The cyber threat landscape is changing rapidly. In addition to basic IT/InfoSec blocking and tackling of weak passwords, elevated service account permissions, and the human vector, we now have to deal with ransomware and Mirai-like botnet attacks. System logs were once good enough. The speed at which these threats are occurring has shifted from days or weeks to seconds or minutes. Here’s a snapshot of the 2016 Verizon Data Breach Investigations Report (DBIR):
Another interesting finding from the Verizon DBIR report is that law enforcement and third-party discovery methods are getting better. On the other hand, internal discovery and fraud detection are getting worse.
Using wire data tools such as ExtraHop, Bro IDS, WireShark, Corvil, and Riverbed or realtime analytics tools, such as Citrix NetScaler MAS (Management & Analytics System) give your InfoSec teams access to possible cyber threat detection data in realtime. In addition to these tools, using solutions like Citrix NetScaler ADC (Application Delivery Controller) in your infrastructure can be your organization’s first line of defense. Citrix NetScaler ADC complements advanced malware protection and other high-profile security products to provide an ideal solution for defending against new threats and protecting more targets. The benefits of utilizing NetScaler in this capacity include:
- Reduced security risk by thwarting not only advanced malware but also DoS and targeted application-layer attacks.
- Reduced business risk as security automation, enhanced usability and improved performance increase customer utilization and retention rates.
- Increased business agility from IT’s ability to fully embrace transformative mobile, web and cloud solutions without fear of compromise or other types of infrastructure-related failures.
So, what do you do when these tools detect a potential cyber threat? You can use Citrix Octoblu to automate remediations in real time!
Octoblu connects to all of Citrix products and services out-of-the-box, as well as hundreds of other systems, smart devices, and wearable devices. It also provides generic REST API support for connecting to any system or device. Once connected, Octoblu flows can be orchestrated in its web-based designer and these automations deployed to the Citrix cloud in seconds.
In the Octoblu automation above, we are actively looking for malicious URLs for in the realtime wire data. Octoblu forwards the JSON payload information to the Virustotal API and evaluates the response from the API call adding the relevant response information then checks the response code to see if there is a risky score (> 70). If so, Octoblu prepares the message then sends a warning email to CSIRT warning of malicious content being accessed. The email contains information on the client IP, server IP, reputation score and dossier from Virustotal.
In addition to an email, Octoblu could even send SMS alerts, initiate call trees via Twilio or PagerDuty, open trouble tickets, ChromeCast dashboards, and even turn on and off lights and sirens in the SOC or datacenter. Octoblu could even interact with your NetScalers to block certain IP addresses or ports etc in realtime.
To date, there are more than 12,000 registered users of Citrix Octoblu connecting more than one million devices that send more than 7 billion messages on a monthly basis. What will you build today?
Sign up and start building IoT applications using Citrix Octoblu today!