Astrix
One of Slack's greatest features is the ability to build and integrate internal and external applications on top of it.
With thousands of integrations for Slack available online, employees increasingly connect third-party apps to their organization's Slack account to increase productivity and streamline processes.
However, each connection grants powerful access keys to a third-party app vendor that may not be trusted. Once those keys fall into the wrong hands, private conversations could be exposed, and passwords or tokens shared within private channels may be accessed.
With Astrix, you can leverage Slack’s third-party connectivity while preventing supply chain attacks. Astrix Security Platform provides you with a host of features that ensure your company’s Slack usage is secure and that your organization's sensitive data remains protected.
Holistic visibility: Discover connections of internal and third-party applications to your organization’s Slack account, as soon as they emerge.
Real-time threat detection: Get alerts only on risks that expose you to supply chain attacks, data breaches, and compliance violations due to over-privileged, unnecessary, and malicious third-party connections.
Rapid remediation: We take the load off the security team by automating remediation workflows, integrating with your daily IT service management tools, and enabling end-users to resolve security issues in the process.
Lifecycle management: Monitors every third-party app from the moment it connects to your Slack and adjusts security controls when any significant change occurs to keep your attack surface minimized.
With thousands of integrations for Slack available online, employees increasingly connect third-party apps to their organization's Slack account to increase productivity and streamline processes.
However, each connection grants powerful access keys to a third-party app vendor that may not be trusted. Once those keys fall into the wrong hands, private conversations could be exposed, and passwords or tokens shared within private channels may be accessed.
With Astrix, you can leverage Slack’s third-party connectivity while preventing supply chain attacks. Astrix Security Platform provides you with a host of features that ensure your company’s Slack usage is secure and that your organization's sensitive data remains protected.
Holistic visibility: Discover connections of internal and third-party applications to your organization’s Slack account, as soon as they emerge.
Real-time threat detection: Get alerts only on risks that expose you to supply chain attacks, data breaches, and compliance violations due to over-privileged, unnecessary, and malicious third-party connections.
Rapid remediation: We take the load off the security team by automating remediation workflows, integrating with your daily IT service management tools, and enabling end-users to resolve security issues in the process.
Lifecycle management: Monitors every third-party app from the moment it connects to your Slack and adjusts security controls when any significant change occurs to keep your attack surface minimized.
Permissions
Astrix will be able to view:
Astrix will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Astrix Security Ltd
Company headquarters location
Israel
Terms of service
https://astrix.security/terms-of-use/
Privacy & data governance
Data retention policy
Retention is defined as the maintenance of Records in a production or live environment that can be accessed by an authorized user in the ordinary course of business. Records used in staging, development, and testing, or draft versions of documents shall neither be retained beyond their active use period, nor copied into production or live environments.
A record is in a retention period while it is in active use (as stipulated in the Record Retention Requirements Table in Appendix A), unless an exception has been granted to permit a longer or shorter active use period by the Department responsible for creating, using, processing, disclosing, storing, and destroying the Records.
After the active use period has expired, (considering the appropriate exceptions,) Records shall be archived in accordance with Archiving Policy section. Afterwards, the Records are destroyed in accordance with Destruction Policy section.
For the purposes of enforcing retention, each department shall be responsible for the Records it creates, uses, stores, processes, and destroys. A sample list of Record types used within Astrix departments is specified in the Record Retention Requirements Table in Appendix A. This list shall be maintained by each Department Manager.
Each Department Manager shall be responsible for enforcing the retention, archiving and destruction of Records, and for communicating these stages to the relevant employees.
The Astrix Legal Department may issue a litigation hold request to a Department Manager that requires that Records relating to potential or actual litigation, arbitration, or other claims, demands, disputes, or regulatory action be retained in accordance with instructions from the Legal Department.
*Full policy will be shared upon request.
** We are soc2 compliant, audit can be shared after full MNDA prcoess.
Data archiving and removal policy
The archive period of Records shall be seven years, unless an exception has been granted for a longer or shorter active use period by the Department Manager who is responsible for creating, using, processing, disclosing, storing, and destroying the Records.
An archiving period of greater than seven years may be granted as an exception for Records with a vital historical purpose, such as corporate Records, contracts, or technical knowhow. The Department Manager shall request an exception to archive Records in accordance with the Exceptions to the Retention Period section. Such exception requests shall specify the administrative, organizational, and technical measures needed to ensure the confidentiality, integrity, and availability of such Records.
An archiving period of less than seven years may be granted by exception for Records with a limited business purpose, such as emails, messages, travel itineraries, pre-trip advisories, or to comply with client or industry requirements.
After the archive period has expired, Records shall be destroyed in accordance with the Destruction Policy section.
For the purposes of enforcing archiving, each department shall be responsible for the Records it creates, uses, stores, processes, and destroys. A sample list of Record types used within Astrix Departments is specified in the Record Retention Requirements Table in Appendix A. This list shall be maintained by each Department Manager.
Destruction is defined as when information contained in the Record is rendered irretrievable by ordinary commercially available means, both physically and technically.
The Astrix Security team shall maintain and enforce a detailed list of approved destruction methods appropriate for each type of archived information, whether on physical storage media (such as CD-ROMs, DVDs, backup tapes, hard drives, mobile devices, or portable drives), or in database Records or backup files.
Paper Records shall be shredded using secure, locked consoles designated in each office, from which waste shall be periodically collected and disposed of by security-screened personnel.
*Full policy will be shared upon request.
** We are soc2 compliant, audit can be shared after full MNDA prcoess.
Data storage policy
Records must comply with all applicable legal, regulatory, and contractual requirements.
Records must not be held for any longer than required.
The protection of Records (i.e., their confidentiality, integrity, and availability) must be in accordance with their security classification.
Records must remain retrievable in line with business requirements at all times.
Records containing personal data must not be able to identify individuals.
Depending upon the classification of information and the storage medium, cryptographic techniques shall be used to ensure Record confidentiality and integrity. Care shall be taken to ensure that encryption keys used to encrypt Records are securely stored for the life of the relevant records and shall comply with Astrix’s policy on cryptography.
*Full policy will be shared upon request.
** We are soc2 compliant, audit can be shared after full MNDA prcoess.
Data center location(s)
United States
Data hosting details
Cloud hosted: Atlas, MongoDB, and AWS RDS
Data hosting company
Amazon Inc (AWS), MongoDB, Inc.
App/service has sub-processors
no
App/service uses large language models (LLM)
no
Certifications & compliance
Data deletion request procedure
The requests will be routed according to the nature of the request:
Scenario ‘A’ requests pertain to Astrix’s capacity as a data processor on behalf of its clients (i.e., Client data that is potentially stored in Astrix’s production database and system).
Scenario ‘B’ requests pertain to Astrix’s capacity as a data controller on behalf of Astrix employees (past or present), and possibly related to business contacts (i.e., customers or suppliers).
Scenario A - Request handling flow – Data Deletion
An individual submits a data deletion request to Astrix via an Astrix customer.
The request arrives at privacy@astrixsecurity.com.
The DPO-Legal reviews the legal aspects of the request and approved its handling.
The DPO-CS reviews the customer relations and system usage aspects, advises the customer how to control the data, and discusses the impact of the request (e.g., contradicting compliances, laws, system use, or user experience).
The DPO-CS customer advises the customer to search his relevant account/s and deletes the data as requested.
If requested by a customer and approved by DPO-CS and DPO-Legal, Astrix may decide to facilitate the process in the following manner:
The customer will search the relevant account/s at Astrix’s SaaS and provide Astrix with a user name for Astrix’s system so that Astrix will be able to remove all data uploaded or changed using the specific Astrix username.
Within three months the deleted data will be totally removed from Astrix’s records.
Scenario B - Request handling flow – Data Deletion
An Astrix employee (current or former), contractor, or provider submits a Data Deletion request to Astrix.
The request arrives at privacy@astrixsecurity.com
The DPO-Legal reviews the legal/financial aspects of the request and approves its handling.
The DPO-Legal contacts the requestor and discusses with him the impact and aspects of his request.
The DPO-Legal contacts the relevant internal systems owners to delete the requested information and updates the requestor.
The DPO-Legal contacts Astrix IT and third parties to assure that data is removed from backups at the end of the backup cycle.
*Full policy will be shared upon request.
** We are soc2 compliant, audit can be shared after full MNDA prcoess.
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2023-11-01
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Okta, OneLogin, Microsoft, Azure AD, Google.
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
support@astrix.security
Has a vulnerability disclosure program
no
Has a bug bounty program
no
Requires third party authorization/connections
no
Third party services used by this app
Amazon (AWS), Atlas (MongoDB)
Uses token rotation
no