AGAT

CONTACT US
CONTACT US

Category: SkypeShield

Categories
Microsoft Lync Mobile Security Skype for Business SkypeShield Two Factor Authentication Uncategorized

Protecting EWS while publishing Skype for Business

Using Skype for Business (Lync), the client interacts with the Exchange server to obtain meeting information. In order to implement this connection, the deployment of Skype for Business requires Exchange Web Services (EWS) published externally to the world.

This exposes the client to several threats:

  • The deployment of EWS includes an authentication service, thus exposing the network to account lockout in case of a DDoS attack.
  • The EWS service allows for retrieving events, mails and attachments, tasks and contacts. Therefore, once exposed, all the Exchange data is also exposed.

So, for example, users using Outlook Web Access (OWA) have access to their full mail data, creating the risk that an attacker with valid AD credentials will also obtain access to the users’ organizations’ mail by using this services.

To minimize this risk, SkypeShield blocks any request for information that arrives from a device that is not registered, and adds a Two Factor Authentication (TFA) layer for the Exchange.

SkypeShield is based on a Two Factor Authentication using the client’s password and device. Thus, unauthorized use of the user’s credentials will not be sufficient to connect to Lync or Exchange without having access to the device itself. This also allows for restricting the usage of these services to approved or registered devices only.

Categories
Skype for Business SkypeShield Uncategorized

Skype for Business: How to protect against account lockout through ADFS

SkypeShield has released an innovative ADFS (Active Directory Federation Services) Protector for safe Skype for Business (SfB) deployment.

The ADFS solution, which uses a unified monitoring and prevention mechanism, blocks DDoS attacks causing Active Directory network account lockout.

The security component protects against account lockout attacks coming through ADFS authentication channels by monitoring the traffic to the ADFS server. It sanitizes and blocks (in the DMZ) failed login attempts to the Active Directory, while allowing valid users to continue working seamlessly.

“As a growing number of companies move online, the usage of ADFS is growing accordingly and companies are seeking to handle DDoS attacks, which cause account lockouts,” says Yoav Crombie, Product Manager at AGAT Software, which developed SkypeShield. “Our solution resolves the problem entirely. By using our ADFS Protector, companies can manage their identities on premise in their Active Directory, while taking advantage of online services such as Skype for Business and Exchange.”

The new ADFS Protector offers the following advantages:

  • Prevents account lockout while using ADFS
  • Provides generic protection covering all Office 365 services and custom application using ADFS
  • Supports Azure AD connect
  • Allows unified monitoring of ADFS and Active directory services
  • Provides monitoring tools with extended info

SkypeShiled’s solution minimizes the load on the Active Directory and improves security by configuring a whitelist pattern of authentication requests, filtering the requests in the DMZ and enabling valid requests to enter the network.

ADFS protector addresses scenarios that other generic solution fail to handle, including the ADFS Extranet Lockout feature of Win 2012 R2.

The ADFS Protector supports hybrid and online deployments of any services using ADFS authentication such as Office 365, Skype for Business and Microsoft Exchange.

Categories
Uncategorized Skype for Business SkypeShield

SphereShield enables internal use of Ethical Wall for Skype for Business

Following SkypeShield’s successful launch of the Federation Ethical Wall solution, customers have been requesting the ability to use the same functionality internally, applying specific rules between different users or groups. SkypeShield has therefore extended the Ethical Wall to support controlling internal traffic as well as external.

SkypeShield’s Ethical Wall offers granular control over federation to address security and data protection when federating with external companies. Now, SkypeShield offers the ability to use the same functionality internally, applying specific rules between different users or groups in the same company.

The new user interface of the Ethical Wall has a clean and simple interface allowing control of each activity and the ability to control communication direction. For example, it is possible to allow one side only to start a chat with the other side.

These new capabilities support blocking a specific group in the company to communicate with another group in the same company. For example, a certain employee group may be prevented from calling management level group, or communication may be blocked between the procurement group and the tender writing groups.

The new feature therefore helps in implementing compliance regulation in companies.

SkypeShield’s Ethical Wall offers the following features:

  • Defines granular policy rule based on a user/group communicating with a specific company (SIP domain) or another group in the same company
  • Provides independent control of each activity : IM, audio, video, conference (meeting), desktop sharing, file transfer
  • Blocks presence information from external users depending on policy
  • Supports one way initiation of communication. For example, it blocks external users from initiating an IM conversation while still allowing internal users to initiate and communicate with external users.
  • Changes policy for users that are added to contact list. Allows user some local policy management by applying different policies based on inclusion in a user’s contact list. This way, by adding the federated user to the internal user’s contact list, the policy will allow more federation such as presence information.
  • Enforces policy in the DMZ and blocks non-approved traffic from entering the network

Get a free trial

Sign-up for a free trial and demo with an AGAT expert

    Select your service

    For support please login to our support portal

    Get in touch

    Har-Hotzvim Hi-Tech Park, Jerusalem, Israel

    +972-2-579-9123

    info@agatsoftware.com

    Facebook Twitter Youtube Linkedin

    Compliance

    Ethical Wall

    Real Time DLP

    Archive & eDiscovery

    Recording AI Compliance Analysis

    Productivity

    AI Meeting Assistant

    Channel Management

    AI Sentiment Analysis

    Privacy Policy

    Terms and Conditions

    Resources​

    Company overview

    Partners

    Careers

    Blog

    Contact

    © 2013-2023 AGAT ALL RIGHTS RESERVED