The Importance of Audio DLP for Microsoft Teams and Webex

Businesses are gradually discovering the value of being able to track audio discussions as workplace collaboration environments get more complicated. Regulators have also raised their expectations for governance and compliance standards in DLP discovery for Microsoft Teams and Webex.

Table of contents 

  1. Data Loss Prevention for written content: the tip of the iceberg
  2. The limitations of manual voice call monitoring 
  3. Compliance regulations and audio monitoring 
  4. How to effectively apply Audio DLP for Microsoft Teams and Webex

Data Loss Prevention for written content: The tip of the iceberg

Organizations today are aware that they must guard against the malicious or unintentional disclosure of sensitive information while users are using collaboration tools such as Microsoft Teams and Webex. However, many continue to make the error of concentrating solely on written material when developing a plan for compliance and surveillance of electronic communications. DLP for written communication would include preventing sensitive data from being sent to the cloud or to external users in real time as well as gaining control over what users can share.

mt6jn8cjumHz3BU lvgDWdCI89G3tj0vZ9t1wNX3XVRludGSTly5jGlo0NOyWarsWF1TRj5e7j23q6QLZdFKTlKfyOObcJL2ynBltrABlHjV2XmIKVnkY7th2aP3kxwadpLJqj3AOiGbzfaS8pxijx5Ga7ULfgp4v98lkLIP DOew r vqWekv6Br5srWg

Despite the fact that text interactions have increased, many studies show that voice calling in Microsoft Teams and Webex continues to be the preferred way of communication for both consumers and organizations.

As a result, the majority of information exchanges take place via audio, and the figures increase even more if we take the amount of meetings held via video calls into account. In this situation, improper spoken content constitutes a serious compliance violation that can be avoided when the audio transcript stream is inspected by the Data Loss Prevention engine during conversation.

Relevant feedback is provided in real-time whenever a compliance issue is detected.

The limitations of manual voice call monitoring

Currently, personally evaluating random voice calls in MS Teams and Webex excerpts is the most thorough method of voice call monitoring.

This antiquated method makes audio reviews challenging and unreliable. First off, the proportion of communications that can be examined in this way is too low to be meaningful, frequently lacks context, and as a result, the majority of the risk is not documented. Secondly, manual reviewing requires a lot of time and effort.

Employees who act inappropriately turn to phone calls because they are aware that emails and instant messages are being monitored. Even they are aware that this is a compliance blindspot.

Compliance regulations and audio monitoring 

Businesses are being urged by regulators to upgrade their voice data inspection processes. Because of this, businesses follow sophisticated governance and compliance frameworks. Audio communication monitoring is becoming more and more popular, particularly for businesses in highly regulated industries like finance and healthcare.

One crucial aspect of overall compliance with MiFID, for instance, is the periodic monitoring and recording of every client call when they place orders or conduct transactions (legislation for financial services providers within the European Union).

Another illustration is the Financial Conduct Authority (FCA) of the United Kingdom, which has reaffirmed the requirement for firms to record all audio and video interactions, regardless of source or technology, with a focus on home offices and hybrid workplaces.

Call recording and surveillance regulations that apply to regular voice calls, emails, IM, and other electronic communications, also apply to united comms platforms. 

Audio Data Loss Prevention

These realities lead us to the conclusion that manually sifting through millions of calls to find sensitive information is a bad idea. DLP software can significantly lessen the workload in this area.

With the help of AGAT’s Data Loss Prevention for Webex and MS Teams, words are recognized and conversational context, sentence structure, and keywords are examined. In this manner, the DLP engine can identify the sharing of sensitive data.

Because AGAT’s DLP solution for MS Teams and Webex operates in real-time, it is able to do more than just automatically analyze audio; it can also identify issues right away and notify the user of policy rules using feedback popups.

See how it works:

In order for businesses to comply with required risk assessments, conduct audits, and provide staff training, the Data Loss Prevention for Webex detects policy violations after the meeting and notifies users of DLP events.

hx0qNtMkNmtHjBoMvLP3KYawqvHAvBDsXWqpBUgEo2E4XtNoeVGukM31mcPyBydqEvTmV4je1PG2IO RJf1o4IQ3H50v7 qdZJg8U 1u2s9wcgYQcSfYI

Businesses may ensure that their staff members are following best practices by using powerful speech analytics tools like AGAT’s DLP, which allows them to keep an eye on their conduct during calls.

Contact us today to get a free demo

Mobile Security Skype for Business

How to verify DDoS/account lockout protection while deploying Skype for Business

While deploying Skype for Business (Lync) on mobile devices, laptops or any other external devices outside the corporate network, special attention should be given to the possible exposure of authentication services.

The exposure of these services increases the risk of Active Directory (AD) accounts becoming locked if someone who only knows a user name sends authentication attempts to the Active Directory. If an account is locked out, the user will be prevented from accessing any services, even internally, that require an organizational account. This will likely include their workstation.

Several authentication channels need to be addressed:

  • Mobile/desktop Skype for Business client logins
  • Web App logins
  • Dial-in page logins from a meeting invitation
  • Any NTLM/Basic or SOAP login sent via HTTP to a Skype for Business Front End server or director
  • NTLM authentication requests sent using the SIP protocol to an Edge server
  • Exchange Web Service (EWS)

Each of these channels should be monitored and the tally should be aggregated across all.

If you handle SIP and mobile HTTP protection separately, an attacker can send authentication attempts through separate channels without going over the specific channel threshold. In such a case, the attacker would be able to cause account lockout.

So, for example, if your network policy locks your account after five attempts, an attacker can send three attempts through a Lync mobile and another three to an SIP edge server. They could cause your network account to be locked out without reaching the limit in each channel.

Moreover, most generic proxy solutions offered currently fail to handle SOAP and certainly SIP authentication attempts because they are structured specifically for Lync.

The most effective solution for preventing such attacks is to have a unified solution that protects your distributed resources.

SkypeShield offers site and multi-site defense against DDoS attacks. All AD authentication attempts from the channels listed above are monitored via SkypeShield. Failed attempts are counted and stored in a central database table which is shared by all SkypeShield components.

SkypeShield monitors Active Directory authentication attempts for all Microsoft Skype for Business services published to the Internet. The solution counts failed attempts, and once an admin-set threshold has been reached, it blocks any further attempts from reaching AD servers. Such “soft locking” prevents AD accounts from being locked out.

Skype for Business SkypeShield Uncategorized

Skype for Business: How to protect against account lockout through ADFS

SkypeShield has released an innovative ADFS (Active Directory Federation Services) Protector for safe Skype for Business (SfB) deployment.

The ADFS solution, which uses a unified monitoring and prevention mechanism, blocks DDoS attacks causing Active Directory network account lockout.

The security component protects against account lockout attacks coming through ADFS authentication channels by monitoring the traffic to the ADFS server. It sanitizes and blocks (in the DMZ) failed login attempts to the Active Directory, while allowing valid users to continue working seamlessly.

“As a growing number of companies move online, the usage of ADFS is growing accordingly and companies are seeking to handle DDoS attacks, which cause account lockouts,” says Yoav Crombie, Product Manager at AGAT Software, which developed SkypeShield. “Our solution resolves the problem entirely. By using our ADFS Protector, companies can manage their identities on premise in their Active Directory, while taking advantage of online services such as Skype for Business and Exchange.”

The new ADFS Protector offers the following advantages:

  • Prevents account lockout while using ADFS
  • Provides generic protection covering all Office 365 services and custom application using ADFS
  • Supports Azure AD connect
  • Allows unified monitoring of ADFS and Active directory services
  • Provides monitoring tools with extended info

SkypeShiled’s solution minimizes the load on the Active Directory and improves security by configuring a whitelist pattern of authentication requests, filtering the requests in the DMZ and enabling valid requests to enter the network.

ADFS protector addresses scenarios that other generic solution fail to handle, including the ADFS Extranet Lockout feature of Win 2012 R2.

The ADFS Protector supports hybrid and online deployments of any services using ADFS authentication such as Office 365, Skype for Business and Microsoft Exchange.