FireEye Stories Blog

Multi-Channel Collaboration: Protecting Work Across Microsoft Teams and Slack

Workplace collaboration is essential to the success of any business. With an increasing amount of people working remotely, collaboration tools such as Microsoft Teams and Slack allow employees to work together seamlessly, regardless of where their ‘office’ may be.

Teams and Slack use messaging platforms that enable employees to chat, share files and URLs to be more effective in their work. The open nature and increasing use of these messaging tools, however, carries inherent risks that can result in a major security breach.

Here are the Microsoft Teams and Slack daily active users as of November 2019:

Source: Business Insider

Messaging and collaboration tools are slowly starting to encroach on email’s lead as a preferred business communication tool. Depending on the industry, we are seeing customers use internal messaging tools anywhere between 10% and 30% of the time instead of email. FireEye, along with many industry analysts, expect this number to increase over the years as messaging and collaboration tools increase in functionality and general acceptance amongst organizations significantly.

This is precisely why we are introducing FireEye Messaging Security.

Bad actors are constantly modifying their tactics to gain access to business data. By accessing collaboration tools, cyber criminals can wreak havoc from within an organization. For instance, bad actors can log into Office 365, access Teams and attack corporations internally as they impersonate a trusted user. Malicious files and URLs introduced from inside an organization can also have damaging affects.

The following screenshots show examples of malicious activity in a Teams environment and how FireEye Messaging Security can help.

Figure 1: Microsoft Teams chat window containing a malicious URL

In this example, Dwight asks his colleague for a link and Amy responds with a URL. FireEye identifies the URL to be malicious and sends a message to the conversation.

Figure 2: Details of FireEye Messaging Security alert in a Teams chat

The FireEye generated message provides information on why the URL was flagged and provides a link to a screenshot of the URL landing page.

Figure 3: Malicious URL screenshot

In the next example, Amy sends Dwight a file that is deemed malicious.

Figure 4: Malicious file identification in a Teams chat

Figure 5: Detailed reporting via direct link to FireEye Helix

Figure 6: Report detail

These examples illustrate how bad actors can attack using Microsoft Teams. It’s likely that Amy’s account may have been compromised and is being used to send phishing campaigns and/or malware. With visible alerts from FireEye, users are able to see if a URL or file is either safe or malicious.

In order to maintain a safe collaboration environment, messaging tools must provide protection against the advanced threats that target daily users. This is why FireEye now protects collaboration tools such as Teams and Slack. Our industry-leading threat intelligence and detection efficacy allow business teams and coworkers to share files and URLs inside or outside of the organization with confidence.

Here are some of the key features of FireEye Messaging Security:

  • Platform agnostic (Teams, Slack and more)
  • Near real-time file and URL scanning and detonation
  • Full reporting and forensics via a direct link to FireEye Helix

To summarize, Teams and Slack are typically unmonitored and can cause security breaches from within an organization. FireEye Messaging Security provides the critical protection needed to help prevent security breaches while giving internal team members the confidence to collaborate securely.

For more information on FireEye Messaging Security, check out today’s news announcement. Current FireEye Email Security customers can participate in this early access program by emailing