Security Insight

Web and web service applications that are exposed to the Internet have become increasingly vulnerable to attacks. To protect applications from attack, you need visibility into the nature and extent of past, present, and impending threats, real-time actionable data on attacks, and recommendations on countermeasures. Security Insight provides a single-pane solution to help you assess your application security status and take corrective actions to secure your applications.

Note

Security Insight is supported on Citrix ADM with all ADC appliances running on version 11.0 Build 65.31 and later.

How Security insight works

Security Insight is an intuitive dashboard-based security analytics solution that gives you full visibility into the threat environment associated with your applications. Security insight is included in Citrix ADM, and it periodically generates reports based on your Application Firewall and ADC system security configurations. The reports include the following information for each application:

• Threat index. A single-digit rating system that indicates the criticality of attacks on the application, regardless of whether the application is protected by an ADC appliance. The more critical the attacks on an application, the higher the threat index for that application. Values range from 1 through 7.

  The threat index is based on attack information. The attack-related information, such as violation type, attack category, location, and client details, gives you insight into the attacks on the application. Violation information is sent to Citrix ADM only when a violation or attack occurs. Many breaches and vulnerabilities lead to a high threat index value.

• Safety index. A single-digit rating system that indicates how securely you have configured the ADC instances to protect applications from external threats and vulnerabilities. The lower the security risks for an application, the higher the safety index. Values range from 1 through 7.

  The safety index considers both the application firewall configuration and the ADC system security configuration. For a high safety index value, both configurations must be strong. For example, if rigorous application firewall checks are in place but ADC system security measures, such as a strong password for the nsroot user, have not been adopted, applications are assigned a low safety index value.

• Actionable information. The information that you need for lowering the threat index and increasing the safety index, which significantly improves application security. For example, you can review information about violations, existing and missing security configurations for application firewall and other security features, the rate at which the applications are being attacked.

Configure security insight

Note

Security Insight is supported on ADC instances with Premium license or ADC Advanced with AppFirewall license only.

To configure security insight on an ADC instance, first configure an application firewall profile and an application firewall policy, and then bind the application firewall policy globally.

Then, enable the AppFlow feature, configure an AppFlow collector, action, and policy, and bind the policy globally. When you configure the collector, you must specify the IP address of the Citrix ADM agent on which you want to monitor the reports.

Configure security insight on an ADC instance

1. Run the following commands to configure an application firewall profile and policy, and bind the application firewall policy globally or to the load balancing virtual server.

    **add appfw profile** \<name\> \[**-defaults** ( basic or advanced )\]
   
    **set appfw profile** \<name\> \[**-startURLAction** \<startURLAction\> ...\]
   
    **add appfw policy** \<name\> \<rule\> \<profileName\>
   
    **bind appfw global** \<policyName\> \<priority\>
   
    or,
   
    **bind lb vserver** \<lb vserver\> **-policyName** \<policy\> **-priority** \<priority\>