We’ve released a variety of Citrix security features over the past few months that improve security in the cloud, on-premises, and in hybrid environments. Working to make Citrix solutions work for you is our number one priority. We listened to your feedback, and we know that features that power your secure Zero Trust environment, no matter where your desktops are hosted, are the most important to your business. So we built our Destination: Hybrid product roadmap around more security. 

We’re prioritizing the development of features that make your environment even more secure and compliant. New features have rolled out for a number of our solutions, including Anti-DLL injection and granular security controls for App Protection, an on-premises version of Secure Private Access, and upgrade scheduling and on-premises upgrades for Session Recording. Even better, you can access all of these features through the Citrix Universal subscription

With Destination: Hybrid, we’re delivering more tools, and more controls across our suite of technologies to create a single platform for Zero Trust app access. And we will continue to make security improvements for you as part of our security and compliance improvement initiatives. Read on for more on how your environment is more secure than ever with features to protect you against old and new threats. 

Security updates for App Protection

App Protection now features hybrid launch support with Workspace and StoreFront. Workspace and StoreFront protect corporate resources no matter if users launch from the Citrix Workspace app or from a browser. With App Protection, your IT department can be sure that any user, anywhere, on any device is protected from Keylogging and malicious screen capturing. We’ve added a variety of features to both cloud and on-premises to protect your business from emerging threats, as well as strengthening protection for known threats. Plus, we’ve added additional tools for admins so your IT department has better control over how security policies are applied, to better protect your organization and its unique circumstances. 

Anti-DLL Injection

The Citrix Workspace app now comes with Anti-DLL injection technology for Windows. This is in addition to all the App Protection capabilities that you already love, including anti-screen capture and anti-keylogging. The Workspace app ensures that no unauthorized dynamic link libraries (DLL) or untrusted modules get access to secure sessions by stopping the untrusted module from loading if injected during a session. In addition, if any untrusted DLL is detected before the session launches, App Protection stops the session launch and displays an error message to the user. When the user closes the message, the virtual app and desktop session ends and the user can then restart. This is a huge step in preventing unwanted data leaks and saves admins time on security patching and updates. 

Contextual App Protection for Workspace and StoreFront

Additional security features won’t do your organization any good if you can’t choose how to apply them. That’s why we’ve added the ability for your IT department to set more granular controls based on how a user launches their virtual session. This means you can choose to apply App Protection to internal or external users, user or device posture, browser-based access, and Citrix Virtual Apps access. You can apply these granular controls on both Workspace and StoreFront for your most secure environment yet. 

Bringing Secure Private Access to everyone

Secure Private Access has so far only been available to Citrix DaaS users, but we are excited to announce that Secure Private Access is now available for on-premises deployments, for a granular web and security solution no matter where your environment is hosted. Zero Trust Network Access (ZTNA) replaces traditional VPN security and provides better security for your hybrid workforce. And we’ve built the on-premises Secure Private Access so that you can control your data and manage it on-premises. Authentication and federation services will also be on-premises via a NetScaler Gateway.

Take a look at the end user experience of Secure Private Access on-premises here: 

Citrix Enterprise Browser, now included with Secure Private Access 

When we talk about IT security, we often overlook the consumer browser that most workers use, exposing even the most secure IT environments to some level of risk. The Citrix Enterprise Browser offers a more secure alternative to the consumer browser but is built on a chromium base for a familiar user experience. Our Enterprise Browser features some major security elements to help prevent accidental data leaks, which IT departments can choose to enable or disable on all employee devices. 

Citrix Enterprise Browser includes a feature to enable the browser for all apps, making it the default browser for opening web and SaaS apps from Citrix Workspace for secure connections to the internet. Admins also have control over all browser features, so you can enable or disable incognito mode and saved passwords. You can also push bookmarks lists and extensions to users’ browsers, or create an allowed extensions list, where users can choose which extensions they want to install from that list. Lastly, you can configure the browser to delete all browsing data on exit.

Better Compliance with Session Recording

Admins have been using Citrix Session Recording as a security staple for years to secure, troubleshoot, and audit user environments. That’s why we have invested in improving Session Recording. We have added granular security capabilities to the on-premises Session Recording policy console within Citrix Virtual Apps and Desktops. Administrators can use this new feature to gain granular access control when viewing recorded files. Admins can also restrict access to specific recordings by creating authorized groups of admins for a consistent security policy and improved access level management. 

We’ve introduced additional feature improvements for Session Recording like scheduling for cloud client upgrades, so you can configure the cloud client to update when you want. This includes disabling automatic upgrades, enabling automatic updates within a preferred time window, and forcing immediate upgrades if needed. 

New on-premises security features

We also added new features for on-premises Session Recording as well. First, a feature where administrators can push notifications to users before they are logged out or locked out of a session. Second, an archive and delete command so admins can easily archive or delete recordings. These Session Recording capabilities enhance the admin experience for troubleshooting and securing environments.

The tools you want, to create the secure environment you need

We’ve been working to put the security tools you need in your toolbox. These releases show our commitment to supporting your security and compliance on-premises. We’ve also added a variety of security features to Citrix on public cloud workloads for those of you who use cloud providers as well. These include support for Google Identity Authentication, Azure Dynamic security groups, and trusted launch support for Azure Ephemeral OS disk. Read the What’s New blog for more on those features.

Read all four blogs in this series:

Disclaimer: The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.