SkypeShield Reveals Application Firewall Security Solution for Skype for Business

The new solution addresses security threats related to guest and anonymous requests sent to the corporate network by intercepting all anonymous traffic in the DMZ, validating them then adding device pre-authentication when authentication is required

Dec 08, 2015, 07:00 ET from AGAT Software

JERUSALEM, December 8, 2015 /PRNewswire/ --

SkypeShield, an innovative enterprise solution that secures Skype for Business (Lync) access and authentication while connecting devices (mobiles and desktops) to the corporate network, has developed a new application firewall solution for securing guest and anonymous requests when entering corporate networks.

The need for the new solution arose because, as part of the Skype for Business (Lync) topology, requests are sent anonymously to the front server in the corporate network without being authenticated or inspected. Once allowed, these requests, which might contain malicious code, can pass through DMZ firewalls with no control.

The application firewall has the following security layers:

  • Request rewrite - session termination in the DMZ and rewrite of the request that is sent to the domain
  • Protocol level sanitization - inspecting the traffic to validate the structure of the traffic as expected by the protocol
  • Application level inspection - validating that the data content matches what is expected by the server
  • Device pre-authentication - performing device validation before allowing any request to enter the domain

"Common attacks take advantage of network protocol vulnerabilities to execute operations that are not approved by design. Some of these techniques generate or modify valid requests with data that look valid, but maliciously alter the server's behavior. An example of a common concern handled by the firewall is blocking non-valid meeting ID in the DMZ," said Guy Eldan, CEO of AGAT Software, which developed SkypeShield.

"SkypeShield's new Application Firewall offers the best available solution for such security vulnerabilities by intercepting all anonymous Skype for Business traffic in the DMZ and validating them before allowing them to enter the domain network," he added.

In order to ensure that no malicious code is injected into a request, SkypeShield passes each request through multiple security inspections and validation channels. By doing so, the risk of most protocol and application level attacks is eliminated, as the original request is not allowed to enter the domain.

The application firewall also includes a new pre-authentication module inspecting authenticated requests in the DMZ based on device validation before any traffic is allowed to enter the domain including the authentication request itself.

About AGAT Software 

AGAT Software is a dynamic growing company focusing on security solutions for authentication and content filtering while externally connecting devices to company networks.

The company's core product suite is based on a reverse proxy developed by AGAT securing applications such as Skype for Business/Lync/OWA and other apps based on Active Directory authentication.

AGAT also offers secure browser and digital signature mobile applications for mobile PKI requirements.

For more information, visit

For updates, follow us on LinkedIn, Twitter and Facebook.

Company contact: 

Yoav Crombie
Business Manager
AGAT Software
Mobile: +972-52-520-9860