The Natural way for Secure Mobile Email
v.1.4
www.AGATSolutions.com
ActiveSync Shield overview
 Secure Mobile Email solution for over the air connecting
device to Exchange.
 Server side solution with no client install requirements
 Natural Bring Your Own Device (BYOD) solution
 Compatible with any mobile device -iOS (iPhone, iPad),
Android, Windows Phone, Nokia etc.
 Uses favorite device's familiar native mail client.
 Low enrollment and implementation costs
Slide 2
Security issues addressed
• DLP-Data Leak Prevention- Content protection
• Mobile Access Control- Two Factor Authentication
 Active Directory protection- Network security
• Antivirus scanning- Malware protection
• Available either as an add-on to the Microsoft Forefront
security server family (ISA/TMG/IAG/UAG) or with a
proprietary pluggable Reverse Proxy platform (Bastion).
Slide 3
Main features
 ActiveSync Protocol filtering – manage content syncing
 Two Factor Authentication
 Webmail - DLP solution
 Content inspection and manipulation
 Virus inspection
 Attachment encryption
 Self registration & admin enrollment/ auditing site
Slide 4
Content filtering features
 Manage dynamic content filtering rules by:
 AD group membership
 Device type (iPhone, android..)
 Device mail client (such as Touchdown)
 Regular expression rules
 Manage rules priority order
 Each rule can hold different content policy
 Minimize content leaving network to minimum required
and to necessary users.
Slide 5
Content filtering features (cont.)
 Filter all Exchange objects:
 Mail
 Attachments
 Events
 Tasks
 Contacts.
Slide 6
Content filter features (cont.)
 Filter attachments in mail and calendar events
 Manage a list of permitted attachment file types
 Allow specific file types per rule
 Filter by words in subject and body of mail and calendar
events

Checks entire message body, even if client doesn’t initially
request full message
Slide 7
Content filter features (cont.)
 Allow meeting requests to be received even when email is
blocked
 Filter by the sender's domain name
 Block internal mail leaking out
 Filter by mail headers
Slide 8
Protector Basic - Architecture
Slide 9
Content inspection - Antivirus
 Check mail content by Anti Virus before reaching
Exchange and before reaching device via ICAP protocol
Slide 10
Content manipulationEncryption server
 Strip attachments out of message
 Send to external encryption server
 Attach files back into message
ActiveSync Protector
Exchange server
Mobile Device
Encryption server
Slide 11
DLP -ActiveSync Webmail
 Unique DLP solution avoids storing content on device by
converting email body to web display
 Uses native email client
 Content immediately blocked in
case of stolen or lost device
 Attachments are converted to
links
 No remote wipe technical issues
and personal data issues
Slide 12
DLP -ActiveSync Webmail (cont)
 Mail content dynamically fetched upon request and not
stored on ActiveSync Shield gateway server
 Active Directory password not stored on gateway
 Integrated with Mobile Access
Control filter for secure authentication
 Access control layer requiring web login
 Authentication timeout
can be configured.
Slide 13
Two Factor authentication
 Based on Device ID sent by protocol
 Additional device identification factor:
Solution places a unique key on device, which is verified with
each sync
 Several registration/ enrolment options to enforce access
control policy based on matching phone and user.
Slide 14
Access Control – Enrollment
 Support several access control policies:
 Automatic Registration – Device ID is registered upon first
use of account.
Two steps registration process:
 Two Step Registration – User registers on internal site and
then must sync within a defined time frame to complete
registration.
 Admin Manual Enrollment – Admin management of user
list using training mode and rejected auditing list.
Slide 15
Two Steps Registration
Slide 16
Access Portal admin
 View approved & blocked users
 Block specific users
 Product settings
 Allow duplicate users per device
 Two level admin- local domain admin
 Reports
 Search
Slide 17
Admin user management
Slide 18
Active Directory Protection
 Custom Login– User creates credentials on internal site
for use on device instead of Active Directory credentials.
 Use cases:
 Avoid using internal credentials outside organization
 Avoid storing and using Active Directory credentials on
device.
 Active Directory password lockout protection.
 Solution for organizations using smart card login
Slide 19
Product components
 Mobile Access Control
 Protector
 Consumer
 Access Portal
 Bastion reverse proxy
Slide 20
Two step registration Architecture
Slide 21
Custom Login/Webmail- Architecture
Slide 22
Bastion
 Reverse proxy forwarding traffic to the configured
backend servers
 Pluggable filtering architecture
 Filters HTTP(S)
 Scalable Event-Driven Architecture
 Can publish multiple servers in parallel
 Highly efficient asynchronous architecture
 Bi-directional content filtering
 Cross-platform
Slide 23
Bastion (cont)
 Geared towards full-featured HTTP filtering
 Most reverse proxy solutions are geared towards web
acceleration
 Supports many HTTP features and scenarios
 Chunked, gzip and deflate Transfer-Encodings.
 Pipelining
 Supports filtering content, blocking content or generating
proxy responses anytime during the filtering chain (unlike
TMG and UAG, for instance).
Slide 24
AGAT Security suite - Overview
 ActiveSync Shield is part of AGAT Security suite.
 AGAT Security suite is a set of unique components that
allow extending Forefront (ISA/TMG IAG/UAG)
functionality to solve complex architectures and
requirements, typically implemented in large, complex
and well secured networks.
 To learn more about our solutions please visit our website
at http://www.agatSolutions.com
Slide 25
END
www.SecureMobileEmail.com
See more products at
http://www.agatsolutions.com
info@agatsolutions.com
Slide 26