extending forefront beyond the limit tmg uag isa iag security suite
TRANSCRIPT
![Page 1: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/1.jpg)
Extending Forefront beyond the limit
www.SecureMobileEmail.com
www.AGATSolutions.com
![Page 2: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/2.jpg)
Main features
Zero client installation
• Multi platform support
• Easy deployment
• Bring your own Device solution
• DLP-Data Leak Protection- content filtering and unique DLP solution for stolen/lost devices
• Access Control- Two Factor Authentication• Active Directory protection• Antivirus content inspection
![Page 3: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/3.jpg)
IntroductionActiveSync is a data protocol used to synchronize
end user devices with Exchange server.
More and more companies encourage their employees to work with their mobile devices implementing Bring Your Own Device (BYOD) strategy to save money and improve efficiency.
But from a security point of view, mobile smart phones are in fact mini computers and should be treated as a potential threat.
![Page 4: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/4.jpg)
DLP- Content filtering
Manage dynamic content rules by:AD group membershipDevice type (iPhone, android..)Device mail client (such as Touch down)
Minimize content leaving network to minimum required and to necessary users.
![Page 5: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/5.jpg)
Content Filtering Features
Configure content publishing rules according to device type and/or user AD group membership.
Filter Exchangeobjects:MailAttachmentsEventsTasksContacts.
![Page 6: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/6.jpg)
Content filter features (cont.)
Allowing or blocking Sync of attachments in mail messages or events.
Managing white list of attachment file types.Filtering by words in subject and body of mail
and calendar events (even if not in preview)Allowing meeting requests to be published
even when mail is blocked. Filtering by the sender's domain name
![Page 7: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/7.jpg)
Protector Basic - Architecture
![Page 8: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/8.jpg)
DLP- ActiveSync Webmail
Unique DLP solution avoiding storing content on device by converting mail to web display
Use native email clientContent immediately blocked in
case of stolen or lost deviceAttachments are handled
as linksNo remote wipe technical issues
and personal data issues
![Page 9: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/9.jpg)
DLP- ActiveSync Webmail (cont)
Mail content dynamically generated upon request and not stored on server.
Active Directory password not stored on gateway.
Integrated with Mobile Access Control filter for secure authentication
Access control layer requiring web loginAuthentication timeout
can be configured.
![Page 10: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/10.jpg)
Access Control FeaturesTwo Factor authentication solutionSolution adds another factor over device ID
by placing on device a unique key during enrolment.
Several registration/ enrolment options to enforce access control policy based on matching phone and user.
![Page 11: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/11.jpg)
Access Control – EnrollmentSupport several access control policies:
Automatic Registration – Device ID is registered upon first use.
Two steps registration process: Two Step Registration – User registers on
internal site and then must Sync within a defined time frame to complete registration.
Admin Manual Enrollment – Admin management of user list using training mode and rejected auditing list.
![Page 12: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/12.jpg)
Two Steps Registration
![Page 13: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/13.jpg)
Edit User Account
![Page 14: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/14.jpg)
Admin user management
![Page 15: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/15.jpg)
Two steps registration Architecture
![Page 16: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/16.jpg)
Custom Login/Webmail- Architecture
![Page 17: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/17.jpg)
Active Directory Protection
Custom Login– User creates credentials on internal site (using strong login) and these are used on device instead of Active Directory credentials.
Avoid storing and using Active Directory credentials on device.
Active Directory password lockout protection.Solution for organizations using smart card
login
![Page 18: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/18.jpg)
Antivirus inspection
Check mail content by Anti Virus before reaching Exchange and before reaching device
![Page 19: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/19.jpg)
AGAT Security suite - OverviewActiveSync Shield is part of AGAT Security
suite.AGAT Security suite is a set of unique
components that allow extending Forefront (ISA/TMG IAG/UAG) functionality to solve complex architectures and requirements, typically implemented in large, complex and well secured networks.
To learn more about our solutions please visit our website at http://www.agatSolutions.com
![Page 20: Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite](https://reader036.vdocuments.site/reader036/viewer/2022062321/56649e925503460f94b9846c/html5/thumbnails/20.jpg)
END
www.SecureMobileEmail.com
See more filters available on http://www.agatsolutions.com