Book a demo

Securing Non-Human Identities in Slack

Tal Skverer July 17, 2023

There are more than 2,400 apps in the Slack app directory, and many more from other, non-verified marketplaces that can be integrated via NHIs like OAuth tokens and Webhooks. In fact, only about 10% of connections to Slack come from the official app directory, meaning that many organizations are using numerous third-party app connections with zero vetting, on a daily basis. 

Slack often serves as an organization’s main communications channel. One of its greatest features to help increase productivity and streamline processes is the ability to build and integrate internal and external applications on top of it. 

The risks of unmonitored non-human identities to Slack environments

Each NHI grants powerful access to a third-party app vendor that may not be trustworthy. Once those keys fall into the wrong hands, private conversations could be exposed and passwords or tokens shared within private channels may be accessed.

Your Slack environment could be more exposed than you think

Using the Astrix Security platform, we discovered that Slack environments typically have hundreds of third-party NHIs. From our research we discovered:  

  • On average, for every 5000 employees, we saw 40 new OAuth tokens for Slack apps added every week.
  • 60% of installed Slack integrations were not installed from the official app directory.
  • Out of 4,385 apps integrated within Slack, about 2% had access to the entirety of private channels and the DMs (Direct Messages) of the user who installed them.
  • 5% of the installed apps were able to impersonate the user which installed them, and send messages on their behalf.

How Astrix helps secure your Slack environment

  1. Get a full inventory of all non-human identities in your Slack environment, and understand the risks associated with them.
  2. Get visibility to webhooks created in the installation process of internal and external apps – see the risk they pose, the vendor behind each app and additional risk factors. 
  3. Detect anomalous activity and remediate risks – Astrix’s behavioral analysis looks into the NHI’s access parameters such as geolocation, IP and user agent as well as advanced behavioral parameters such unusual usage, to detect misbehaving services and apps. 
  4. Make faster business and security decisions by understanding the business value of each non-human identity including the usage level (frequency, last maintenance, usage volume), the connection owner, who in the company uses it and the marketplace info.
  5. Get alerts only on risks that expose you to supply chain attacks, data breaches, and compliance violations, and easily remediate them through automated workflows.

Learn more

Approaching NHI Security: Assessing Your Current State and Next Steps
Analysts

Approaching NHI Security: Assessing Your Current State and Next Steps

Michelle Harari
Michelle Harari 20 Jan, 2025
Introducing the OWASP NHI Top 10: Standardizing Non-Human Identity Security

Introducing the OWASP NHI Top 10: Standardizing Non-Human Identity Security

Tal Skverer
Tal Skverer 7 Jan, 2025
Securing NHIs in Jira and Confluence
General

Securing NHIs in Jira and Confluence

Danielle Guetta
Danielle Guetta 6 Jan, 2025

© 2025 Astrix Security. All rights reserved.