The massive shift to remote work and adoption of new technologies to support distributed workforces during the COVID-19 pandemic expanded the attack surface, creating challenges for organizations that were trying to enable access to essential resources and to keep employees and corporate assets safe from cyberattacks.

On top of that, the situation in Ukraine has created governance concerns around remote employee well-being, including access to adequate healthcare and organizational support for rescue/relief and evacuation.

Key Organizational Challenges: Governance and Security

As organizations look to manage these challenges, their first focus is on obtaining visibility into their employees’ whereabouts — are they in a safe location and are they active? Corporate human resources and governance teams are looking to this information to mobilize support and achieve needed levels of audit and assurance for the safety of employees.

These governance challenges are further compounded by cybersecurity concerns that emerge as bad actors look to fish in troubled waters through phishing, data exfiltration, and ransomware attacks across social media, email, and enterprise collaboration platforms. These threats create serious concerns in sectors such as energy, healthcare, supply chain, banking and finance, defense, and government.

Visibility, Insights into Employee Usage and Behaviors

Citrix Analytics for Security can help organizations protect employees and corporate assets by leveraging and aggregating Citrix data across products and using AI/ML-based models to provide essential visibility and threat intelligence. This includes:

  • Assurance dashboards that provide visibility into logins, with data organized by network details, locations, and highly active geo zones.
  • The ability to create geo-fencing and watchlist policies for employees to control access and surface visibility.
  • User behavioral analytics that can help organizations detect insider risk signals around a user’s access (based on device, location, authentication, IP indicators, and more).

Let’s look at how Citrix Analytics for Security can help organizations protect employees from bad actors and keep digital assets secure, even in times of crisis and uncertainty.

Access Assurance and Visibility Based on User Access

We recently released our Access Assurance dashboard, which helps to provide assurance that your workers are accessing Citrix Virtual Apps and Desktops from their usual, safe locations. If any of your employees log on from an unsafe location or from outside geo-fenced locations, you can review the logon details. You can use this information to track and provide appropriate guidance and advisories to help them transition to safe locations.

Geo-fencing, Watchlist Policy, and Reporting

Geofencing helps you to identify the employees who access Citrix Virtual Apps and Desktops from outside your predefined areas, including areas that are unsafe.

You can pair this with a policy or a remedial action based on end-to-end user feedback from affected employees. You can either configure policies to apply an action on the user’s account automatically or apply a specific action manually from the user’s risk timeline.

The Citrix Analytics actions framework provides responses to suspicious events that prevent future anomalous events from occurring. You can apply actions on employee user accounts that display unusual or suspicious behavior, limiting risks to vulnerable accounts.

Governance Reports for Employee Application, Authentication, and Usage Data

Use Citrix Analytics for Security’s self-service search to filter data and download reports on employee user events corresponding to their application usage, activities, and actions. Examples of virtual apps and desktop user events are session/account logon and app start/end. You can also download events data as CSV reports or save this query for recurring audits.

User Behavioral Analytics (UEBA) Detect Insider Risks

Citrix Analytics for Security detects a user’s logons that appear unusual or risky based on multiple contextual factors used by the employee user. The risk indicator is triggered by a combination of factors such as unusual device, application, location, network and known threats to IP that could be deemed suspicious.

Citrix Analytics detects access-based threats when a user has logon failures from an unusual IP address and triggers the corresponding risk indicator. The logon-failure-based risk indicators provide insights into attempts at brute force attack or credential stuffing to compromise a user endpoint and gain access into critical organization information, resources, and services. Credential stuffing is a cyberattack where bad actors catalog and re-use credentials from an existing data breach to compromise another service.

Review our other risk indicators and threat-detection capabilities for compromised users, endpoints, data exfiltration, and Insider threats.

Stay Vigilant, Stay Safe

As organizations globally continue to navigate the pandemic and the situation in Ukraine, employee safety is paramount. Citrix Analytics for Security is helping organizations keep a constant eye on what an employee can access, as well as their online activity and their safety. At the same time, it’s helping IT security operations to uncover insider threats, data exfiltration attempts, and other targeted attacks in the cloud and across enterprise networks.

Learn more about Citrix Analytics for Security. And try it today! If you’re not already a customer, you can sign up for a trial at analytics.cloud.com.