Building Slack’s Anomaly Event Response

As cyberattacks evolve to unprecedented levels of sophistication and speed, the time gap between breach detection and response has never been more critical. Traditional security approaches often operate reactively, identifying compromises only after damage has occurred. This delay grants attackers a tactical advantage, forcing security teams to focus on damage assessment and remediation rather than proactive threat detection and prevention. Organizations urgently need solutions that dramatically compress the detection-to-response window to regain a defensive advantage.

To tackle this challenge, we’ve developed Anomaly Event Response (AER) – a new proactive defence mechanism inside Slack. By combining real-time monitoring with advanced analytics, AER autonomously identifies high-confidence threat actor behaviours as they emerge on our platform. When suspicious activity is detected, the system automatically terminates the associated user sessions, reducing the security detection and response gap from potential days/hours to mere minutes.

The result? A powerful native security capability that disrupts attack chains before they can be fully executed, preventing data exfiltration and system compromise without requiring additional security tools, integration, or human capital.

Building Slack’s Anomaly Event Response

Other newsrooms on this story

Related reading

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security…

Streamlining Security Investigations with Agents

73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation

Security Velocity: The Next Frontier in Application Security

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

Automate detection testing with GitLab CI/CD and Duo