Security Edge Filter

As companies increasingly adopt unified communications and collaboration systems to connect employees, partners, and customers in real-time and improve productivity, communication crossing the corporate's network boundary becomes necessary and even mission-critical.

This requires exposing your Skype for Business (formerly known as Lync) and Exchange servers to the Internet by deploying Edge Servers. This exposure puts your users and infrastructure potentially at risk as cybercriminals gain new opportunities to block legitimate corporate users from accessing internal corporate IT resources or access to corporate secrets. Given the ease of mounting such threats, instant protection becomes critical.

Key Benefits

  • Protects corporate domain accounts from external attacks blocking DoS and Brute-Force attacks
  • Tracks authentication attempts and blocks further login attempts before the Active Directory Directory Services lockout limit is reached
  • Prevents password-guessing on the extranet by blocking authentication attempts for that account after the number of failed authentication attempts reaches a threshold
  • Prevents attackers from consuming internal Lync Server resources
  • Blocks NTLM authentication.
  • Prevents users from signing in by using a non-corporate computer
  • Accounts locked out by the Security Filters remain accessible when connected internally or through a VPN


Security Edge Filter is offered in two editions:

For customers with a single Edge Server
For customers with two or more Edge Servers, and that require more scalability. Security Filter Manager required.


The Security Edge Filter inspects the SIP traffic coming into the Edge Server, and tracks all authentication requests to prevent denial of service (DoS) or password brute force attacks.

Protect Internal Network From External Threats

The Security Edge Filter inspects user sign-in requests of the Lync/Skype for Business (SIP/SDP) protocols on the Edge Server before the SIP traffic reaches the internal corporate network, and filters out invalid authentication requests. It protects Skype for Business traffic from external attacks.

The Security Edge Filter blocks denial of service (DoS) attacks and brute-force attacks. It uniquely identifies the sign-in user and enforces lockout rules as configured by the administrator. When the number of failed login attempts exceeds the administrator’s specified threshold, the Security Edge Filter blocks all further login attempts until the lockout period expires or the administrator unlocks the account.

The Security Edge Filter can block remote users from signing in when connecting from a non-corporate computer that isn't domain-joined.

Request a demo