Security Federation Filter

As organizations enable Skype for Business (formely known as Lync) federation with other companies to facilitate real time communication and collaboration, and accelerate productivity, this enablement introduces privacy concerns of users' presence and potential leakage of confidential information. To mitigate these risks, the Security Federation Filter enforces an ethical wall between your organizations and your federated partners to protect your corporate intellectual property at a high level of precision.

Key Benefits

  • Enforce data loss prevention (DLP) of all outgoing IM communications. The Security Federation Filter can report which policy was violated per IM or reported and blocked to prevent sensitive information from leaking.
  • Prevents federated users from viewing presence information of internal users unless explicitly permitted
  • Controls specific modalities (IM, audio, video, application sharing, file transfer) users are permitted to use with federated users
  • Enforces federation policies defined by administrator at the edge (DMZ) before SIP traffic reaches internal network
  • Strips internal IP addresses before sending traffic out to federated users
  • Allows internal users to control who is permitted to view their presence externally
  • Administrators can define federation policies at the user level, Active Directory domain group level (requires Security Sync Filter) or SIP domain level, maximizing granular control
  • Works with users on Skype network

Editions

Security Federation Filter is offered in two editions:

For customers that do not need support for Active Directory domain groups. Security Filter Manager required.
For customers that want support for Active Directory domain groups. Security Sync Filter and Security Filter Manager required.

Architecture

By default, the Security Federation Filter prevents external users from subscribing to internal users' presence. The internal user's presence remains unknown without the explicit consent of the internal user or by the administrator specifying a federation policy. The internal user can allow a federated user to view their presence by adding the federated user to their contact list.

A federation policy can specify the modalities (IM, audio, video, application sharing, file transfer) permitted between a federated user and an internal user. Federation policies are enforced in one-to-one conversations, multi-party conversations and Skype for Business meetings.

The Security Federation Filter policies can be applied to external users on the Skype network as well.

A scanning policy can have one or more regular expression rules that define keywords to trigger logging. The Security Federation Filter can block outgoing messages from being delivered when IMs trigger a scanning policy.

Protect Internal Network From External Access

The Security Federation Filter inspects the SIP traffic of the Edge Server before it reaches the internal Skype for Business Servers, and enforces the federation policies defined by the administrator. The Security Federation Filter prevents unwanted SIP traffic from reaching your internal network.

The Security Federation Filter scrubs SIP traffic of internal IP addresses before the traffic leaves your corporate network to prevent malicious users from scanning your internal network.

Request a demo

Update