Category: LyncShield

The number of organizations seeking to protect themselves and avoid any unauthorized use of Lync is growing rapidly and LyncShield is constantly asked to expand its Lync security suite and add new features.

We have addressed all these requests, and are proud to be able to offer now the ultimate Lync security suite to organizations looking for secure Lync (Skype for Business) connectivity. By using LyncShield, organizations can safely connect users to Lync servers from smartphones, tablets and any other external device.

Our innovative enterprise solution prevents unauthorized devices (mobiles and desktops) from connecting to the corporate network, avoids the usage of Active Directory (AD) credentials and protects against account lockout/DDoS.

LyncShield is already successfully deployed by some of the world’s leading financial institutions, consultancy companies, banks and other large multinational organizations.

LyncShield offers the following security features:

• Active Directory credentials protection – avoids usage of active directory credentials on the device by defining specific credentials for Lync that are different from the AD credentials.
• Two Factor Authentication (TFA)/ Device registration – verifies that Lync connection is achieved only from registered devices. The solution includes a website with several registration workflows offering either a self-service enrollment or a central management approval process to register devices.
• Block DDoS attacks and prevent account lockout – prevents a Lync account lockout situation in Denial-of-Service (DoS/DDoS) attacks. The solution offers a unique site defense approach handling an attack going through all authentication channels (HTTP/S, SOAP, SIP and more).
• Restrict Lync to corporate or managed devices– limits access to the organization’s Lync server only to corporate or managed devices that have the MDM client installed. The solution offers several approaches depending on the MDM implementation and supports most of the MDM vendors in the market.
• Smart card login for Lync mobile – offers a solution to organizations with a network policy requiring smart card login to allow authentication and user Lync mobile.
• RSA Token Authentication– eliminates the need to use AD credentials for users of secure tokens wishing to connect to Lync servers from external devices and enables Two Factor Authentication based on the token. RSA solution also handles Exchange connectivity.
• Exchange Protection – protects Exchange Web Services (EWS) against account lockout and limits access to the EWS only from registered device (TFA).

“Connecting to the organization’s server using the Lync client from smartphones, tablets and any other device outside the organization poses serious security risks,” said Guy Eldan, CEO of AGAT Software, which developed LyncShield. “These risks derive from the need to authenticate a user connecting externally from non-managed environments and devices.”

“We have managed to come up with a solution that addresses all security issues and is already successfully deployed by some of the global financial institutions, business consulting services firms, and other large multinational organizations. By using LyncShield organizations can protect themselves and avoid any unauthorized use of Lync.”