Metashield for Exchange soon to be available. How does it work?

Metashield for Exchange stacks up to our currently offered server-side metadata cleaning solutions and broadens the flexibility and customization options that we offer companies to get rid of sensitive information and metadata leaks.

A plugin for Outlook is already offered but depending on the needs and architecture of an organization’s servers it may opt for a centralized Exchange-specific solution. In this case, it will be easier for the end user because the cleaning process is completely transparent and occurs asynchronously on the server.

So where exactly does Metashield For Exchange fit in the Exchange message pipeline? There are several roles that run in Exchange servers such as Mailbox, Client access and Edge Transport server roles. Metashield For Exchange is installed to Mailbox servers as a plugin-like «Routing Agent» and resides more specifically in the «Transport» service.

Once configured, instances of Metashield For Exchange are then spawn according to outgoing messages. These instances bind to the «OnSubmittedMessage» event of the message delivery pipeline and perform the cleaning process of the document asynchronously using the «Metashield Engine» service. As soon as the document is clean it’s sent forth to the pipeline until its destination.

This way we ensure that every single outgoing document is metadata-free when reaching our organization mailserver’s outer boundaries.

Source: https://msdn.microsoft.com/en-us/library/office/dd877035(v=exchg.150).aspx

However there are cases that a certain email attachment should not be cleaned and metadata should be maintained. For this purpose the administrator can define advanced rules to skip those messages and leave them «unclean».

Configuring Metashield whitelist

As for customizable options, a caching layer is available and configurable as memory or file based. Considering the case of forwarded message chains containing attachments, the use of a cache may result in significant performance boost. We reccomend its use.

Using cache in Metashield for Exchange

Of course, the profile and template based cleaning system known from other «Metashield» products is maintained. For the sake of example, let’s see a real world configuration where documents should include information about a company but all other metadata is cleaned:

A step by step example
 
First of all a new template with the desired actions needs to be created. This one will be a simple one for demonstration purposes.

Creating a new template

After that, the newly created template should be assigned to the desired extensions or extension families.

Add the template to a profile

Upon applying the configuration «Metashield» will start cleaning all the newly configured extesions and will include the company information that we’ve configured in the template. That simple. 

Overall we hope that Metashield For Exchange contains everything that a System administrator concerned about security needs to prevent metadata leakage in corporate emails, while maintaining usability and good performance.