SkypeShield Reveals Application Firewall Security Solution for Skype for Business

SkypeShield, an innovative enterprise solution that secures Skype for Business (Lync) access and authentication while connecting devices (mobiles and desktops) to the corporate network, has developed a new application firewall solution for securing guest and anonymous requests when entering corporate networks.

The need for the new solution arose because, as part of the Skype for Business (Lync) topology, requests are sent anonymously to the front server in the corporate network without being authenticated or inspected. Once allowed, these requests, which might contain malicious code, can pass through DMZ firewalls with no control.

The application firewall has the following security layers:

  • Request rewrite – session termination in the DMZ and rewrite of the request that is sent to the domain
  • Protocol level sanitization – inspecting the traffic to validate the structure of the traffic as expected by the protocol
  • Application level inspection – validating that the data content matches what is expected by the server
  • Device pre-authentication – performing device validation before allowing any request to enter the domain

“Common attacks take advantage of network protocol vulnerabilities to execute operations that are not approved by design. Some of these techniques generate or modify valid requests with data that look valid, but maliciously alter the server’s behavior. An example of a common concern handled by the firewall is blocking non-valid meeting ID in the DMZ,” said Guy Eldan, CEO of AGAT Software, which developed SkypeShield.

“SkypeShield’s new Application Firewall offers the best available solution for such security vulnerabilities by intercepting all anonymous Skype for Business traffic in the DMZ and validating them before allowing them to enter the domain network,” he added.

In order to ensure that no malicious code is injected into a request, SkypeShield passes each request through multiple security inspections and validation channels. By doing so, the risk of most protocol and application level attacks is eliminated, as the original request is not allowed to enter the domain.

The application firewall also includes a new pre-authentication module inspecting  authenticated requests in the DMZ based on device validation before any traffic is allowed to enter the domain including the authentication request itself.

Get a Free Trial

Sign-up for a free trial and demo with a SphereShield expert

For support please login to our support portal.


Har-Hotzvim Hi-Tech Park, Jerusalem, Israel



AGAT is an innovative software provider specializing in security and compliance solutions. AGAT’s award-winning flagship product - SphereShield, is a leading solution providing control of data and activities for Unified Communication (UC) & Collaboration services.
SphereShield AI RegTech capabilities analyze messages, files, audio and video for policy enforcement required by regulations such as FINRA, GDPR, HIPAA & MiFID II. It enables real-time content inspection addressing Data Leak Prevention (DLP), Ethical Wall as well as Anti Malware and eDiscovery requirements. SphereShield’s  conditional access capabilities and AI-based risk engine features add significant security improvements to on-prem or cloud UC service.



linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram