With the general availability of Citrix Workspace’s intelligent capabilities, we’re transforming the employee experience by organizing, guiding, and automating work to help people perform at their best. With Citrix Workspace, employees are more productive and engaged, while IT get more visibility and control for simplified management, security, and compliance.
Let’s look at how Citrix Analytics for Security enhances security without getting in the way of the employee experience.
Citrix Analytics for Security correlates data across the Citrix Workspace environment and generates individual user risk scores to easily identify hard-to-detect malicious users. These users could be careless insiders causing an accidental breach or willfully ignoring IT policies. But more troubling are malicious insiders or external actors using compromised credentials to proactively steal intellectual property or confidential data.
The Citrix Analytics platform uses machine learning to better understand the behavior of end users as they interact with all components of Citrix Workspace, including Citrix Virtual Apps and Desktops, Citrix Content Collaboration, Citrix Access Control, and Citrix Endpoint Management. This unique vantage point into user activity enables Citrix Analytics to detect and IT admins to proactively mitigate threats before damage is done to the business.
Continuous Risk Assessment
Citrix Analytics’ continuous access and authorization capabilities detect changes in user behavior after the initial login. If unusual user behavior occurs, Citrix Analytics for Security can initiate further requests for user identity verification and log users off the system.
Helping to realize security outcomes like continuous authentication, Citrix Analytics can easily be adopted as a Policy Information Point (PIP) and a Policy Decision Point (PDP), augmenting any enforcement points.
Every organization’s cyber exposure is unique based on their threatscape. Citrix Analytics provides a way for customers to assess the risk exposure to their own posture checks.
For example, in highly regulated industries, attaching portable USB storage devices is prohibited. Taking any data out of the system and, potentially, offsite would be a significant violation. Citrix Analytics can detect and prevent such industry-specific scenarios.
Partner Integration
Citrix Analytics works with key partners including Microsoft and Splunk. Citrix Analytics can ingest data from the Microsoft Graph Security API. This adds data from Microsoft Azure AD Identity Protection or Windows Defender Advanced Threat Protection and sends the information to Citrix Analytics for a more complete analysis of user behavior.
Citrix Analytics can also export user risk indicators to Security Information and Event Management (SIEM) offerings from Splunk and Microsoft. Companies that have standardized on Splunk or Azure Sentinel can receive security data from Citrix Analytics to search, collect, and analyze data from multiple data sources on a single platform.
Applying Machine Learning
Citrix Analytics applies machine learning to user data so the system is adaptive and responsive to changes in that data. As users move through Citrix offerings, their unique, individualized risk score changes in response to their behavior. Citrix Analytics can derive potentially threat-relevant user behavior that would otherwise not be possible using other tools.
Individual User Risk Profiles
Citrix Analytics generates unique, individual risk scores and does not group users into broad categories. This enables granular analysis of unique user behavior to uncover sophisticated attacks by malicious users. (Check out this resource on discovered users.)
A timeline of risk indicators is generated for each individual user. Built-in risk indicators are available out of the box, and you can create custom risk indicators easily to tailor scores to the business.
Citrix Analytics for Security does support the ability to monitor highly sensitive users as a group. These might include users with unique access to sensitive data (admins, executives, and others). Citrix Analytics makes it easy to identify privileged users in the user dashboard. Learn more about privileged users.
Closed-Loop Actions
Beyond insights, Citrix Analytics provides closed-loop actions. With policies specific to your organizational needs, Citrix Analytics can take conditional action when unusual or suspicious activities occur. For example, a condition could be a user accessing sensitive data that triggers an action to disable the user.
Actions help you respond to suspicious events and prevent future anomalous events from occurring. You can take action on user accounts that display unusual or suspicious behavior. You can either configure policies to take action on the user’s account automatically or apply a specific action manually from the user’s risk timeline.
You can view global actions or actions for each Citrix data source and also disable previously applied actions for a user at any time.
Self-Service Search and Reporting
Native to Citrix Analytics is the ability to easily assemble custom reports that can be saved and reused. Data and metrics are selected and a variety of visualizations are supported. For example, you can group events by the countries or cities where the users are located. You can visualize reports as bar charts, scatter plots, line charts, and tables. This makes it easy to share insights with others in an organization.
Also included is a self-service search feature to find and filter raw user events based on data sources. Administrators can explore the underlying user events in detail, including their attributes, and identify and troubleshoot any data issues. Learn more about custom reports.
Citrix Workspace delivers an unparalleled, contextual user experience that automates tedious, low-value tasks so users can focus on work the energize them and moves the business forward. Combine that with the power of Citrix Analytics, and you can enable a great employee experience and keep your most valuable assets secure.
