BOOK MEETING
CONTACT US
Categories
Skype for Business SkypeShield Two Factor Authentication Uncategorized

How to limit Skype for Business usage only to devices with MDM?

­One of the main security challenges many organizations using Skype for Business (Lync) are facing is the need to restrict workers to using Skype for Business on managed devices only.

Many enterprises require that Skype for Business access would be limited to managed devices with installed corporate Mobile Device Management (MDM) software only. These organizations want to verify that these devices meet the company’s security requirements and that using Active Directory (AD) credentials for Skype for Business is only done from a device that is compatible with the company’s security policy.

To meet this challenge, SkypeShield offered an approach based on certificate enrollment. However, based on customer feedbacks the company has decided to extend the solution with the new innovative approach of MDM Binding solution. SkypeShield now offers a suite that can fit all needs to limit Skype for Business usage only to devices with MDM installed.

The new solution is compatible with leading MDM vendors including AirWatch, MobileIron, IBM MaaS360, Good Technology and XenMobile.

SkypeShield’s solution offers several deployment approaches to fit the specific MDM implementation. It can be implemented based on one of the following MDM capabilities:

  • Certificate enrollment
  • VPN access control
  • Mobile Application Management (MAM)

It should be noted, that Implementation based on MAM capabilities requires using SkypeShield’s mobile app for Skype for Business usage. In this case, SkypeShield’s server expects to obtain an encrypted background handshake request from the mobile app once the Skype for Business client starts. As a result, only devices with the SkypeShield app can connect to corporate Skype for Business servers.

By implementing the new solution, corporate clients can benefit from Multifactor Authentication by adding two additional factors besides the password. The solution offers a high security level by preventing authentication in case of Man ­in­ the­ Middle (MITM) attacks.

Categories
LyncShield Microsoft Lync Skype for Business Smart card for authentication Two Factor Authentication Uncategorized

The ultimate Lync security suite for the enterprise market

The number of organizations seeking to protect themselves and avoid any unauthorized use of Lync is growing rapidly and LyncShield is constantly asked to expand its Lync security suite and add new features.

We have addressed all these requests, and are proud to be able to offer now the ultimate Lync security suite to organizations looking for secure Lync (Skype for Business) connectivity. By using LyncShield, organizations can safely connect users to Lync servers from smartphones, tablets and any other external device.

Our innovative enterprise solution prevents unauthorized devices (mobiles and desktops) from connecting to the corporate network, avoids the usage of Active Directory (AD) credentials and protects against account lockout/DDoS.

LyncShield is already successfully deployed by some of the world’s leading financial institutions, consultancy companies, banks and other large multinational organizations.

LyncShield offers the following security features:

  • Active Directory credentials protection – avoids usage of active directory credentials on the device by defining specific credentials for Lync that are different from the AD credentials.
  • Two Factor Authentication (TFA)/ Device registration – verifies that Lync connection is achieved only from registered devices. The solution includes a website with several registration workflows offering either a self-service enrollment or a central management approval process to register devices.
  • Block DDoS attacks and prevent account lockout – prevents a Lync account lockout situation in Denial-of-Service (DoS/DDoS) attacks. The solution offers a unique site defense approach handling an attack going through all authentication channels (HTTP/S, SOAP, SIP and more).
  • Restrict Lync to corporate or managed devices– limits access to the organization’s Lync server only to corporate or managed devices that have the MDM client installed. The solution offers several approaches depending on the MDM implementation and supports most of the MDM vendors in the market.
  • Smart card login for Lync mobile – offers a solution to organizations with a network policy requiring smart card login to allow authentication and user Lync mobile.
  • RSA Token Authentication– eliminates the need to use AD credentials for users of secure tokens wishing to connect to Lync servers from external devices and enables Two Factor Authentication based on the token. RSA solution also handles Exchange connectivity.
  • Exchange Protection – protects Exchange Web Services (EWS) against account lockout and limits access to the EWS only from registered device (TFA).

“Connecting to the organization’s server using the Lync client from smartphones, tablets and any other device outside the organization poses serious security risks,” said Guy Eldan, CEO of AGAT Software, which developed LyncShield. “These risks derive from the need to authenticate a user connecting externally from non-managed environments and devices.”

“We have managed to come up with a solution that addresses all security issues and is already successfully deployed by some of the global financial institutions, business consulting services firms, and other large multinational organizations. By using LyncShield organizations can protect themselves and avoid any unauthorized use of Lync.”

Categories
Microsoft Lync Mobile Security Skype for Business SkypeShield Smart card for authentication Two Factor Authentication Uncategorized

New security solution protects smart card login of Skype for Business mobile users

A growing number of organizations around the world, such as financial institutions and governments, are providing their workers with a smart card device to strengthen the identity authentication process. These organizations are facing a problem while implementing Skype for Business (Lync) mobile authentication requiring the user to enter his or her Active Directory (AD) credentials.

In such organizations, users do not have Active Directory credentials as they use the smart card for authentication instead. This in turn may cause a problem, as Microsoft Skype for Business requires Active Directory (AD) credentials to connect from handheld devices.

To solve this problem, SkypeShield has developed a new security solution for smart card authentication enabling mobile Skype for Business authentication for organizations with a network policy that requires their workers to use smart card login.

SkypeShield’s innovative solution addresses this challenge by applying the authentication process in two separate steps:

• The user creates dedicated Skype for Business credentials from a self-service registration web site after using his/her smart card for authentication to the site from a PC.

• The user then needs to connect his/her mobile device within a limited time frame by entering the dedicated Skype for Business credentials on the mobile device.

SkypeShield’s new solution also addresses account lockout protection and Two Factor Authentication (TFA) for external Skype for Business clients.

“We were approached by customers who couldn’t find a good solution for smart card authentication,” said Guy Eldan, CEO of AGAT Software, which developed SkypeShield. “Our simple and easy-to-implement security solution allows organizations to continue maintaining the smart card authentication policy enabling mobile users connect to the corporate network from outside network without using Active Directory credentials.”