibility into and control over Slack usage across all teams. Here are six reasons to consider Netskope Introspection for Slack, which uses Slack APIs to provide you with granular visibility into your usage across all your teams.

  1. Single tenant instance – Unlike other CASBs, you do not need multiple Netskope tenant instances to manage each of your teams. You can configure as many teams as you want to be supported through a single tenant.
  2. Comprehensive support for Slack – We support both Slack Teams as well as Slack Enterprise Grid. If you are using Slack Teams, get visibility into activities across all your public channels and private channels that your owner/primary owner is a member of. If you are using Slack Enterprise Grid, get visibility into all your public channels, private channels, shared channels and direct messages.
  3. Know your data and how it is shared – scan files and messages for sensitive information using our pre-defined set of DLP profiles or your own custom profile. For every file and message, we provide further details on who posted it, who were the recipients and on which channels and teams it was posted. Based on the members of a channel, a sensitive file or message could be exposed externally and these should ideally be on top of your list for investigation. Netskope Active Cloud DLP uses industry standard content inspection incorporating more than 3,000+ language-independent data identifiers, more than 500 file types, with the added benefit of support for language including Japanese shift JIS and double-byte characters, custom regular expressions with syntax validation, proximity analysis, and document fingerprinting.
  4. Know your users – While Slack provides a list of users that belong to a team, it doesn’t inherently distinguish between your internal and external users, which we can do for you. Get an aggregate list of external domains and know if a competitor or a rogue user sneaked in as a member of one of your teams. Our dashboard provides further details on files and messages shared by each of these users and channels (and teams) that they are a member of. Use this information to clean up your user list and secure your information.
  5. Automate alerts whenever sensitive files or messages are posted in any team or specific teams, by any user or by specific users/user groups. You can choose to get notified via an email or get notified directly on Slack.
  6. Understand how members of your Slack team are sharing information with each other, which third party applications are in use, who are using these applications and which files have been shared using these application.
  7. Identify and remediate threat attacks – Netskope leverages multiple malware detection engines together with Netskope’s own proprietary threat research and analysis to secure cloud applications against a comprehensive set of cloud-resident threats including worms, viruses, rootkits, trojans, backdoors, spyware, adware, dialers, and data destruction attacks, such as ransomware. Customers can also set response actions based on severity of malicious events to either alert or quarantine malware infected files.