App security

Protect enterprise, mobile, and web apps from security threats

App security is one of the core capabilities of Citrix security solutions. With the increased use of mobile devices and BYOD, employees are now accessing corporate applications and data from their own devices both within and outside your corporate network.

On mobile devices, natively installed apps are often exposed to attacks and data leakage when sensitive data is shared on consumer cloud storage, social networks, or between apps.

Web applications are also prey to attacks because they’re often above the controls provided by network firewalls and IDS/IPS.

Protect apps with centralized virtualization security

App virtualization gives you a better way to manage risk by storing and delivering your apps from a central data center or the cloud. Not only does this simplify management for IT, but the architecture is inherently secure because there’s no actual transfer of data.

Centralizing your IT resources in the data center with XenApp and XenDesktop gives you full control of your app security. Perform operating system patches, hotfixes, and configuration updates on one master image—speeding up testing and rollout. And endpoint-device-based attacks, like memory or RAM scraping, are no longer a threat.

Manage mobile apps to prevent data loss

Secure your business assets while supporting the use of personal smartphones and tablets with XenMobile. IT can centrally manage and control business apps and data on personal devices using containerization, a form of segmentation at the device level.

XenMobile provides dedicated micro-VPN tunnels for native mobile apps, plus encrypted sessions to make sure resources on the corporate network aren’t exposed to traffic from personal apps infected with malware.

Native mobile productivity apps—like email, calendar, contacts, and note-taking apps—often don’t meet business security needs. XenMobile offers a suite of sandboxed productivity apps that IT can remotely manage, lock, and wipe as needed without affecting personal data or apps on the device. As a preventative measure, XenMobile detects and blocks jail-broken devices before they can be enrolled.

Secure web apps against known and zero-day attacks

Web apps are rich targets for hackers because they’re directly connected to databases full of sensitive customer and company information. Because hackers often plan such attacks for a specific target, network firewalls and intrusion protection systems can’t always detect them. This leaves web apps exposed to application-layer attacks including known and zero-day exploits.

NetScaler AppFirewall closes this gap by delivering centralized, application-layer security for web apps and services. The web application firewall (WAF) provides application-layer and DDoS attack protection without degrading throughput or application response times. Independent 3rd party testing by NSS Labs based on security, quality, and performance shows Citrix NetScaler as the leading vendor with the best price to application security efficacy ratio in the WAF market today.

Explore products

XenApp and XenDesktop

  • Securely deliver virtual apps and desktops centrally from the data center
  • Allow for strict access control policies, making it easier for IT to protect against remote desktop security risks and meet compliance standards
  • Simplify management with full activity logging, reporting, and auditing built in
  • Common Criteria certified to meet the highest security standards
  • FIPS 140-2 compliant, simplifying regulated compliance


  • Provides comprehensive, end-to-end, enterprise-grade mobile security to protect apps, data and devices
  • Allows you to set policy-based controls to restrict access, automatically de-provision accounts, and remote wipe devices
  • Encrypts both files and embedded SQL technology on devices with app container technology for an extra layer of AES-256 encryption
  • Delivers end-to-end FIPS 140-2 compliance

NetScaler AppFirewall

  • Comprehensive ICSA-certified web application security solution that blocks known and unknown attacks, including all application-layer and zero-day threats
  • Highest performing WAF in the industry: 500 Mbps to 44 Gbps (basic) throughout on standalone WAF models
  • Payment Card Industry Data Security Standard (PCI-DSS) v3.1, Common Criteria, and FIPS compliant
  • Analyzes all bi-directional traffic, including SSL-encrypted communication, to protect against a broad range of security threats without any modification to applications