Security Web Filter

As companies increasingly adopt unified communications and collaboration systems to connect employees, partners, and customers in real time and to improve productivity, communication crossing the corporation's network boundary becomes necessary and even mission-critical.

This requires exposing your Skype for Business (formely known as Lync) and Exchange servers to the Internet by publishing the respective web services (dial-in URL, meeting URL, address book URL, autodiscover URL, EWS URL, and so on) through a reverse proxy. This exposure puts your users and infrastructure potentially at risk as cybercriminals gain new opportunities to block legitimate corporate users from accessing internal corporate IT resources or access to corporate secrets. Given the ease of mounting such threats, instant protection becomes critical.

Key Benefits

  • Protects corporate domain accounts from external attacks blocking DoS and brute-force attacks
  • Tracks authentication attempts and blocks further login attempts before the Active Directory Directory Services lockout limit is reached
  • Prevent password-guessing on the extranet by blocking authentication attempts for that account after the number of failed authentication attempts reaches a threshold
  • Prevents attackers from consuming internal Lync Server resources
  • Filters access to Exchange Web Services, and can block non-Lync Server clients from connecting to Exchange based on client type
  • Protects against cross-site scripting (XSS) and SOAP based attacks
  • Accounts locked out by the Security Filters remain accessible when connected internally or through a VPN

Versions

Security Web Filter is supported on the following reverse proxies:

  • F5 BIG-IP
  • Microsoft Threat Management Gateway (TMG 2010)
  • ..more to come!

Architecture

The Security Web Filter inspects Skype for Business (formerly Lync Server) and Exchange traffic, and sanitizes the Web traffic before it's allowed to reach the internal network.

Protect Internal network from external threats

While a network firewall secures traffic at Layers 3 and 4, a web application firewall (WAF) analyzes and secures application traffic at Layer 7. The Security Web Filter is a WAF that performs deep packet inspection of Skype for Business and Lync Server (UCWA), Exchange (EWS, ActiveSync, RPC over HTTP) and Office Web Apps (WOPI) protocols at the reverse proxy before the HTTPS traffic reaches the internal corporate network, and filters out invalid requests. It protects Lync, Exchange and Office Web Apps traffic from external attacks.

It tracks authentication requests coming through the reverse proxy, and blocks DoS attacks, XSS and SOAP based attacks. It uniquely identifies the sign-in user and enforces lockout rules as configured by the administrator. When the number of failed login attempts exceeds the administrator’s specified threshold, the Security Web Filter blocks all further login attempts until the lockout period expires or the administrator unlocks the account.

The Security Web Filter can prevent non-Lync clients from connecting to EWS. It can also block specific Skype for Business (formerly Lync Server) web services from being accessible externally.

Request a demo

Update