Slacking on insider threats? Investigative and monitoring approaches to use within Slack to locate bad actors

It is no secret that Slack’s popularity has exploded in recent years- once dubbed “the email killer”, organizations have implemented Slack as an efficient collaboration environment either alongside email, and in some instances, replacing email as their primary internal communication mechanism.  Although a large portion of communication and file transfers are taking place within Slack, often organizations are missing this crucial evidence during an investigation, either due to a lack of understanding or improper retention. Furthermore, organizations should be taking a proactive investigative approach and onboarding Slack as part of their insider threat program.

In this presentation, we will review a case study where Slack data was crucial to the investigation.  Additionally, we’ll also review current investigative approaches, both reactive and proactive, as well as mechanisms for conducting insider threat investigations in Slack. Lastly, we’ll show how AXIOM Cyber can help expediate your organization’s Slack investigations.