Sourcefire IPS™ Works in Combination with Citrix NetScaler® Web Application Delivery Appliance for a Layered Approach to Security. Information security risks dramatically increase with the use of web servers to conduct business. An organization’s most important data—customer confidential information, partner information, or financial information—is often housed on or accessed by web servers. Increasingly savvy hackers are launching unique attacks against web applications and the underlying infrastructure, gaining access to data for identity theft and other damaging uses. To enhance security posture, organizations need layers of defense to better protect web applications as well as the underlying operating systems, protocols, and databases.

Sourcefire and Citrix have partnered together to provide a unique approach to securing and protecting this critical infrastructure. Through this collaboration, Sourcefire can enhance Citrix NetScaler security policies on the fly in near-realtime in response to network security events.


Citrix NetScaler is an all-in-one web application delivery appliance. Deployed in front of web servers, NetScaler is a single, purpose-built hardware platform that includes high-speed traffic management via load balancer and content switching with application acceleration, content caching, SSL acceleration, web application firewall, network optimization, and application performance monitoring. NetScaler helps an organization quickly deploy web applications while reducing total cost of ownership (TCO), optimizing the user experience, providing security, and ensuring the availability of applications.


The NetScaler web application firewall works on the application layer, seeking and blocking attacks against specific web-based applications. Sourcefire 3D® Sensors serve as a second line of defense, identifying threats and changes to protocols, operating systems, and database servers and passing critical information from the Sourcefire Defense Center® management console to Citrix NetScaler to reconfigure security policies for increased protection. For example, Defense Center can trigger a configuration change on the Citrix NetScaler appliance to block a machine or machines that Sourcefire identifies as malicious.

Both Sourcefire 3D Sensors and Citrix NetScaler can be delivered as either physical or virtual appliances, providing the greatest deployment flexibility. The combination of the Sourcefire 3D System and Citrix NetScaler provides a customer with significant advantages, including:

  • Rapid response to web application vulnerabilities
  • Protection against Denial of Service (DoS) attacks
  • Protection against embedded HTTP attacks
  • Protection of SSL-encrypted traffic
  • Load balancing to maintain performance despite major security events
  • Intrusion prevention protection against infrastructure attacks and a coordinated response by both the 3D System and NetScaler


The Citrix NetScaler Remediation module would perform an ACL command based in the information provided by the Sourcefire 3D system. Remediations execute when the rules included in a compliance policy and associated with that remediation trigger, violating the compliance policy. When the compliance policy is violated, the Remediation subsystem launches an instance of the associated remediation. Information from the Remediation subsystem is brokered to remediation modules through a program called the Remediation daemon, which passes configuration and compliance event data to remediation modules. The daemon also accepts return codes from remediation modules and provides them to the Policy and Response module. In addition, it creates and updates remediation status logs. When a remediation module receives data from the Remediation daemon, it executes the associated action.


The Citrix Netscaler Remediation module supports all of the Sourcefire 3D system as well as the NetScaler platforms VPX and hardware including hybrid system of virtual and hardware systems.


The Sourcefire and Citrix collaboration provides significant benefits.

  • Take immediate action to manage and minimize web application security risk with automated policy Changes
  • Extend your investment in your current solution and enhance your network security with greater levels of protection
  • Lower your TCO with flexible deployment options and the ability to tune protection to minimize damage and the time and effort required for response


Learn more about how you can benefit from the combination of leading technology from Sourcefire and Citrix.

Visit Sourcefire here

Download/Purchase the Citrix NetScaler here

The Citrix Community is powerful!