by James O’Regan, CTA, Ireland CUGC Leader
As we know, Citrix has been speaking about a secure digital workspace and a very important component of this is Citrix Analytics, which is a Citrix Cloud-based service.
Recently, I was very lucky to get a trial of Citrix Analytics.
Analytics are a real buzz word, especially in the world of Cloud Computing, so I was very interested in getting an in-depth overview of Citrix Analytics.
Citrix Analytics comes in three versions: Security – Performance – Operations. Currently, Security is the only version available on a trial basis, and the release dates for Performance and Operations have still to be announced. I suspect there will be further news following Synergy 2018.
This service uses artificial intelligence and machine learning to track user activity, including application, data and network usage, and identifies and detects any abnormalities in that usage. This activity can be tracked across all Citrix products.
So how does it gather data? For cloud-based solutions, such as ShareFile, it sends event meta-data to the Analytics service when you link your SF account within Citrix Cloud and select data transmission within the Analytics settings.
For On-Prem collection, an agent is required. In the case of XenApp, an agent is installed on one of your delivery controllers.
Once the agent is installed, the data is relayed to the Citrix Analytics service on Citrix Cloud.
This service utilises User Behaviour Analytics to:
- Detect and mitigate behaviour from trusted internal users with malicious intentions.
- It displays high risk users
- It can apply corrective measures.
This data is then displayed under the following categories:
High Risk User
Medium Risk User
Low Risk User
What occurs when a threat is detected? Citrix Analytics has a whole set of rules that you can configure in response to a threat.
Shown below is an example of such a rule:
In this example, if ShareFile detects a user performing excessive file/folder deletion, then the rule created will result in that user being disabled.
In conclusion, Citrix Analytics is a great solution for alerting and reporting security risks, and the performance and operations modules, in conjunction with automated responses, should ensure a more secure and better user experience. I look forward to seeing the full-service offering and how it develops.
To access a trial, go to https://www.citrix.com/products/citrix-cloud/form/citrix-analytics/