SkypeShield has released an innovative ADFS (Active Directory Federation Services) Protector for safe Skype for Business (SfB) deployment.

The ADFS solution, which uses a unified monitoring and prevention mechanism, blocks DDoS attacks causing Active Directory network account lockout.

The security component protects against account lockout attacks coming through ADFS authentication channels by monitoring the traffic to the ADFS server. It sanitizes and blocks (in the DMZ) failed login attempts to the Active Directory, while allowing valid users to continue working seamlessly.

ADFS Protector

“As a growing number of companies move online, the usage of ADFS is growing accordingly and companies are seeking to handle DDoS attacks, which cause account lockouts,” says Yoav Crombie, Product Manager at AGAT Software, which developed SkypeShield. “Our solution resolves the problem entirely. By using our ADFS Protector, companies can manage their identities on premise in their Active Directory, while taking advantage of online services such as Skype for Business and Exchange.”

The new ADFS Protector offers the following advantages:

  • Prevents account lockout while using ADFS
  • Provides generic protection covering all Office 365 services and custom application using ADFS
  • Supports Azure AD connect
  • Allows unified monitoring of ADFS and Active directory services
  • Provides monitoring tools with extended info

SkypeShiled’s solution minimizes the load on the Active Directory and improves security by configuring a whitelist pattern of authentication requests, filtering the requests in the DMZ and enabling valid requests to enter the network.

ADFS protector addresses scenarios that other generic solution fail to handle, including the ADFS Extranet Lockout feature of Win 2012 R2.

The ADFS Protector supports hybrid and online deployments of any services using ADFS authentication such as Office 365, Skype for Business and Microsoft Exchange.