Enhanced Security for CitrixTM

 

Citrix XenApp™ has strong security features at the application level, as well as powerful session-recording capabilities of SmartAuditor. However, once the door has been opened and high-risk users have been granted admittance to the IT infrastructure in a Citrix environment, these features alone cannot prevent these tech-savvy users from jumping to unauthorized areas, alert the IT administrators about unauthorized activities, or easily provide comprehensive reporting for testing audit and compliance requirements. Combined with the strengths of Citrix XenApp, Xceedium GateKeeper™ provides a complete entitlement management security framework that enables companies to satisfy compliance and best practices for the increasing numbers of "high-risk" users accessing the critical IT infrastructure.

IT Administrator Challenges

Got a question? Click here to email us or call us at 877-636-5803 ext 149

IT administrators working in a Citrix XenApp environment face many of the same challenges as administrators in other IT operating environments, including:

  • Inadequate security and controls for high-risk users who possess high skill levels, use powerful access tools and have a need for broad access to do their jobs;

  • Inability to create compartments and contain high-risk users to these authorized areas due to their use of powerful tools at the command level AND at the application layer their ability to design "back doors" at the application level to launch commands and gain access to the mission-critical infrastructure from applications;

  • The need for customers to have an audit trail for this high-risk user group, despite the fact that the nature of their work, the many tools they touch and their need to move fluidly across the heterogeneous enterprise results in visibility gaps and difficulty in tracking and auditing their activities;

  • The limited number of ways to capture, correlate and report on events initiated by high-risk users for compliance and audit; and

  • Difficulty balancing the need for security enforcement with the operational efficiency, which is a high priority for required by high-risk users to do their jobs.

For more information on compartmentalization and Leapfrog Prevention technology, click here.

Xceedium GateKeeper with Citrix XenApp

  • Xceedium GateKeeper centralizes all ingress through a secure channel with no footprint on the network

  • Xceedium GateKeeper with LeapFrog Prevention technology for Citrix XenApp provides strong enforcement of security policy (compartmentalization and containment) for technical users;

  • Xceedium GateKeeper working with Citrix XenApp and SmartAuditor provides comprehensive tracking, recording and reporting for command line and windows to satisfy compliance requirements for technical users;

  • Specific solution to implement and validate controls for PCI, SOX, FISMA and HIPPA.

Key Xceedium Gatekeeper Features

  • Integrated command line access through applets that create a secure channel without putting a footprint on the network;

  • Compartmentalization and separation of duties for the entire IT infrastructure with no visibility to unauthorized areas;

  • Leapfrog Prevention contains users within authorized areas only when using command line access like TelNet or SSH, or graphical applications like RDP, VNC, etc.

  • Leapfrog Prevention for Citrix XenApp prevents technical users from exploiting holes in applications to launch commands and enter unauthorized parts of the IT infrastructure;

  • Monitoring, real-time alerting and remediation for security violations

  • Comprehensive command line tracking of users, events, keystroke logging and full session recording;

  • Combines with SmartAuditor to report on activity at the application layer;

  • Centralized and easy-to-produce reports for technical users working at the command line; and

  • A centralized IT operations management platform to efficiently do their jobs

Enhanced Citrix XenApp Security for Users Working with Direct Access

When publishing command line applications in Citrix XenApp, Xceedium provides enhanced containment security by restricting users to authorized systems. In the case of a CLI session on the server, such as Telnet or SSH, the user has access to any available tools and then can leapfrog from the server to another device on the network. Furthermore, the user can even create scripts to circumvent any command-based filtering system as it is impossible to enforce an infinite list of user-generated commands. Socket-level monitoring, based on the user's processes, can detect any leapfrog attempt regardless of what command the user is issuing. This methodology effectively detects and terminates the violating program that is trying to establish a connection to another unauthorized device on the network.

Xceedium Leapfrog Prevention Blocks the Ability to Leave the Application Layer

In a Windows graphical environment, even with only application publishing technology deployed, the user can easily leapfrog from the server to other devices on the network. For example, the user is given access to a single Windows application through Citrix. Once the user is authenticated through Citrix and the application is launched, the user can utilize Windows' ability to open the cmd.exe file from within the application. The cmd.exe essentially is the CLI that a user can use to reach another device on the network. In a poorly configured environment, the user may even be able to launch any client software from their remote laptop because the hard drive partitions are accessible within the Citrix session. Without needing to predict what command or application the user may use to leapfrog from authorized servers, the socket-level detection and intervention technology provides an effective strategy to detect and block a broad range of leapfrog violation methods.

Key Differentiators of Xceedium Gatekeeper

  • Xceedium GateKeeper is the only solution on the market developed from the ground up for the security and operational needs of high-risk users (vendors, IT administrators, DBA's, outsourcers, MSP's, developers) who work with mission critical systems;

  • Unique access method that does not put a footprint on the network and creates fine grained compartmentalization of critical IT infrastructure down to the port level;

  • Patent-pending Leapfrog Prevention technology ensures containment of technical users within authorized areas. Leapfrog Prevention for Citrix XenApp plugs the hole in applications and contains high-risk users;

  • Monitoring , real-time alerts and remediation for violations of security policy; and

  • Xceedium GateKeeper is the only solution to provide "single window" reporting for all technical user activity inside the IT infrastructure.

share Xceedium