Presentation - ActiveSync Shield
Download
Report
Transcript Presentation - ActiveSync Shield
The Natural way for Secure Mobile Email
v.1.4
www.AGATSolutions.com
ActiveSync Shield overview
Secure Mobile Email solution for over the air connecting
device to Exchange.
Server side solution with no client install requirements
Natural Bring Your Own Device (BYOD) solution
Compatible with any mobile device -iOS (iPhone, iPad),
Android, Windows Phone, Nokia etc.
Uses favorite device's familiar native mail client.
Low enrollment and implementation costs
Slide 2
Security issues addressed
• DLP-Data Leak Prevention- Content protection
• Mobile Access Control- Two Factor Authentication
Active Directory protection- Network security
• Antivirus scanning- Malware protection
• Available either as an add-on to the Microsoft Forefront
security server family (ISA/TMG/IAG/UAG) or with a
proprietary pluggable Reverse Proxy platform (Bastion).
Slide 3
Main features
ActiveSync Protocol filtering – manage content syncing
Two Factor Authentication
Webmail - DLP solution
Content inspection and manipulation
Virus inspection
Attachment encryption
Self registration & admin enrollment/ auditing site
Slide 4
Content filtering features
Manage dynamic content filtering rules by:
AD group membership
Device type (iPhone, android..)
Device mail client (such as Touchdown)
Regular expression rules
Manage rules priority order
Each rule can hold different content policy
Minimize content leaving network to minimum required
and to necessary users.
Slide 5
Content filtering features (cont.)
Filter all Exchange objects:
Mail
Attachments
Events
Tasks
Contacts.
Slide 6
Content filter features (cont.)
Filter attachments in mail and calendar events
Manage a list of permitted attachment file types
Allow specific file types per rule
Filter by words in subject and body of mail and calendar
events
Checks entire message body, even if client doesn’t initially
request full message
Slide 7
Content filter features (cont.)
Allow meeting requests to be received even when email is
blocked
Filter by the sender's domain name
Block internal mail leaking out
Filter by mail headers
Slide 8
Protector Basic - Architecture
Slide 9
Content inspection - Antivirus
Check mail content by Anti Virus before reaching
Exchange and before reaching device via ICAP protocol
Slide 10
Content manipulationEncryption server
Strip attachments out of message
Send to external encryption server
Attach files back into message
ActiveSync Protector
Exchange server
Mobile Device
Encryption server
Slide 11
DLP -ActiveSync Webmail
Unique DLP solution avoids storing content on device by
converting email body to web display
Uses native email client
Content immediately blocked in
case of stolen or lost device
Attachments are converted to
links
No remote wipe technical issues
and personal data issues
Slide 12
DLP -ActiveSync Webmail (cont)
Mail content dynamically fetched upon request and not
stored on ActiveSync Shield gateway server
Active Directory password not stored on gateway
Integrated with Mobile Access
Control filter for secure authentication
Access control layer requiring web login
Authentication timeout
can be configured.
Slide 13
Two Factor authentication
Based on Device ID sent by protocol
Additional device identification factor:
Solution places a unique key on device, which is verified with
each sync
Several registration/ enrolment options to enforce access
control policy based on matching phone and user.
Slide 14
Access Control – Enrollment
Support several access control policies:
Automatic Registration – Device ID is registered upon first
use of account.
Two steps registration process:
Two Step Registration – User registers on internal site and
then must sync within a defined time frame to complete
registration.
Admin Manual Enrollment – Admin management of user
list using training mode and rejected auditing list.
Slide 15
Two Steps Registration
Slide 16
Access Portal admin
View approved & blocked users
Block specific users
Product settings
Allow duplicate users per device
Two level admin- local domain admin
Reports
Search
Slide 17
Admin user management
Slide 18
Active Directory Protection
Custom Login– User creates credentials on internal site
for use on device instead of Active Directory credentials.
Use cases:
Avoid using internal credentials outside organization
Avoid storing and using Active Directory credentials on
device.
Active Directory password lockout protection.
Solution for organizations using smart card login
Slide 19
Product components
Mobile Access Control
Protector
Consumer
Access Portal
Bastion reverse proxy
Slide 20
Two step registration Architecture
Slide 21
Custom Login/Webmail- Architecture
Slide 22
Bastion
Reverse proxy forwarding traffic to the configured
backend servers
Pluggable filtering architecture
Filters HTTP(S)
Scalable Event-Driven Architecture
Can publish multiple servers in parallel
Highly efficient asynchronous architecture
Bi-directional content filtering
Cross-platform
Slide 23
Bastion (cont)
Geared towards full-featured HTTP filtering
Most reverse proxy solutions are geared towards web
acceleration
Supports many HTTP features and scenarios
Chunked, gzip and deflate Transfer-Encodings.
Pipelining
Supports filtering content, blocking content or generating
proxy responses anytime during the filtering chain (unlike
TMG and UAG, for instance).
Slide 24
AGAT Security suite - Overview
ActiveSync Shield is part of AGAT Security suite.
AGAT Security suite is a set of unique components that
allow extending Forefront (ISA/TMG IAG/UAG)
functionality to solve complex architectures and
requirements, typically implemented in large, complex
and well secured networks.
To learn more about our solutions please visit our website
at http://www.agatSolutions.com
Slide 25
END
www.SecureMobileEmail.com
See more products at
http://www.agatsolutions.com
[email protected]
Slide 26