1. Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite www.SecureMobileEmail.com www.AGATSolutions.com

2. Main features Zero client installation Multi platform support Easy deployment Bring your own Device solution DLP-Data Leak Protection- content filtering and unique DLP solution for stolen/lost devices Access Control- Two Factor Authentication Active Directory protection Antivirus content inspection

3. Introduction ActiveSync is a data protocol used to synchronize end user devices with Exchange server. More and more companies encourage their employees to work with their mobile devices implementing Bring Your Own Device (BYOD) strategy to save money and improve efficiency. But from a security point of view, mobile smart phones are in fact mini computers and should be treated as a potential threat.

4. DLP- Content filtering Manage dynamic content rules by: AD group membership Device type (iPhone, android..) Device mail client (such as Touch down) Minimize content leaving network to minimum required and to necessary users.

5. Content Filtering Features Configure content publishing rules according to device type and/or user AD group membership. Filter Exchange objects: Mail Attachments Events Tasks Contacts.

6. Content filter features (cont.) Allowing or blocking Sync of attachments in mail messages or events. Managing white list of attachment file types. Filtering by words in subject and body of mail and calendar events (even if not in preview) Allowing meeting requests to be published even when mail is blocked. Filtering by the sender's domain name

7. Protector Basic - Architecture

8. DLP- ActiveSync Webmail Unique DLP solution avoiding storing content on device by converting mail to web display Use native email client Content immediately blocked in case of stolen or lost device Attachments are handled as links No remote wipe technical issues and personal data issues

9. DLP- ActiveSync Webmail (cont) Mail content dynamically generated upon request and not stored on server. Active Directory password not stored on gateway. Integrated with Mobile Access Control filter for secure authentication Access control layer requiring web login Authentication timeout can be configured.

10. Access Control Features Two Factor authentication solution Solution adds another factor over device ID by placing on device a unique key during enrolment. Several registration/ enrolment options to enforce access control policy based on matching phone and user.

11. Access Control – Enrollment Support several access control policies: Automatic Registration – Device ID is registered upon first use. Two steps registration process: Two Step Registration – User registers on internal site and then must Sync within a defined time frame to complete registration. Admin Manual Enrollment – Admin management of user list using training mode and rejected auditing list.

12. Two Steps Registration

13. Edit User Account

14. Admin user management

15. Two steps registration Architecture

16. Custom Login/Webmail - Architecture

17. Active Directory Protection Custom Login – User creates credentials on internal site (using strong login) and these are used on device instead of Active Directory credentials. Avoid storing and using Active Directory credentials on device. Active Directory password lockout protection. Solution for organizations using smart card login

18. Antivirus inspection Check mail content by Anti Virus before reaching Exchange and before reaching device

19. AGAT Security suite - Overview ActiveSync Shield is part of AGAT Security suite. AGAT Security suite is a set of unique components that allow extending Forefront (ISA/TMG IAG/UAG) functionality to solve complex architectures and requirements, typically implemented in large, complex and well secured networks. To learn more about our solutions please visit our website at http://www.agatSolutions.comhttp://www.agatSolutions.com

20. END www.SecureMobileEmail.com See more filters available on http://www.agatsolutions.com info@agatsolutions.com