Continuous risk assessment 编辑

An increased use of portable computing devices and the internet allows Citrix Workspace users to work from almost any location and on any device. The challenge with this flexibility is that, remote access exposes sensitive data to security risks through cyber-criminal activities like data exfiltration, theft, vandalism, and service disruptions. Employees within organizations are also likely to contribute to this damage.

Some conventional ways of addressing such risks are to implement multifactor authentication, short sign-in sessions, and so on. Although these risk assessment methods ensure a higher level of security, they do not provide complete security after the initial validation of users. If a malicious user is successful in gaining access to the network, they misuse sensitive data that is harmful to an organization.

To enhance the security aspect and to ensure a better user experience, Citrix Analytics introduces the solution of continuous risk assessment. This solution protects your data from both external cyber criminals and malicious insiders by ensuring that the risk exposure of the users who are using Citrix Virtual Apps and Desktops or Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) remains the same as it was when verified during the initial stage, without requiring the user to prove it every time. This solution is achieved by continuously assessing a risky event during a session and by automatically applying actions to prevent the organization’s resources from further misuse.

Continuous risk assessment

Use cases

Consider a user Adam Maxwell, who was able to access a network for the first time after multiple failed sign-in attempts from an unusual location that is contrary to their usual behavior. Also, the location has a track record of cyber attacks. In this scenario, you are required to take immediate action to avoid Adam’s account from further misuse. You can lock Adam’s account and notify him about the action taken. This action might temporarily create service disruptions to the user’s account. The user can contact the administrator for assistance to restore the account.

Consider another scenario where Adam has accessed a network from a new device and from a new IP for the first time. You can contact Adam asking to confirm if he identifies this activity. If so, it might be that Adam has changed his working device and is working from his home network. This activity does not cause any harm to your organization’s security, and can be ignored. However, if the user did not perform this activity, it is likely that the account has been compromised. In this scenario, you can lock the user’s account to prevent any further damage.

Key features

Continuous risk assessment automates some of the functionalities associated with policies and visibility dashboards:

Support multiple conditions

When you create or modify a policy, you can add up to four conditions. The conditions can contain combinations of default risk indicators and custom risk indicators, user risk scores, or both.

For more information, see What are policies.

Notify users before applying actions

Before applying an appropriate action on a user’s account, you can notify the user and assess the nature of an unusual activity that has been detected.

For more information, see Request end user response.

Notify users after applying actions

For some activities, awaiting user response before applying an action can put the user’s account and your organization’s security at risk. In such scenarios, you can apply a disruptive action when you detect an unusual activity, and notify the user about the same.

For more information, see Notify user after applying disruptive action.

Enforcement and monitor modes

You can set policies to enforcement or monitor modes based on your requirements. Policies in enforcement mode have a direct impact on users’ accounts. However, if you want to assess the impact or the outcome of your policies before implementing them, you can set your policies to monitor mode.

For more information, see Supported modes.

Visibility into access and policy dashboards

Using the Access Summary dashboard, you can gain insights into the number of access attempts made by users. For more information, see Access Summary.

Using the Policies and Actions dashboard, you can gain insights into the policies and actions applied on user accounts. For more information, see Policies and Actions.

Default policies

Citrix Analytics introduces pre-defined policies that are enabled on the Policies dashboard by default. These policies are created by using risk indicators and user risk scores as the pre-defined conditions. A global action is assigned to every default policy.

Note

The policies listed in your environment might vary depending on when you first started using Citrix Analytics, and whether you have made any local changes.

For more information, see What are policies.

You can use the following default policies or modify them based on your requirements:

Policy nameConditionData sourceAction
Successful credential exploitWhen the Excessive authentication failures and Suspicious logon risk indicators are triggeredCitrix GatewayLock user
Potential data exfiltrationWhen the Potential data exfiltration risk indicator is triggeredCitrix Virtual Apps and Desktops and Citrix DaaSLog off user
Unusual access from a suspicious IPWhen the Suspicious logon and Logon from suspicious IP risk indicators are triggeredCitrix GatewayLock user
First time access from deviceWhen the CVAD- First time access from new device risk indicator is triggeredCitrix Virtual Apps and Desktops and Citrix DaaSRequest end user response
Impossible travel on accessWhen the Impossible Travel risk indicator is triggered.Citrix Virtual Apps and Desktops and Citrix DaaSRequest end user response
Impossible travel on authenticationWhen the Impossible Travel risk indicator is triggered.Citrix GatewayRequest end user response
Impossible travelWhen the Impossible Travel risk indicator is triggered.Citrix Content CollaborationRequest end user response

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:80 次

字数:8848

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文