Description

Enabling federation with other organizations facilitates communication and collaboration, and accelerate productivity. However, it introduces privacy concerns and potential leakage of confidential information.


To mitigate these risks, you need a solution that enforces an ethical wall between your organization and your federated partners to protect your corporate intellectual property.


Key Benefits


The Security Federation Filter protects the federated traffic coming into your network in the following ways:


  • Data loss prevention (DLP) is enforced on all outgoing IMs

  • Federated users cannot see the presence of internal users unless explicitly permitted by the internal user

  • Modalities (IM, audio, video, application sharing, file transfer) can be blocked or allowed through federation policies
  • Federation policies are enforced at the edge (network perimeter)

  • Federation policies are defined at the user, Active Directory group or domain level maximizing granular control


Architecture

The Security Federation Filter installs directly on the Edge Server. It inspects the federation traffic on the Edge Server before this traffic reaches the internal network.



The default behavior of the Security Federation Filter is to prevent external users from subscribing to the presence of internal users. The internal user's presence remains unknown to external users until the internal user adds the federated use to their contact list. Alternatively, the administrator can specify whether presence access is allowed or blocked.


A federation policy can specify the modalities (IM, audio, video, application sharing, file transfer) permitted between a federated user and an internal user. Federation policies are enforced in one-to-one conversations, multi-party conversations and Skype for Business meetings.


The Security Federation Filter performs data loss prevention (DLP) by blocking outgoing messages from being delivered when IMs trigger a scanning policy. A scanning policy is comprised of one or more regular expression rules that define keywords to trigger DLP.


The Security Federation Filter scrubs outgoing SIP traffic of any internal IP addresses before it leaves your corporate network to prevent malicious users from scanning your internal network.


The Security Federation Filter displays a disclaimer at the beginning of a new conversation to both the internal user and federated user. This disclaimer is customized by the administrator.


Federation policies can be applied to Active Directory groups. This requires deploying the Security Sync Filter.