SkypeShield has developed an innovative active directory federation services (ADFS or AD FS) Protector. The solution uses a unified monitoring and prevention mechanism to block Distributed-Denial-of-Service (DDoS) attacks causing Active Directory network account lockout.
The ADFS Protector is an ideal solution for Office 365 deployments, Skype for Business (SfB) and Microsoft Exchange.
The security component protects against account lockout attacks coming through ADFS authentication channels by monitoring the traffic to the ADFS server. It sanitizes and blocks (in the DMZ) failed login attempts to the Active Directory, while allowing valid users to continue working seamlessly.
By using SkypeShield’s ADFS Protector, companies can manage their identities on premise in their Active Directory, while taking advantage of online services such as Skype for Business and Exchange.
The solution offers the following advantages:
- Prevents account lockout while using ADFS
- Provides generic protection covering all Office 365 services and custom application using ADFS
- Supports Azure AD connect
- Allows unified monitoring of ADFS and Active directory services
- Provides monitoring tools with extended info
The ADFS Protector includes auditing tools allowing clear failed login monitoring and management, including IP addresses and frequency of attempts. In addition, it minimizes the load on the Active Directory and improves security by configuring a whitelist pattern of authentication requests, filtering the requests in the DMZ and enabling valid requests to enter the network.
ADFS protector addresses scenarios that other generic solution fail to handle, including the ADFS Extranet Lockout feature of Win 2012 R2.
The ADFS Protector supports hybrid and online deployments of any services using ADFS authentication such as Office 365, Skype for Business and Microsoft Exchange.