SlideShare a Scribd company logo

SphereShield For Skype - Presentation

Download as PPTX, PDF
A
AGATSoftware

SphereShield for Skype for Business is a robust solution designed to help companies deal with issues of access control, compliance, and threat protection when deploying Skype for Business

Software
1 of 56
SphereShield Secure Skype for Business V7.0
Solution Overview SphereShield offers advanced compliance and security solutions for Unified Communication services including Microsoft Teams.
Targeted Services Skype for Business on premises Skype for Business online (conditional access only) Microsoft Teams Office 365 -Exchange, OneDrive, SharePoint Cisco Webex Teams (Spark) Slack Zoom Ring Central = Release Q4,2019 = Released = Release Q1, 2020
SphereShield security features Secure Authentication Simple and secure TFA based on device as second factor. Protect SfB & Exchange EWS Network Account Lockout Protection Prevent Account lockout issues in DDoS attacks through multiple UC channels Device Access Control Manage which devices can connect using device enrolment process
SphereShield security features MDM Conditional Access Verify only devices that are managed by MDM and compliant with security policy can connect Ethical Wall Functional control Granular policy for all activities (IM, File sharing, presence etc.) controlling external (Federation) and internal traffic Credential Protection Prevent network password theft by using app specific credentials instead of domain credentials
SphereShield security features Application firewall Sanitize and validating all anonymous traffic requests in the DMZ before entering the network RSA integration Use RSA authentication code instead of domain password DLP Content Inspection Inspect content passing through Skype for Business by DLP (Data Loss Prevention) policy rules
SphereShield security features Disclaimer Display disclaimers for internal and external users based on domains Risk Engine Define Geo location (Geo fencing) rules. Display live map of connections. Profile user behaviour and create security alerts events eDiscovery Advanced search export and modify dashboard for Skype for Business Archiving DB
Features in depth
Secure Authentication/TFA Blocking any request received in network servers unless coming from an approved device Matching device and user based on endpoint ID sent by client Several registration/enrolment options are available to enforce access control policy Protects both Skype for Business & Exchange (EWS)
Device Access Control There are Three Level enrollment Options. Automatic Registration Device ID is registered upon first use of account Admin Manual enrollment Admin management of user list using training mode and rejected auditing list Self Service/Two Step Registration Internal site registration and additional sync within a defined time frame to complete registration Play Video Play Video Play Video
MDM Conditional Registration Limit the registration only to managed devices (with MDM) Supported with all MDM vendors in the market MDM Integration MDM Conditional Access Ongoing validation that device is managed and has not become Out Of Compliant (OOC) as defined in the MDM vendor Supported with leading vendors
MDM Conditional Registration WIFI access control Application management (MAM) VPN triggering / control Compatible with all MDM vendors in the market SphereShield can limit the registration of SfB to managed devices only. Compatible with any MDM solution supporting one of the following capabilities:
MDM Registration Using Wi Fi
MDM Registration Using SphereShield App
MDM Registration Using VPN
MDM Conditional Access Automatically and immediately block SfB access for devices that: Have become Out Of Compliance Removed from MDM control Available for:
MDM Continuous Verification Topology
Secure Authentication
Architecture - Bastion Reverse Proxy SphereShield solution includes Bastion which is a dedicated reverse proxy developed by AGAT. Can be implemented in conjunction with any generic products such as F5, Netscaler, Barracuda, Kemp and more Typically traffic is routed through to Bastion Specific integration available For F5 BIG-IP
Reverse Proxy Topology
TFA + Access control Main features View approved & blocked devices Restrict registration and ongoing connection by IP range Access Rule black/white list Define number of devices per user Allow/Block Web app login Filter by device type & OS Require re- authentication by time - Session termination Disable save password on client Registration policy (Two steps/ Manual/ Automatic)
General Capabilities Multi LDAP support (for HA & distributed implantation) Support of Multi level admin management Web service for external event to lock/approve device/user House keeping service - AD sync, cleanup, notification Auditing, logs, event viewer Reports & Search
Access Portal Reports Authentication Devices Security Auditing Failed logins
Network Account Lockout Protection Account Lockout Occurs When: User changed the Active Directory password, but did not change the settings on the device Password Change The username (without the password) discovered by a hacker who tried to log in several times DDoS, DoS, brute force attacks - Such attacks can result in network downtime Username Hack Network Attacks The challenge: Multi protocol – HTTPS/SIP Multi method – Basic, NTLM, SOAP Multi channel – Sign in, Meeting, Web API, Exchange Multi Locations – APAC, EMEA and USA
Network Account Lockout Protection All failed login are audited Activate Soft Lockout in DMZ when attack detected Unified defense Solution protecting all protocols, methods and channels Device pre authentication Only authentication requests coming from registered devices will reach the Active Directory
Application Firewall Solve security risks from anonymous traffic entering the network without inspection. 1. Protocol level sanitization 2. Application data validation (meeting ID) 3. Session termination and requests rewrite Security Layers:
Ethical Wall Solves ethical and compliance regulations, security and data protection issues controlling both: Federation with external companies Internal communication between different groups
Sample Policy - External
Sample Policy - Internal
Ethical Wall Setting Policy Condition Policy Rule
Ethical Wall Policies
Ethical Wall dimensions Control specific modalities Build rules based on Audio Video Conferencing Present desktop Present program Presence IM File transfer Contact card App sharing PowerPoint sharing Active directory groups External/Internal domain External/Internal SIP In contact list
Ethical Wall - Notification IM user notification of Ethical wall activity/policy Activity auditing registration - table, logs and admin email notifications User blocked from a specific operation External user is unable to reach you External user unable to see your presence
Ethical Wall Topology
DLP Engine Server side solution inspecting content passing through any channel. Sending messages and files to existing DLP vendors or SphereShield DLP engine to meet existing policies.
SphereShield DLP Engine Actions Block, Mask, Notify Group membership based rules Content policy rules Based on content Such as credit card Numbers, ID numbers, profanity And more Commercial DLP integration with Symantec, McAfee, Forcepoint and any standard ICAP interface DLP engine
DLP Topology
DLP Notification Sample Play Video
Active Directory Credential Protection Connect using App dedicated Skype credentials Eliminate risk of domain password theft No storage of Active Directory passwords on server or device Supports Exchange & Skype with one App credentials A new approach in protecting the Active Directory credentials.
Active Directory App login Creating dedicated Skype credential on a self service internal web site for use on the device, instead of Active Directory credentials. Play Video
SphereShield Credentials Architecture
Mobile Smart Card Solution With the dedicated login solution, the user logs into the Access Portal Authenticates to the network computer using a smart card Creates a dedicated password for use on device Network login without username and password for Active Directory
RSA integration Users enter their RSA Token authentication code instead of Active Directory password SphereShield verifies password against RSA Authentication Manager and impersonate user against Skype Strong TFA Avoid using domain credentials
Disclaimers rules Set disclaimer for internal and external (federated or guests) based domain
Disclaimer types Internal User Client Presented to the internal user in the SfB client every time a new conversation/conference has started. IM Conversation Included with the first IM message sent while the communication is a conversation (one on one). IM Conference Sent as IM once a user has joined the conference. Invite To External Conference Sent as IM to internal user when he was invited to an external conference.
eDiscovery Advanced search by text, user, dates and more Search for personal information Data governance Export user data See message context in incidents Delete personal information
eDiscovery
Risk Engine
Integrated/Partnered Technologies McAfee ForcePoint Symantec GTB Microsoft F5 networks Citrix Data Loss Prevention Infrastructure EMM/MDM MobileIron VMWARE AirWatch IBM MaaS360 BlackBerry Citrix XenMobile PKI Faitien Gemalto Authentication Google authenticator RSA secureID
Product Documents Skype for Business Security Threats SphereShield datasheet SphereShield product page
More Info Visit our website AGAT Software Contact us info@agatsoftware.com +972-525209860
CASB Road Map
Targeted Services Skype for Business on premises Skype for Business online (conditional access only) Microsoft Teams Office 365 -Exchange, OneDrive, SharePoint Cisco Webex Teams (Spark) Slack Zoom Ring Central = Release Q4,2019 = Released = Release Q1, 2020
• Main features: • Inline DLP • Online Ethical wall • Inline Anti Malware/ Virus • Risk Engine • eDiscovery • MDM conditional access • Disclaimers • Based on Proxy & API • On premises or SAAS Unique for Online Unified Communication Services Targeted Services
Topology
Thank you

Recommended

SphereShield for Skype for Business - Compliance and Security
SphereShield for Skype for Business - Compliance and SecuritySphereShield for Skype for Business - Compliance and Security
SphereShield for Skype for Business - Compliance and SecurityYoav Crombie
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessYoav Crombie
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentationjasonlan
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
Windows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsWindows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsPresentologics
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustInformation Security Services SA
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
Identity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicIdentity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicVMware Academy
 

Recommended

SphereShield for Skype for Business - Compliance and Security
SphereShield for Skype for Business - Compliance and SecuritySphereShield for Skype for Business - Compliance and Security
SphereShield for Skype for Business - Compliance and SecurityYoav Crombie
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessYoav Crombie
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentationjasonlan
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
Windows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsWindows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsPresentologics
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustInformation Security Services SA
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
Identity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicIdentity Manager & AirWatch Cloud Mobile App - Infographic
Identity Manager & AirWatch Cloud Mobile App - InfographicVMware Academy
 
Cyberoam SSL VPN
Cyberoam SSL VPNCyberoam SSL VPN
Cyberoam SSL VPNAjay Nawani
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxArjayBalberan1
 
Simplify Security And Device Management Final Pres10 23final
Simplify Security And Device Management Final Pres10 23finalSimplify Security And Device Management Final Pres10 23final
Simplify Security And Device Management Final Pres10 23finaljasonlan
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustInformation Security Services SA
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid WorldCrossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid WorldOneLogin
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data SheetILANTUS Technologies
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologiesTatyana Kobets
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologiesTatyana Kobets
 
AzureAAD
AzureAADAzureAAD
AzureAADTonyHotko
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...SPS Paris
 
Empower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSEmpower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSKris Wagner
 
18 windows phone 8.1 for the enterprise developer
18 windows phone 8.1 for the enterprise developer18 windows phone 8.1 for the enterprise developer
18 windows phone 8.1 for the enterprise developerWindowsPhoneRocks
 
Panda Cloud Protection - protectie maxima, costuri reduse
Panda Cloud Protection - protectie maxima, costuri redusePanda Cloud Protection - protectie maxima, costuri reduse
Panda Cloud Protection - protectie maxima, costuri reduseIDG Romania
 
Agnitum Technology Licensing
Agnitum Technology LicensingAgnitum Technology Licensing
Agnitum Technology LicensingPavel Fyodorov
 
Iam
IamIam
IamMicrosoft Norge AS
 
Iam
IamIam
IamMicrosoft Norge AS
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 

More Related Content

Similar to SphereShield For Skype - Presentation

Cyberoam SSL VPN
Cyberoam SSL VPNCyberoam SSL VPN
Cyberoam SSL VPNAjay Nawani
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxArjayBalberan1
 
Simplify Security And Device Management Final Pres10 23final
Simplify Security And Device Management Final Pres10 23finalSimplify Security And Device Management Final Pres10 23final
Simplify Security And Device Management Final Pres10 23finaljasonlan
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid WorldCrossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid WorldOneLogin
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...SPS Paris
 
Empower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSEmpower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSKris Wagner
 
18 windows phone 8.1 for the enterprise developer
18 windows phone 8.1 for the enterprise developer18 windows phone 8.1 for the enterprise developer
18 windows phone 8.1 for the enterprise developerWindowsPhoneRocks
 
Panda Cloud Protection - protectie maxima, costuri reduse
Panda Cloud Protection - protectie maxima, costuri redusePanda Cloud Protection - protectie maxima, costuri reduse
Panda Cloud Protection - protectie maxima, costuri reduseIDG Romania
 
Agnitum Technology Licensing
Agnitum Technology LicensingAgnitum Technology Licensing
Agnitum Technology LicensingPavel Fyodorov
 

Similar to SphereShield For Skype - Presentation (20)

Cyberoam SSL VPN
Cyberoam SSL VPNCyberoam SSL VPN
Cyberoam SSL VPN
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
Simplify Security And Device Management Final Pres10 23final
Simplify Security And Device Management Final Pres10 23finalSimplify Security And Device Management Final Pres10 23final
Simplify Security And Device Management Final Pres10 23final
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and Benefits
 
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid WorldCrossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
 
Password Express - Data Sheet
Password Express - Data SheetPassword Express - Data Sheet
Password Express - Data Sheet
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security Enhancements
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
 
Empower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSEmpower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMS
 
18 windows phone 8.1 for the enterprise developer
18 windows phone 8.1 for the enterprise developer18 windows phone 8.1 for the enterprise developer
18 windows phone 8.1 for the enterprise developer
 
Panda Cloud Protection - protectie maxima, costuri reduse
Panda Cloud Protection - protectie maxima, costuri redusePanda Cloud Protection - protectie maxima, costuri reduse
Panda Cloud Protection - protectie maxima, costuri reduse
 
Agnitum Technology Licensing
Agnitum Technology LicensingAgnitum Technology Licensing
Agnitum Technology Licensing
 
Iam
IamIam
Iam
 
Iam
IamIam
Iam
 

Recently uploaded

Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 

Recently uploaded (20)

Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 

SphereShield For Skype - Presentation

  • 2. Solution Overview SphereShield offers advanced compliance and security solutions for Unified Communication services including Microsoft Teams.
  • 3. Targeted Services Skype for Business on premises Skype for Business online (conditional access only) Microsoft Teams Office 365 -Exchange, OneDrive, SharePoint Cisco Webex Teams (Spark) Slack Zoom Ring Central = Release Q4,2019 = Released = Release Q1, 2020
  • 4. SphereShield security features Secure Authentication Simple and secure TFA based on device as second factor. Protect SfB & Exchange EWS Network Account Lockout Protection Prevent Account lockout issues in DDoS attacks through multiple UC channels Device Access Control Manage which devices can connect using device enrolment process
  • 5. SphereShield security features MDM Conditional Access Verify only devices that are managed by MDM and compliant with security policy can connect Ethical Wall Functional control Granular policy for all activities (IM, File sharing, presence etc.) controlling external (Federation) and internal traffic Credential Protection Prevent network password theft by using app specific credentials instead of domain credentials
  • 6. SphereShield security features Application firewall Sanitize and validating all anonymous traffic requests in the DMZ before entering the network RSA integration Use RSA authentication code instead of domain password DLP Content Inspection Inspect content passing through Skype for Business by DLP (Data Loss Prevention) policy rules
  • 7. SphereShield security features Disclaimer Display disclaimers for internal and external users based on domains Risk Engine Define Geo location (Geo fencing) rules. Display live map of connections. Profile user behaviour and create security alerts events eDiscovery Advanced search export and modify dashboard for Skype for Business Archiving DB
  • 9. Secure Authentication/TFA Blocking any request received in network servers unless coming from an approved device Matching device and user based on endpoint ID sent by client Several registration/enrolment options are available to enforce access control policy Protects both Skype for Business & Exchange (EWS)
  • 10. Device Access Control There are Three Level enrollment Options. Automatic Registration Device ID is registered upon first use of account Admin Manual enrollment Admin management of user list using training mode and rejected auditing list Self Service/Two Step Registration Internal site registration and additional sync within a defined time frame to complete registration Play Video Play Video Play Video
  • 11. MDM Conditional Registration Limit the registration only to managed devices (with MDM) Supported with all MDM vendors in the market MDM Integration MDM Conditional Access Ongoing validation that device is managed and has not become Out Of Compliant (OOC) as defined in the MDM vendor Supported with leading vendors
  • 12. MDM Conditional Registration WIFI access control Application management (MAM) VPN triggering / control Compatible with all MDM vendors in the market SphereShield can limit the registration of SfB to managed devices only. Compatible with any MDM solution supporting one of the following capabilities:
  • 14. MDM Registration Using SphereShield App
  • 16. MDM Conditional Access Automatically and immediately block SfB access for devices that: Have become Out Of Compliance Removed from MDM control Available for:
  • 19. Architecture - Bastion Reverse Proxy SphereShield solution includes Bastion which is a dedicated reverse proxy developed by AGAT. Can be implemented in conjunction with any generic products such as F5, Netscaler, Barracuda, Kemp and more Typically traffic is routed through to Bastion Specific integration available For F5 BIG-IP
  • 21. TFA + Access control Main features View approved & blocked devices Restrict registration and ongoing connection by IP range Access Rule black/white list Define number of devices per user Allow/Block Web app login Filter by device type & OS Require re- authentication by time - Session termination Disable save password on client Registration policy (Two steps/ Manual/ Automatic)
  • 22. General Capabilities Multi LDAP support (for HA & distributed implantation) Support of Multi level admin management Web service for external event to lock/approve device/user House keeping service - AD sync, cleanup, notification Auditing, logs, event viewer Reports & Search
  • 24. Network Account Lockout Protection Account Lockout Occurs When: User changed the Active Directory password, but did not change the settings on the device Password Change The username (without the password) discovered by a hacker who tried to log in several times DDoS, DoS, brute force attacks - Such attacks can result in network downtime Username Hack Network Attacks The challenge: Multi protocol – HTTPS/SIP Multi method – Basic, NTLM, SOAP Multi channel – Sign in, Meeting, Web API, Exchange Multi Locations – APAC, EMEA and USA
  • 25. Network Account Lockout Protection All failed login are audited Activate Soft Lockout in DMZ when attack detected Unified defense Solution protecting all protocols, methods and channels Device pre authentication Only authentication requests coming from registered devices will reach the Active Directory
  • 26. Application Firewall Solve security risks from anonymous traffic entering the network without inspection. 1. Protocol level sanitization 2. Application data validation (meeting ID) 3. Session termination and requests rewrite Security Layers:
  • 27. Ethical Wall Solves ethical and compliance regulations, security and data protection issues controlling both: Federation with external companies Internal communication between different groups
  • 28. Sample Policy - External
  • 29. Sample Policy - Internal
  • 32. Ethical Wall dimensions Control specific modalities Build rules based on Audio Video Conferencing Present desktop Present program Presence IM File transfer Contact card App sharing PowerPoint sharing Active directory groups External/Internal domain External/Internal SIP In contact list
  • 33. Ethical Wall - Notification IM user notification of Ethical wall activity/policy Activity auditing registration - table, logs and admin email notifications User blocked from a specific operation External user is unable to reach you External user unable to see your presence
  • 35. DLP Engine Server side solution inspecting content passing through any channel. Sending messages and files to existing DLP vendors or SphereShield DLP engine to meet existing policies.
  • 36. SphereShield DLP Engine Actions Block, Mask, Notify Group membership based rules Content policy rules Based on content Such as credit card Numbers, ID numbers, profanity And more Commercial DLP integration with Symantec, McAfee, Forcepoint and any standard ICAP interface DLP engine
  • 39. Active Directory Credential Protection Connect using App dedicated Skype credentials Eliminate risk of domain password theft No storage of Active Directory passwords on server or device Supports Exchange & Skype with one App credentials A new approach in protecting the Active Directory credentials.
  • 40. Active Directory App login Creating dedicated Skype credential on a self service internal web site for use on the device, instead of Active Directory credentials. Play Video
  • 42. Mobile Smart Card Solution With the dedicated login solution, the user logs into the Access Portal Authenticates to the network computer using a smart card Creates a dedicated password for use on device Network login without username and password for Active Directory
  • 43. RSA integration Users enter their RSA Token authentication code instead of Active Directory password SphereShield verifies password against RSA Authentication Manager and impersonate user against Skype Strong TFA Avoid using domain credentials
  • 44. Disclaimers rules Set disclaimer for internal and external (federated or guests) based domain
  • 45. Disclaimer types Internal User Client Presented to the internal user in the SfB client every time a new conversation/conference has started. IM Conversation Included with the first IM message sent while the communication is a conversation (one on one). IM Conference Sent as IM once a user has joined the conference. Invite To External Conference Sent as IM to internal user when he was invited to an external conference.
  • 46. eDiscovery Advanced search by text, user, dates and more Search for personal information Data governance Export user data See message context in incidents Delete personal information
  • 49. Integrated/Partnered Technologies McAfee ForcePoint Symantec GTB Microsoft F5 networks Citrix Data Loss Prevention Infrastructure EMM/MDM MobileIron VMWARE AirWatch IBM MaaS360 BlackBerry Citrix XenMobile PKI Faitien Gemalto Authentication Google authenticator RSA secureID
  • 50. Product Documents Skype for Business Security Threats SphereShield datasheet SphereShield product page
  • 51. More Info Visit our website AGAT Software Contact us info@agatsoftware.com +972-525209860
  • 53. Targeted Services Skype for Business on premises Skype for Business online (conditional access only) Microsoft Teams Office 365 -Exchange, OneDrive, SharePoint Cisco Webex Teams (Spark) Slack Zoom Ring Central = Release Q4,2019 = Released = Release Q1, 2020
  • 54. • Main features: • Inline DLP • Online Ethical wall • Inline Anti Malware/ Virus • Risk Engine • eDiscovery • MDM conditional access • Disclaimers • Based on Proxy & API • On premises or SAAS Unique for Online Unified Communication Services Targeted Services