{"id":66012,"date":"2023-08-29T17:00:00","date_gmt":"2023-08-29T21:00:00","guid":{"rendered":"http:\/\/74d2948405.nxcli.io\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/"},"modified":"2025-02-18T05:57:29","modified_gmt":"2025-02-18T10:57:29","slug":"142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time","status":"publish","type":"post","link":"https:\/\/xentegra.com\/hi\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/","title":{"rendered":"142: The Citrix Session: Strengthening your Citrix security, one feature at a time"},"content":{"rendered":"<p><iframe loading=\"lazy\" src=\"https:\/\/www.buzzsprout.com\/670066\/episodes\/13492152-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time?iframe=true\" scrolling=\"no\" width=\"100%\" height=\"200\" frameborder=\"0\" style=\"width: 100%;height: 200px\"><\/iframe><\/p>\n<p>We\u2019ve released a variety of Citrix security features over the past few months that improve security in the cloud, on-premises, and in hybrid environments. Working to make Citrix solutions work for you is our number one priority. We listened to your feedback, and we know that features that power your secure Zero Trust environment, no matter where your desktops are hosted, are the most important to your business. So we built our <a href=\"https:\/\/www.citrix.com\/lp\/destination-hybrid.html\">Destination: Hybrid<\/a> product roadmap around more security.\u00a0<\/p>\n<p>We\u2019re prioritizing the development of features that make your environment even more secure and compliant. New features have rolled out for a number of our solutions, including Anti-DLL injection and granular security controls for App Protection, an on-premises version of Secure Private Access, and upgrade scheduling and on-premises upgrades for Session Recording. Even better, you can access all of these features through the <a href=\"https:\/\/www.citrix.com\/products\/citrix-daas\/resources\/citrix-universal-subscription.html\">Citrix Universal subscription<\/a>.\u00a0<\/p>\n<p>With Destination: Hybrid, we\u2019re delivering more tools, and more controls across our suite of technologies to create a single platform for Zero Trust app access. And we will continue to make security improvements for you as part of our security and compliance improvement initiatives. Read on for more on how your environment is more secure than ever with features to protect you against old and new threats.\u00a0<\/p>\n<p>\u0939\u094b\u0938\u094d\u091f: \u090f\u0902\u0921\u0940 \u0935\u094d\u0939\u093e\u0907\u091f\u0938\u093e\u0907\u0921<br \/>\u0938\u0939-\u092e\u0947\u091c\u092c\u093e\u0928: \u0917\u0947\u0930\u0947\u092e\u0940 \u092e\u0947\u092f\u0930\u094d\u0938<br \/>\u0938\u0939-\u092e\u0947\u091c\u092c\u093e\u0928: \u091f\u0949\u0921 \u0938\u094d\u092e\u093f\u0925<\/p>\n<div class=\"transcript\">\n<p><!--block-->\u0935\u0947\u092c\u0935\u0940\u091f\u0940\u091f\u0940<\/p>\n<p>1<br \/>00:00:01.990 &#8211;&gt; 00:00:10.730<br \/>Andy Whiteside: Hello, everyone! Welcome to episode 1 41 of the Citrix session. I&#8217;m your host. Andy Whiteside today is August 20, eighth, 2023.<\/p>\n<p>2<br \/>00:00:10.850 &#8211;&gt; 00:00:16.220<br \/>Andy Whiteside: And we&#8217;re gonna re be reviewing a security blog, as it relates to Citrix.<\/p>\n<p>3<br \/>00:00:16.329 &#8211;&gt; 00:00:44.879<br \/>Andy Whiteside: which, if you ask me, the number one way to secure an environment is to present, not deploy what you&#8217;re doing and a lot of security folks aren&#8217;t that way. But I believe it is a major step in security environments gonna review a blog by Monica Gristmar, who&#8217;s been on with us multiple times. The name of the blog is strengthening your Citrix security. One feature at a time, I would say, strengthening your security in general. But in this case around Citrix got Todd Smith on with me, Todd, how&#8217;s it going?<\/p>\n<p>4<br \/>00:00:44.910 &#8211;&gt; 00:00:46.890<br \/>Todd Smith: I&#8217;m doing well, Andy, how are you? Day?<\/p>\n<p>5<br \/>00:00:46.970 &#8211;&gt; 00:00:55.700<br \/>Andy Whiteside: It&#8217;s good, it&#8217;s good. You&#8217;re making a reference to your cabin in on your farm, and the fact that you bought a cot wasn&#8217;t the built for a guy that&#8217;s 6 8<\/p>\n<p>6<br \/>00:00:56.260 &#8211;&gt; 00:01:03.520<br \/>Todd Smith: no, it&#8217;s a couple of issues too short. So I&#8217;m actually looking at the the excel version the extra long.<\/p>\n<p>7<br \/>00:01:03.680 &#8211;&gt; 00:01:04.670<br \/>Andy Whiteside: Now.<\/p>\n<p>8<br \/>00:01:04.790 &#8211;&gt; 00:01:09.329<br \/>Andy Whiteside: Okay, I wanna pick on you real quick. You you knew this was gonna be a problem, right?<\/p>\n<p>9<br \/>00:01:09.400 &#8211;&gt; 00:01:19.900<br \/>Todd Smith: I did. But it was it to? To my, to my defense? I did look for one that was already designed for extra tall people, but it wasn&#8217;t extra tall enough.<\/p>\n<p>10<br \/>00:01:21.020 &#8211;&gt; 00:01:28.190<br \/>Andy Whiteside: You&#8217;re extra. I&#8217;m extra tall. Jeremy&#8217;s tall. I&#8217;m extra tall, and you&#8217;re extra extra extra tall.<\/p>\n<p>11<br \/>00:01:28.510 &#8211;&gt; 00:01:35.830<br \/>Geremy Meyers: Yeah, I&#8217;m not used to being the shortest guy in the room, but when I&#8217;m in the room with you guys, I have to look up. It&#8217;s not. It&#8217;s different, that&#8217;s all.<\/p>\n<p>12<br \/>00:01:36.090 &#8211;&gt; 00:01:38.409<br \/>Andy Whiteside: Well, if it makes you feel better, I&#8217;m pretty sure I&#8217;m shrinking.<\/p>\n<p>13<br \/>00:01:39.970 &#8211;&gt; 00:01:48.480<br \/>Andy Whiteside: I&#8217;m getting skinnier. So that was the voice of Jeremy Myers, Jeremy Jeremy runs the technical team on the partner side at Cloud software group.<\/p>\n<p>14<br \/>00:01:48.550 &#8211;&gt; 00:01:50.290<br \/>Andy Whiteside: Jeremy, what&#8217;s going on your world?<\/p>\n<p>15<br \/>00:01:50.590 &#8211;&gt; 00:02:04.070<br \/>Geremy Meyers: Oh, man, not too much. All my my daughter started high school today. So that was a big move. So we live 5&nbsp;min from the school, and yet it still took a half an hour. So we did. The you know, dropped her off. I was in the car line, so that part of me that&#8217;s my!<\/p>\n<p>16<br \/>00:02:04.390 &#8211;&gt; 00:02:09.570<br \/>Geremy Meyers: I thought it was going to be my 7&nbsp;min of a long time with my daughter ended up being a half an hour, which is not terrible.<\/p>\n<p>17<br \/>00:02:09.889 &#8211;&gt; 00:02:13.270<br \/>Andy Whiteside: I assume it gets better over time.<\/p>\n<p>18<br \/>00:02:13.370 &#8211;&gt; 00:02:16.810<br \/>Geremy Meyers: I think it does. I hope it does. Yeah.<\/p>\n<p>19<br \/>00:02:16.940 &#8211;&gt; 00:02:23.439<br \/>Andy Whiteside: So let me ask you guys, when we jump into the blog, do you? Do you agree to with me that if you can present<\/p>\n<p>20<br \/>00:02:23.760 &#8211;&gt; 00:02:29.310<br \/>Andy Whiteside: through a single point in the firewall or single hole in the environment<\/p>\n<p>21<br \/>00:02:29.670 &#8211;&gt; 00:02:45.510<br \/>Andy Whiteside: over a very capable protocol. Everything the users are trying to do, and you have a resiliency on the back end that reboots to back to a gold image for a lot of the stuff. Or maybe it&#8217;s a one time launch of an application. And then the image that was running in gets destroyed afterwards<\/p>\n<p>22<br \/>00:02:45.550 &#8211;&gt; 00:02:48.200<br \/>Andy Whiteside: is is, are those security plays to you guys<\/p>\n<p>23<br \/>00:02:49.250 &#8211;&gt; 00:03:15.309<br \/>Geremy Meyers: 1, 100%. So when you talk to any security team. They&#8217;ll tell you that security is a layered approach. Right? So you need to have multiple things that play into that. And that&#8217;s a pretty powerful couple of layers, you know. So just from the from the layer perspective, you know, having that one pinhole only presenting, not deploying. That&#8217;s a pretty big layer, but even just containing any sort of you know security incident. You know the fact that you can roll back to a gold image<\/p>\n<p>24<br \/>00:03:15.350 &#8211;&gt; 00:03:19.570<br \/>Geremy Meyers: is a pretty powerful tool as well, and if those are the only 2 you used out of Citrix Stack.<\/p>\n<p>25<br \/>00:03:19.890 &#8211;&gt; 00:03:23.430<br \/>Geremy Meyers: you know, highly powerful. There&#8217;s a lot more we can do. But<\/p>\n<p>26<br \/>00:03:23.720 &#8211;&gt; 00:03:25.049<br \/>Geremy Meyers: I mean, absolutely.<\/p>\n<p>27<br \/>00:03:25.280 &#8211;&gt; 00:03:34.189<br \/>Todd Smith: Yeah. And you just touched on the the control aspects of it, not not including all of the monitoring, reporting<\/p>\n<p>28<br \/>00:03:34.480 &#8211;&gt; 00:03:35.580<br \/>Todd Smith: and<\/p>\n<p>29<br \/>00:03:36.160 &#8211;&gt; 00:03:44.509<br \/>Todd Smith: the the adjusting, you know, being able to adjust that user experience, but also the security requirements based on<\/p>\n<p>30<br \/>00:03:44.880 &#8211;&gt; 00:03:48.309<br \/>Todd Smith: the the goal of reducing those threat vectors that are out there.<\/p>\n<p>31<br \/>00:03:48.610 &#8211;&gt; 00:03:53.180<br \/>Todd Smith: I think that&#8217;s another critical component of what we&#8217;re trying to do here.<\/p>\n<p>32<br \/>00:03:53.740 &#8211;&gt; 00:04:00.200<br \/>Andy Whiteside: And I think in the blob, we&#8217;re gonna talk about things like secure private access and session recording and other things, too. And I mean, those are.<\/p>\n<p>33<br \/>00:04:00.220 &#8211;&gt; 00:04:08.680<br \/>Andy Whiteside: or at least we&#8217;re gonna reference them, those those are massive security things within the security of just the overall concept. Now, now, if I were to say Todd and Jeremy.<\/p>\n<p>34<br \/>00:04:08.740 &#8211;&gt; 00:04:13.350<br \/>Andy Whiteside: most customers I run into don&#8217;t use a presentation approach<\/p>\n<p>35<br \/>00:04:13.670 &#8211;&gt; 00:04:21.909<br \/>Andy Whiteside: as one of their layers, because it&#8217;s a security play. They use it because it&#8217;s the best way to make bad applications behave better. What would you say?<\/p>\n<p>36<br \/>00:04:22.710 &#8211;&gt; 00:04:24.910<br \/>Todd Smith: I would agree with that? Yeah.<\/p>\n<p>37<br \/>00:04:25.220 &#8211;&gt; 00:04:28.769<br \/>Geremy Meyers: I would say, yes, I think that&#8217;s how it started to be fair. I think that&#8217;s how<\/p>\n<p>38<br \/>00:04:29.260 &#8211;&gt; 00:04:40.779<br \/>Geremy Meyers: you know, application virtualization was initially pitched. Right. So think about 25 years ago, would we have? We had dial up right? We had worse than dial up in some cases we actually had dialing into servers, you know. So<\/p>\n<p>39<br \/>00:04:40.950 &#8211;&gt; 00:04:55.410<br \/>Geremy Meyers: I know. Andy and Todd were both in an error. We had this Digi cards in the back of a server where you actually dialed into the server? Right? So that was the initial use case. You take a fat client server app and you want to do that across dial get out of here right? And I think that&#8217;s where the initial use case<\/p>\n<p>40<br \/>00:04:55.490 &#8211;&gt; 00:04:58.689<br \/>Geremy Meyers: made sense. You you layer on thin clients.<\/p>\n<p>41<br \/>00:04:58.730 &#8211;&gt; 00:05:15.609<br \/>Geremy Meyers: If folks think of that, less of a security plan in some cases, and more of a low cost. Endpoint use case which, by the way, is still valid. But you know, when we talk about cost savings, and that being a big part of it. You know, I think what gets bypassed. You&#8217;re absolutely right. Is the security piece to this.<\/p>\n<p>42<br \/>00:05:17.230 &#8211;&gt; 00:05:22.209<br \/>Andy Whiteside: Yeah, I like to think that when I first saw an application launch through presentation whatever.<\/p>\n<p>43<br \/>00:05:22.320 &#8211;&gt; 00:05:35.570<br \/>Andy Whiteside: I immediately thought, hey, this is security play. I in H. In hindsight. I like to think I thought that, and maybe I did but it sure has proven itself to be over the years and then layer in, you know, an up, a non persistent image.<\/p>\n<p>44<br \/>00:05:35.640 &#8211;&gt; 00:05:45.749<br \/>Andy Whiteside: which I have lots of debates by myself sometimes about non persistent versus persistent. I want to go non persistent. Anytime I can. I&#8217;ll go persist, and if it means moving forward and not getting stuck. But<\/p>\n<p>45<br \/>00:05:46.560 &#8211;&gt; 00:06:02.500<br \/>Geremy Meyers: so so let&#8217;s ask this one, Andy. So we see this deployment, and it&#8217;s not uncommon. It&#8217;s let me fire up my VPN. And then, once my VPN. Is up, then I&#8217;m going to fire off my citrix session right now. Granted, let&#8217;s forget Adc. For a second. Let&#8217;s forget Netscaler and the gateway and the proxy. But the fact that<\/p>\n<p>46<br \/>00:06:02.530 &#8211;&gt; 00:06:07.770<br \/>Geremy Meyers: you know the the folks are thinking, hey, you know what? I&#8217;ve gotta fire up a VPN. Before I can do this application presentation.<\/p>\n<p>47<br \/>00:06:07.880 &#8211;&gt; 00:06:18.399<br \/>Geremy Meyers: Just tells you the folks aren&#8217;t necessarily thinking of it as a security layer, if you will. Yeah, I mean, did you add an extra layer that didn&#8217;t need to be there, and it made it less secure. That&#8217;s craziness.<\/p>\n<p>48<br \/>00:06:19.700 &#8211;&gt; 00:06:21.090<br \/>Andy Whiteside: So<\/p>\n<p>49<br \/>00:06:21.310 &#8211;&gt; 00:06:25.810<br \/>Andy Whiteside: let me come to both of you guys and say, what, what&#8217;s the point in this blog, Todd, do you want to go first.<\/p>\n<p>50<br \/>00:06:26.450 &#8211;&gt; 00:06:38.379<br \/>Todd Smith: Yeah. So I think, I think the main point that we&#8217;re trying to trying to talk about is blog is is really some of the advances that have been introduced.&nbsp; over the past year.<\/p>\n<p>51<br \/>00:06:38.480 &#8211;&gt; 00:06:45.170<br \/>Todd Smith: specific to security. And it&#8217;s not a we have to deploy all these capabilities<\/p>\n<p>52<br \/>00:06:45.330 &#8211;&gt; 00:06:55.510<br \/>Todd Smith: you can pick and choose. I mean, obviously, if you deploy all of them, and if utilize all these advances, then it&#8217;s a So it&#8217;s a better story.<\/p>\n<p>53<br \/>00:06:55.600 &#8211;&gt; 00:07:01.030<br \/>Todd Smith: But you don&#8217;t have to go down. you know, kind of pick with pick and choose what applies to you<\/p>\n<p>54<br \/>00:07:01.630 &#8211;&gt; 00:07:14.409<br \/>Andy Whiteside: your individual requirements in your individual situations. So this is beyond the conversation we were just having about whether you see this as if you&#8217;re going to do this. Then there&#8217;s things you need to consider turning on in that scenario. Yep.<\/p>\n<p>55<br \/>00:07:15.180 &#8211;&gt; 00:07:17.160<br \/>Andy Whiteside: Jeremy, your thoughts on the overall idea here.<\/p>\n<p>56<br \/>00:07:17.550 &#8211;&gt; 00:07:39.849<br \/>Geremy Meyers: So I think there are a couple of additional layers. That get introduced here. So number one, you know what you just described in presenting an app versus deploying is great, right? But at the end of the day we still aren&#8217;t. What&#8217;s a good way to say this locking down that endpoint, you know you&#8217;ve got the workspace app running on the endpoint. The first thing we talk about. Here are some things around something called app protection, and the idea is.<\/p>\n<p>57<br \/>00:07:40.010 &#8211;&gt; 00:08:02.179<br \/>Geremy Meyers: you know, at the end of the day I still have to enter in my password on that local endpoint. You know, I still am sharing looking at the screen. In some cases. Because I&#8217;ve had this app presented to me, I could be on a teams call where someone could see. You know. What application I have running the idea is, is, can we add some additional layers of security on that endpoint, and there&#8217;s 2 in particular that we&#8217;ve had for probably 2 or 3 years. Now<\/p>\n<p>58<br \/>00:08:02.240 &#8211;&gt; 00:08:18.499<br \/>Geremy Meyers: one is we can help with key login. You start typing your password into, you know, virtual session, or even the workspace app itself to log in. We can obfuscate, which is a very hard word to say that that password that you type in. So if you had a key log or running, if your endpoint was compromised.<\/p>\n<p>59<br \/>00:08:18.520 &#8211;&gt; 00:08:34.409<br \/>Geremy Meyers: you could see what that password was same thing for sharing your screen. So you&#8217;ve got a virtual app running. You were sharing your screen on a team session. You could actually keep folks within that team session from seeing what that virtual app is doing. Right. So again, another layer and protecting the information that might be.<\/p>\n<p>60<br \/>00:08:34.440 &#8211;&gt; 00:08:44.300<br \/>Geremy Meyers: Yeah, you might be running right. So the idea is, we&#8217;ve added 2 additional layers, and we&#8217;ve added something fairly recent, which is called anti dll injection, which, again.<\/p>\n<p>61<br \/>00:08:44.320 &#8211;&gt; 00:08:58.309<br \/>Geremy Meyers: if you&#8217;ve got a compromised endpoint. Something could introduce things like malware which at the end of the day is not going to impact your your hosted session. So something running out of the data center. But it could pick impact the endpoint. You know, there&#8217;s another way we can wrap on top of this.<\/p>\n<p>62<br \/>00:08:58.610 &#8211;&gt; 00:09:25.199<br \/>Andy Whiteside: So I wanna go back to the conversation around key logging and and Logos, or imaging on the screen like watermarking. I mean those up until you said it like 2 years ago. Those were like the far reaching things we could we could not prevent in in the delivered session. And then, 2 or 3 years ago that was solved. And now we move on to more advanced things. Todd, have you seen people adopting the the key logging and the and the water marking as much as you thought they would.<\/p>\n<p>63<br \/>00:09:25.590 &#8211;&gt; 00:09:28.050<br \/>Todd Smith: Yeah. And I think this is something that<\/p>\n<p>64<br \/>00:09:28.170 &#8211;&gt; 00:09:32.939<br \/>Todd Smith: it&#8217;s starting to become. A normal practice is to<\/p>\n<p>65<br \/>00:09:33.180 &#8211;&gt; 00:09:40.589<br \/>Todd Smith: make sure that that organizations are protected from key logging. Right? So they&#8217;re either putting it and installing it on<\/p>\n<p>66<br \/>00:09:40.650 &#8211;&gt; 00:09:42.289<br \/>Todd Smith: end point devices<\/p>\n<p>67<br \/>00:09:42.310 &#8211;&gt; 00:09:55.879<br \/>Todd Smith:&nbsp; through through the common. It managed devices that are out there but we&#8217;re also seeing it, you know. People want to see that built into their into their products. And there&#8217;s the services that they&#8217;re consuming.<\/p>\n<p>68<br \/>00:09:56.000 &#8211;&gt; 00:09:59.099<br \/>Todd Smith: Right? So how do I know that it&#8217;s not being<\/p>\n<p>69<br \/>00:09:59.600 &#8211;&gt; 00:10:06.580<br \/>Todd Smith: that there&#8217;s not a key log or put into the the web service? Right. So a lot of the security<\/p>\n<p>70<br \/>00:10:06.660 &#8211;&gt; 00:10:14.620<br \/>Todd Smith: consultants that are out there. That&#8217;s one of the things they&#8217;re looking at when they review websites. Right? Does it? Is that susceptible to key logging.<\/p>\n<p>71<br \/>00:10:14.830 &#8211;&gt; 00:10:25.829<br \/>Todd Smith: So you&#8217;re talking about it on the endpoints. But you&#8217;re also talking on anyone who&#8217;s providing you a service. And it&#8217;s more than just putting in the secure connection or the secure session.<\/p>\n<p>72<br \/>00:10:25.840 &#8211;&gt; 00:10:29.550<br \/>Todd Smith: It&#8217;s actually looking at that one level deeper.<\/p>\n<p>73<br \/>00:10:29.720 &#8211;&gt; 00:10:41.179<br \/>Todd Smith: so we&#8217;re seeing a lot of that. We&#8217;re also seeing a lot of folks. And this a lot of this is based on the jurisdiction that the customer resides in, or whether they&#8217;re delivering their service from.<\/p>\n<p>74<br \/>00:10:41.290 &#8211;&gt; 00:10:44.629<br \/>Todd Smith: and that is around is a watermark.<\/p>\n<p>75<br \/>00:10:44.910 &#8211;&gt; 00:11:00.489<br \/>Todd Smith: Does that on your screen automatically give you an additional protection. And more specifically, legal protection right? Is that now considered intellectual property is that now considered a trademark or a service mark? Is there?<\/p>\n<p>76<br \/>00:11:00.620 &#8211;&gt; 00:11:05.379<br \/>Todd Smith: Is there information we can put inside that watermark to<\/p>\n<p>77<br \/>00:11:05.590 &#8211;&gt; 00:11:11.180<br \/>Todd Smith: to make sure that you know if someone does do a screen capture or someone does do<\/p>\n<p>78<br \/>00:11:11.490 &#8211;&gt; 00:11:21.410<br \/>Todd Smith: a you know, a photograph of that screen is that is that protected under, you know, either copyright or other types of legal protections that are out there.<\/p>\n<p>79<br \/>00:11:21.730 &#8211;&gt; 00:11:28.209<br \/>Andy Whiteside: Yeah, I mean at at a minimum, putting your stamp on it, which is basically you&#8217;re doing there shows some degree of ownership that<\/p>\n<p>80<br \/>00:11:28.410 &#8211;&gt; 00:11:32.609<br \/>Todd Smith: if you took it it wasn&#8217;t by accident. You you knew you took it.<\/p>\n<p>81<br \/>00:11:32.810 &#8211;&gt; 00:11:43.040<br \/>Andy Whiteside: Yeah. So for me, Todd, so let me guess the question again. Have you seen so II know we love it. I know it makes sense. Have you seen widespread adoption of those 2 things.<\/p>\n<p>82<br \/>00:11:43.050 &#8211;&gt; 00:11:48.530<br \/>Andy Whiteside: and if you could kind of quantify your answer, have you seen white option of it?<\/p>\n<p>83<br \/>00:11:48.630 &#8211;&gt; 00:12:00.280<br \/>Todd Smith: So? So I&#8217;ve seen more widespread adoption in the the key anti key logging requirements that are out there and probably widespread is, you know, it&#8217;s between the 40 and 50%<\/p>\n<p>84<br \/>00:12:00.630 &#8211;&gt; 00:12:12.140<br \/>Todd Smith: mark of customers. The screen capture or not. Sorry. The watermarking is a little bit more or or less widespread.<\/p>\n<p>85<br \/>00:12:12.410 &#8211;&gt; 00:12:15.399<br \/>Todd Smith: but it is a little bit more in specific<\/p>\n<p>86<br \/>00:12:15.470 &#8211;&gt; 00:12:20.440<br \/>Todd Smith: used cases. So specific industries. We&#8217;re seeing the<\/p>\n<p>87<br \/>00:12:20.490 &#8211;&gt; 00:12:25.359<br \/>Todd Smith: the watermarks being put into, you know, healthcare and banking as an example.<\/p>\n<p>88<br \/>00:12:26.670 &#8211;&gt; 00:12:41.650<br \/>Andy Whiteside: Usually I asked that question because I thought when we had those 2 boxes checked after all these years, that the security guys, I would not have to convince them this was a security play anymore that that would make it obvious to them. It was. And I&#8217;m still having, I&#8217;ll say, polite arguments with security folks<\/p>\n<p>89<br \/>00:12:41.770 &#8211;&gt; 00:12:55.829<br \/>Andy Whiteside: trying to point out that this layered approach that includes deliver versus deploy is a massive step towards securing an environment, and you know the watermarking and the key logging did not bring them in my direction as as much as I thought it would.<\/p>\n<p>90<br \/>00:12:57.310 &#8211;&gt; 00:13:06.169<br \/>Todd Smith: and I think this goes back to the arguments that occur in in most organizations between the operational side and the security side<\/p>\n<p>91<br \/>00:13:06.330 &#8211;&gt; 00:13:19.150<br \/>Todd Smith: operations and administrators, administrators sometimes will look at the overhead associated with adding a key and adding an anti key logger, or adding in that session of watermarking<\/p>\n<p>92<br \/>00:13:19.360 &#8211;&gt; 00:13:25.150<br \/>Todd Smith:&nbsp; into the environment. Right? It it does add some overhead in some cases, especially<\/p>\n<p>93<br \/>00:13:25.190 &#8211;&gt; 00:13:29.939<br \/>Todd Smith: several years ago, when we first introduced it, there was there was some additional overhead required.<\/p>\n<p>94<br \/>00:13:30.050 &#8211;&gt; 00:13:36.579<br \/>Todd Smith:&nbsp; so sometimes the you know, unless you were talking directly to the security folks.<\/p>\n<p>95<br \/>00:13:36.680 &#8211;&gt; 00:13:42.000<br \/>Todd Smith: That message sometimes got, you know, either watered down or left out completely.<\/p>\n<p>96<br \/>00:13:42.670 &#8211;&gt; 00:13:43.620<br \/>Geremy Meyers: So<\/p>\n<p>97<br \/>00:13:44.000 &#8211;&gt; 00:14:11.360<br \/>Geremy Meyers: you know I&#8217;ll I&#8217;ll say it this way. You know I do. We have customers who are using presented applications presented desktops as a security play. Yes, in fact, it&#8217;s a pretty significant deployment. We see a lot. But you gotta think about where this technology sits within the organization sometimes. So, for instance, a lot of organizations are leveraging this from the application development or the application. You know. Department folks who manage apps are the ones who own Citrix.<\/p>\n<p>98<br \/>00:14:11.480 &#8211;&gt; 00:14:22.670<br \/>Geremy Meyers: and so it becomes more of an application delivery play to your point, originally and less of a security play. So we&#8217;re gonna let the apps guys do what they do. And we&#8217;re gonna have the security team come in behind and protect<\/p>\n<p>99<br \/>00:14:22.750 &#8211;&gt; 00:14:27.280<br \/>Geremy Meyers: what the app guys are doing like that is some pretty classic mentality that I see a lot<\/p>\n<p>100<br \/>00:14:27.380 &#8211;&gt; 00:14:45.790<br \/>Geremy Meyers: now, having said all that we do have some folks who have been compromised where they come to us and go. Hey, we&#8217;ve got to find a better way to do this. You know, we wanna quit putting stuff on our endpoints because we were. We had a ransomware attack that started from an endpoint across a VPN. All right, we can&#8217;t do this anymore. Let&#8217;s pick a better, better way to do this, and so they&#8217;ll present the apps. And all of a sudden it kind of clicks.<\/p>\n<p>101<br \/>00:14:45.790 &#8211;&gt; 00:15:00.100<br \/>Geremy Meyers: But a lot of times. It&#8217;s just where does Citrix sit within the organization is gonna define how it gets looked at from within the organization until you have a leadership change where you know, someone comes in and goes. This is going to be a part of our strategy. It&#8217;s gonna take that sometimes to to make the switch.<\/p>\n<p>102<br \/>00:15:00.240 &#8211;&gt; 00:15:00.970<br \/>\u0939\u093e\u0902.<\/p>\n<p>103<br \/>00:15:01.270 &#8211;&gt; 00:15:04.179<br \/>Andy Whiteside: and somebody&#8217;s got to be looking for where there&#8217;s layers<\/p>\n<p>104<br \/>00:15:04.590 &#8211;&gt; 00:15:18.410<br \/>Andy Whiteside: of what we&#8217;ve been doing, how we can make those more secure matter or matter more or less. Let me give you an example. Going back to the whole original conversation around Citrix being Citrix and presentation type, things versus deploying being a Security Todd<\/p>\n<p>105<br \/>00:15:18.820 &#8211;&gt; 00:15:40.980<br \/>Todd Smith: are. Do you remember when you used to go to a safe deposit box at the bank and they would take you into the vault where the deposit boxes were, and you would get out whatever you get out right there in the vault. Did did you ever experience that? Yes, yep, and oftentimes the bank manager had a key, and I had a key.<\/p>\n<p>106<br \/>00:15:41.100 &#8211;&gt; 00:15:52.480<br \/>Todd Smith: The bank I used to do business with. We&#8217;d actually go into a separate small little room, and then I wouldn&#8217;t be left in the room with the contents of the box, and then, when I was done, we&#8217;d go. We would then go in.<\/p>\n<p>107<br \/>00:15:53.220 &#8211;&gt; 00:16:03.889<br \/>Todd Smith: put the, you know, slide the box back in the vault, and then both turn the keys at the same time. In order to lock it back in right? So that was, that was a very traditional.<\/p>\n<p>108<br \/>00:16:04.110 &#8211;&gt; 00:16:07.920<br \/>Todd Smith: you know. It required 2 different people with 2 different keys.<\/p>\n<p>109<br \/>00:16:08.230 &#8211;&gt; 00:16:16.170<br \/>Todd Smith:&nbsp; going through multiple different physical security barriers to get into the vault, to actually go there.<\/p>\n<p>110<br \/>00:16:16.650 &#8211;&gt; 00:16:19.330<br \/>Todd Smith: Now they didn&#8217;t care about what the contents were.<\/p>\n<p>111<br \/>00:16:19.560 &#8211;&gt; 00:16:39.420<br \/>Todd Smith: but they did care about the overarching packet in the containerization of the content. Well, and I may be wrong here because I haven&#8217;t done that forever. But I&#8217;m under the impression you don&#8217;t go in the vault with them anymore. They just bring the box to you. Is that, or am I wrong? Do you? Actually, you know what II can&#8217;t tell you, because I haven&#8217;t<\/p>\n<p>112<br \/>00:16:39.450 &#8211;&gt; 00:16:51.090<br \/>Todd Smith: the security box and say, deposit box in a while. I&#8217;m just going back on what it what it used to be, but you know. Think about it, banks were the banks, oftentimes were the the leading.<\/p>\n<p>113<br \/>00:16:51.350 &#8211;&gt; 00:17:00.760<br \/>Todd Smith:&nbsp; you know they they set the standard for a lot of these security measures that are still in place today, for sure, Jeremy, you know, have you gone to a site deposit box?<\/p>\n<p>114<br \/>00:17:01.350 &#8211;&gt; 00:17:21.559<br \/>Geremy Meyers: I have never been to a safe deposit mark. Yeah, yeah, no. I do remember the goofy looking team my parents had. But I never witnessed that first hand. Okay, so my analogy is not gonna play out here. But I think back in the day you actually got to go in the vault. I remember going in the vault. I mean, I can see money is all locked up. But yeah, these days, when I think, Citrix, you never go in the vault. You see the vault.<\/p>\n<p>115<br \/>00:17:21.770 &#8211;&gt; 00:17:39.729<br \/>Andy Whiteside: but you never go in the vault, and that&#8217;s an extra layer of security that just makes it almost impossible to do a lot of bad things alright. So Jeremy covered anti Dll injection. Todd, you wanna you wanna just cover it again real quick. That kind of brought us back. And now we&#8217;re going forward again. Your take on anti Dll injection as a additional security play.<\/p>\n<p>116<br \/>00:17:39.770 &#8211;&gt; 00:17:46.420<br \/>Todd Smith: Yeah. So so it obviously isn&#8217;t an additional, you know, it&#8217;s it&#8217;s an additional feature that can be turned off and turned on.<\/p>\n<p>117<br \/>00:17:46.470 &#8211;&gt; 00:17:52.689<br \/>Todd Smith: Based on what you want to do. And you know, Dlls have always been a challenge, right? Especially where?<\/p>\n<p>118<br \/>00:17:53.100 &#8211;&gt; 00:18:03.550<br \/>Todd Smith: The user doesn&#8217;t certain the user certainly doesn&#8217;t understand what a Dll is. Developers are getting and using Dlls from all over the place.<\/p>\n<p>119<br \/>00:18:03.850 &#8211;&gt; 00:18:12.250<br \/>Todd Smith: And oftentimes, you know, we don&#8217;t have that much interaction anymore with the operating systems that are opening and closing these. Dll&#8217;s. So<\/p>\n<p>120<br \/>00:18:12.430 &#8211;&gt; 00:18:19.300<br \/>Todd Smith: you know, we&#8217;ve got to have some way of saying, yes, this is above, or this is outside of normal operating parameters.<\/p>\n<p>121<br \/>00:18:19.640 &#8211;&gt; 00:18:22.269<br \/>Todd Smith: And this is one of those things that can really help with this<\/p>\n<p>122<br \/>00:18:24.100 &#8211;&gt; 00:18:28.079<br \/>Andy Whiteside: Jeremy. Anything else to add to the Dll conversation. So<\/p>\n<p>123<br \/>00:18:28.520 &#8211;&gt; 00:18:57.239<br \/>Geremy Meyers: II think so. Going back to the Security plan the layers, you know. The idea is we should not have to leverage anti dll injection. You know there should be some protection that security team is authorized to put on the endpoint that should catch screen loggers, is it. You know, rogue applications that are gonna inject a dll that should be caught. This is the backup plan, right? This is the additional layer which, by the way, is probably already included with most customers. So if you&#8217;re a daz premium daz premium plus customer.<\/p>\n<p>124<br \/>00:18:57.390 &#8211;&gt; 00:19:03.529<br \/>Geremy Meyers: you&#8217;ve already got this right so it shouldn&#8217;t stop you to go. Turn this thing on. Just add an additional layer. But you know ultimately.<\/p>\n<p>125<br \/>00:19:03.770 &#8211;&gt; 00:19:14.150<br \/>Geremy Meyers: you know, to stop 0 day attacks, you know. Sometimes things make it past the first layer. This is something you should have tacked on. It turned on automatically, because you probably already own it just to enable it. Yup.<\/p>\n<p>126<br \/>00:19:14.340 &#8211;&gt; 00:19:18.130<br \/>Andy Whiteside: how about the how about overhead, as it relates to this thing? Any concerns there<\/p>\n<p>127<br \/>00:19:19.490 &#8211;&gt; 00:19:22.299<br \/>Geremy Meyers: like processing overhead? Just what would<\/p>\n<p>128<br \/>00:19:22.730 &#8211;&gt; 00:19:34.309<br \/>Todd Smith: man? I don&#8217;t have a good feel for that, do you, Todd? I don&#8217;t think it&#8217;s much. No, I don&#8217;t have any. I don&#8217;t know what the current the overhead requirements are.<\/p>\n<p>129<br \/>00:19:34.700 &#8211;&gt; 00:19:38.720<br \/>Todd Smith: I could promise you. It&#8217;s not as tough as in ours.<\/p>\n<p>130<br \/>00:19:39.350 &#8211;&gt; 00:19:49.220<br \/>Geremy Meyers: The last statement in this paragraph said, this is a huge step in preventing unwanted data leaks and saves admin time on security patching and updates.<\/p>\n<p>131<br \/>00:19:49.430 &#8211;&gt; 00:19:57.560<br \/>Andy Whiteside: Well, yeah. And and you&#8217;re and you&#8217;re maybe you 2. But people in general won&#8217;t tell me. Security is a I mean. Excuse me, Citrix is a security play<\/p>\n<p>132<br \/>00:19:57.990 &#8211;&gt; 00:20:09.790<br \/>Andy Whiteside: it it is especially when you look at it from a suite of things that make up layers of things. Alright todd will lately, on this one contextual app protection for Workspace and store fronts. Tell me what that means.<\/p>\n<p>133<br \/>00:20:10.430 &#8211;&gt; 00:20:17.510<br \/>Todd Smith: So so one of the one of the challenges that a lot of times we&#8217;ve we&#8217;ve had is adjusting<\/p>\n<p>134<br \/>00:20:17.750 &#8211;&gt; 00:20:19.909<br \/>Todd Smith: security policies<\/p>\n<p>135<br \/>00:20:20.680 &#8211;&gt; 00:20:24.720<br \/>Todd Smith: based on a variety of different things. One of them is, you know, obviously.<\/p>\n<p>136<br \/>00:20:24.920 &#8211;&gt; 00:20:36.790<br \/>Todd Smith: who you are, where you&#8217;re coming in, from, what device you&#8217;re on, you know. Kind of the how do we protect on the any, any, any, any plane? This one actually allows you to do<\/p>\n<p>137<br \/>00:20:37.140 &#8211;&gt; 00:20:43.970<br \/>Todd Smith: increase the granularity based on, you know, specific user contacts. Right? So if I am in.<\/p>\n<p>138<br \/>00:20:44.160 &#8211;&gt; 00:20:58.289<br \/>Todd Smith: If I&#8217;m on a control browser, I&#8217;m gonna have a different experience. I&#8217;ll have different controls put on, put on me by either the workspace itself. So the Workspace app will be communicating back with the Workspace controllers.<\/p>\n<p>139<br \/>00:20:58.380 &#8211;&gt; 00:21:06.129<br \/>Todd Smith: or you can do it on the storefront itself. Basically say, you know, what if I&#8217;m accessing this application from this storefront, then I need to have.<\/p>\n<p>140<br \/>00:21:06.160 &#8211;&gt; 00:21:10.429<br \/>Todd Smith: a certain amount of additional controls put in place.<\/p>\n<p>141<br \/>00:21:12.370 &#8211;&gt; 00:21:13.500<br \/>Andy Whiteside: Hear me, thoughts?<\/p>\n<p>142<br \/>00:21:14.710 &#8211;&gt; 00:21:30.790<br \/>Geremy Meyers: Yeah. So the key here is being able to identify whether folks are, you know, internal externals. That would be a thing. It&#8217;s based on device posturing as well. So it&#8217;s just being able to tear what kind of control that you put on, you know, workspace and storefront? Right? So<\/p>\n<p>143<br \/>00:21:31.300 &#8211;&gt; 00:21:44.169<br \/>Geremy Meyers: you know, it&#8217;s something that we&#8217;ve done as a part of like, say, smart access on Netscaler for years. But now we&#8217;re adding it as as a service out of you know. Citrus Cloud, if you&#8217;d like it, or you know, do that as well on Prem<\/p>\n<p>144<br \/>00:21:44.340 &#8211;&gt; 00:21:56.370<br \/>Andy Whiteside: and and help me when you say Workspace, are you talking Workspace App Worksay Workspace landing web page. What what does Workspace mean in this or in this conversation?<\/p>\n<p>145<br \/>00:21:56.580 &#8211;&gt; 00:22:10.759<br \/>Geremy Meyers: So in this conversation, it&#8217;s cloud delivered storefront that Workspace not so much workspace app. But Workspace as a service, right? And that&#8217;s versus like, say, storefront, which is 100% on prem, right? So if you&#8217;re hitting storefront.<\/p>\n<p>146<br \/>00:22:10.920 &#8211;&gt; 00:22:18.000<br \/>Andy Whiteside: you&#8217;re doing it directly, or you&#8217;re doing it through a net scalar. That&#8217;s it&#8217;s a resource location. Yeah. Got it? Okay? Awesome. Thanks.<\/p>\n<p>147<br \/>00:22:18.410 &#8211;&gt; 00:22:35.119<br \/>Todd Smith: Alright. Next section says, bringing secure private access to everyone. Todd continue to find secure private access force real quick. Because I find a lot of people have no idea what this really really is. Yeah, sure. So secure private access is, you know what it once again, component of our 0 trust<\/p>\n<p>148<br \/>00:22:35.260 &#8211;&gt; 00:22:38.430<br \/>Todd Smith: network access or Z Tna,<\/p>\n<p>149<br \/>00:22:38.440 &#8211;&gt; 00:22:43.649<br \/>Todd Smith: and really, what it does is it encompasses replacing things like a VPN.<\/p>\n<p>150<br \/>00:22:43.730 &#8211;&gt; 00:22:48.110<br \/>Todd Smith: Improving your security posture, overall<\/p>\n<p>151<br \/>00:22:48.190 &#8211;&gt; 00:22:53.030<br \/>Todd Smith: in being able to to really give you a lot more control<\/p>\n<p>152<br \/>00:22:53.370 &#8211;&gt; 00:22:55.659<br \/>Todd Smith: invisibility into, you know<\/p>\n<p>153<br \/>00:22:55.940 &#8211;&gt; 00:23:01.069<br \/>Todd Smith: who&#8217;s coming into your network, what they&#8217;re allowed to do, and, more importantly,<\/p>\n<p>154<br \/>00:23:01.110 &#8211;&gt; 00:23:06.360<br \/>Todd Smith: gives you that visibility into what they&#8217;re doing while they&#8217;re in the session, or what they&#8217;re doing while they&#8217;re connected.<\/p>\n<p>155<br \/>00:23:08.440 &#8211;&gt; 00:23:10.089<br \/>Andy Whiteside: Jeremy, how do you want to explain it?<\/p>\n<p>156<br \/>00:23:10.460 &#8211;&gt; 00:23:12.850<br \/>Geremy Meyers: So I am coming up with?<\/p>\n<p>157<br \/>00:23:12.970 &#8211;&gt; 00:23:38.170<br \/>Geremy Meyers: I&#8217;m constantly evolving my analogy for this, because I&#8217;m trying to figure out the best way to say it. But when you think about how we&#8217;ve delivered apps in the past. It&#8217;s all been hosted, that&#8217;s, you know, sat in the data center. We&#8217;ve presented it honestly, it&#8217;s the first half of this conversation we&#8217;ve had. But you know, with secure private access we&#8217;re talking about, how can we make a almost a better VPN cause? That&#8217;s the worst analogy. That&#8217;s what I&#8217;m trying to fix. But the idea that we don&#8217;t wanna turn everything on we would just wanna present<\/p>\n<p>158<br \/>00:23:38.260 &#8211;&gt; 00:23:55.060<br \/>Geremy Meyers: at a network level these applications. So, for instance, in the past, I might have launched a web page, an internal web page by opening up a VPN. Opening up my browser and going direct in. There&#8217;s a lot of security implications with that. So the idea is, what if I could give you specific access to<\/p>\n<p>159<br \/>00:23:55.060 &#8211;&gt; 00:24:16.299<br \/>Geremy Meyers: internal websites? Heck! Even, you know, public facing websites and wraps some control around that as well. So, for instance, one of the common ones that I use at Citrix, here is, listen. I&#8217;ve got a handful of cloud tools that I use all the time. So they give me insight into you know, cloud tenants, and you know I&#8217;m constantly helping customers out on the back end. But these are internal only tools.<\/p>\n<p>160<br \/>00:24:16.500 &#8211;&gt; 00:24:24.720<br \/>Geremy Meyers: so I am accessing them through secure private access. So I&#8217;m not having to fire up a VPN. The key is, it&#8217;s paired with an enterprise browser.<\/p>\n<p>161<br \/>00:24:24.860 &#8211;&gt; 00:24:26.429<br \/>Geremy Meyers: So the idea is.<\/p>\n<p>162<br \/>00:24:26.470 &#8211;&gt; 00:24:39.579<br \/>Geremy Meyers: you know, if I&#8217;m you know, not presenting like I have in the past, and I&#8217;ve turned all these security controls on to protect the delivery of that app. Well, what happens if I&#8217;m accessing it directly from my endpoint? I&#8217;m firing up my local browser going to that web page.<\/p>\n<p>163<br \/>00:24:39.640 &#8211;&gt; 00:24:45.089<br \/>Geremy Meyers: You know. How do I protect that? Well, that&#8217;s where the Enterprise browser comes in, so I can throw those same security controls<\/p>\n<p>164<br \/>00:24:45.200 &#8211;&gt; 00:24:51.530<br \/>Geremy Meyers: when I&#8217;m accessing that internal website because I&#8217;m doing it from a protected browser. And that is huge. That&#8217;s that&#8217;s actually a game changer.<\/p>\n<p>165<br \/>00:24:51.590 &#8211;&gt; 00:25:14.859<br \/>Andy Whiteside: Yeah, so so just to be clear on the blog, it talks about secure private access, which is your way of being able to get into the internal environment without having to do a full blown VPN. And as we&#8217;re pretty political about how you said it, my answer is, it&#8217;s 2023. If your organization is using a VPN for anything other than hardcore administrative stuff that you gotta get back in the back end to do it. You&#8217;re doing it wrong. You&#8217;re<\/p>\n<p>166<br \/>00:25:14.860 &#8211;&gt; 00:25:32.339<br \/>Andy Whiteside: you&#8217;re doing it wrong. I sometimes I get more derogatory than that. But you&#8217;re doing it wrong 0 0 trust secure private access technology is a way to do it. And then, Jeremy, you took it to the next level, which, by the way, I&#8217;m gonna show you my, my, is my. And then the computer. I&#8217;m sitting in front of right now. These are my default apps. And look what I have from my my browser.<\/p>\n<p>167<br \/>00:25:32.400 &#8211;&gt; 00:25:34.719<br \/>Geremy Meyers: There it is, Enterprise, browser.<\/p>\n<p>168<br \/>00:25:34.770 &#8211;&gt; 00:26:01.229<br \/>Andy Whiteside: And and I&#8217;m having that conversation, because there&#8217;s other players in the space now that are having, you know, non consumer browsers, Aka enterprise, citrix being one. And I&#8217;ve got people my team going. That&#8217;s a great idea. And I&#8217;m like, what are you talking about? We&#8217;ve had that for over a year now and then you pair it up with some like secure private access, and you&#8217;ve got peanut butter and jelly, and one heck of a good, you know sandwich but there&#8217;s still so many people when I say Enterprise browser, they start talking about secure browser service.<\/p>\n<p>169<br \/>00:26:01.240 &#8211;&gt; 00:26:09.339<br \/>Andy Whiteside: and they don&#8217;t even understand that for the last 30 years, 20 years at least, they&#8217;ve been using the consumer browser to get worked on, which is a very, very bad thing.<\/p>\n<p>170<br \/>00:26:09.710 &#8211;&gt; 00:26:17.709<br \/>Geremy Meyers: So what&#8217;s different in this blog here is. This is traditionally been something delivered from citrus Cloud. So Spa secure private access was a service.<\/p>\n<p>171<br \/>00:26:17.760 &#8211;&gt; 00:26:19.699<br \/>Geremy Meyers: Now this works completely off<\/p>\n<p>172<br \/>00:26:19.960 &#8211;&gt; 00:26:30.259<br \/>Geremy Meyers: off the cloud completely. You know, storefront on prem net scalar gateway on Prem. That sort of thing so not required to have the cloud tenant to do it<\/p>\n<p>173<br \/>00:26:30.310 &#8211;&gt; 00:26:46.439<br \/>Geremy Meyers: now. And this is what it&#8217;s trying to point out here is it also includes enterprise browser. So I can take my enterprise. Browser. Not the service. Take my enterprise browser connect that through my netscaler through storefront to access my internal apps. And what this video and the blog does is walk through what that user experience actually is.<\/p>\n<p>174<br \/>00:26:46.510 &#8211;&gt; 00:26:48.660<br \/>Andy Whiteside: Yeah, no Brainer Todd go ahead.<\/p>\n<p>175<br \/>00:26:49.390 &#8211;&gt; 00:26:51.929<br \/>Todd Smith: I was just gonna agree. I mean, I think, that<\/p>\n<p>176<br \/>00:26:51.960 &#8211;&gt; 00:26:56.609<br \/>Todd Smith: the move towards a a secure browser.<\/p>\n<p>177<br \/>00:26:56.800 &#8211;&gt; 00:27:01.379<br \/>Todd Smith: that&#8217;s Enterprise class. It has all of the policies that you could put in there just like you were.<\/p>\n<p>178<br \/>00:27:01.670 &#8211;&gt; 00:27:07.909<br \/>Todd Smith: You know. What we&#8217;re trying to do here is replace the the need to publish a browser as a<\/p>\n<p>179<br \/>00:27:08.120 &#8211;&gt; 00:27:22.459<br \/>Todd Smith: publish application, right? So have it be native, have it be included in the components? Have it being able to be accessed directly from the workspace, having it show up as one of your common default. Browsers is absolutely critical, and I think this is one of those<\/p>\n<p>180<br \/>00:27:22.560 &#8211;&gt; 00:27:24.170<br \/>Todd Smith: one of those features<\/p>\n<p>181<br \/>00:27:24.260 &#8211;&gt; 00:27:29.040<br \/>Todd Smith: that oftentimes it gets overlooked, and is certainly a lot of times misunderstood.<\/p>\n<p>182<br \/>00:27:29.670 &#8211;&gt; 00:27:52.940<br \/>Andy Whiteside: What&#8217;s what&#8217;s the version of windows they had over in Europe, or they have everywhere now but Europe forced it to happen where they made note where the operating system came with no browser, that in is it the in addition. I think it&#8217;s been all of them. I think the Europeans forced them to remove the browser explorer. You really<\/p>\n<p>183<br \/>00:27:52.940 &#8211;&gt; 00:28:12.729<br \/>Andy Whiteside: you really couldn&#8217;t. But with with edge. Maybe you can, maybe. Anyway, actually you can&#8217;t. I&#8217;ve looked into it. You can&#8217;t. But to me an ideal world going forward is you get your windows? OS, and you systematically insert an enterprise browser versus having to have one on the system. That&#8217;s you know, consumer built for consumer use cases.<\/p>\n<p>184<br \/>00:28:13.520 &#8211;&gt; 00:28:24.250<br \/>Todd Smith: Yeah, I love. But I had to set up a a new machine for one of my one of my nephews over the weekend. And it it was interesting going to install chrome on it.<\/p>\n<p>185<br \/>00:28:24.330 &#8211;&gt; 00:28:26.830<br \/>Todd Smith: The first thing I had to do was open up<\/p>\n<p>186<br \/>00:28:27.330 &#8211;&gt; 00:28:29.900<br \/>Todd Smith: edge, because that was what was installed<\/p>\n<p>187<br \/>00:28:30.200 &#8211;&gt; 00:28:38.190<br \/>Todd Smith: on a factor default to go in to go and download chrome. So I could actually install that and replace Browser. It&#8217;s default, Browser is as that.<\/p>\n<p>188<br \/>00:28:38.930 &#8211;&gt; 00:28:43.590<br \/>Geremy Meyers: How would you get a browser. If windows didn&#8217;t have a browser.<\/p>\n<p>189<br \/>00:28:46.320 &#8211;&gt; 00:28:49.840<br \/>Geremy Meyers: your it team would put it on there, and that would be all have to be yeah<\/p>\n<p>190<br \/>00:28:49.910 &#8211;&gt; 00:28:58.019<br \/>Todd Smith: and find out what the Ftp. Server is, and then download. Connect to the Ftp. Server the public side of the Ftp. Server.<\/p>\n<p>191<br \/>00:28:58.270 &#8211;&gt; 00:29:00.529<br \/>Todd Smith: Work your way through the libraries.<\/p>\n<p>192<br \/>00:29:01.100 &#8211;&gt; 00:29:06.859<br \/>Geremy Meyers: workspace app on there, and it will be on there done.<\/p>\n<p>193<br \/>00:29:06.970 &#8211;&gt; 00:29:18.239<br \/>Geremy Meyers: So windows. In addition, there was an Xp version of this. It shipped without windows media players what it was, but there was some anti-trusting there as well. And I think there&#8217;s a version that didn&#8217;t do a browser. That&#8217;s interesting.<\/p>\n<p>194<br \/>00:29:18.590 &#8211;&gt; 00:29:19.350<br \/>\u0939\u093e\u0901\u0964<\/p>\n<p>195<br \/>00:29:19.700 &#8211;&gt; 00:29:26.360<br \/>Andy Whiteside: alright next section. I can&#8217;t remember who&#8217;s up. I&#8217;ll go with Todd. Better compliance around session recording<\/p>\n<p>196<br \/>00:29:27.260 &#8211;&gt; 00:29:30.809<br \/>Andy Whiteside: Todd give us a brief history on session recording and what this particular<\/p>\n<p>197<br \/>00:29:31.210 &#8211;&gt; 00:29:40.780<br \/>Todd Smith: scenario. So so it&#8217;s interesting, because session recording originally started off with being able to record a specific application that was being delivered via<\/p>\n<p>198<br \/>00:29:40.840 &#8211;&gt; 00:29:42.479<br \/>Todd Smith: a citric session<\/p>\n<p>199<br \/>00:29:42.790 &#8211;&gt; 00:29:45.660<br \/>Todd Smith: no, no pun intended<\/p>\n<p>200<br \/>00:29:45.880 &#8211;&gt; 00:29:59.429<br \/>Todd Smith: but within a within a Zen app context, right? So if I can deliver, you know an application, so say, for instance, it&#8217;s excel. And I wanted to be able to see what the person was doing when they&#8217;re inside the excel spreadsheet<\/p>\n<p>201<br \/>00:29:59.900 &#8211;&gt; 00:30:04.490<br \/>Todd Smith: I could turn on session recording. and then I would have to. Then.<\/p>\n<p>202<br \/>00:30:05.690 &#8211;&gt; 00:30:08.239<br \/>Todd Smith: you know, get the administrator to<\/p>\n<p>203<br \/>00:30:08.990 &#8211;&gt; 00:30:25.229<br \/>Todd Smith: review the recording we then changed it so that you could actually share the recording out to specify group of people because oftentimes the recording didn&#8217;t need to be reviewed by the It administrator, by someone in training or compliance, or whatever.<\/p>\n<p>204<br \/>00:30:25.680 &#8211;&gt; 00:30:34.819<br \/>Todd Smith: So what we did is, we then expanded that into include desktop recording. So being able to record the entire desktop. So the the the Vdi session was that desktop session<\/p>\n<p>205<br \/>00:30:34.860 &#8211;&gt; 00:30:45.109<br \/>Todd Smith: and then being able to continuously leverage the recording capabilities to identify, you know, potential security breaches people not doing.<\/p>\n<p>206<br \/>00:30:45.210 &#8211;&gt; 00:31:01.120<br \/>Todd Smith: not doing those tasks as they should be, so it could be a training issue and then oftentimes it&#8217;s being used for compliance. So think about bank transactions that are large and scale. I wanna see who, you know, who was actually doing that, what they were, what they were clicking on<\/p>\n<p>207<br \/>00:31:01.260 &#8211;&gt; 00:31:09.109<br \/>Todd Smith: while they were in that session. But it&#8217;s really being designed, it being utilized primarily for compliance issues<\/p>\n<p>208<br \/>00:31:09.760 &#8211;&gt; 00:31:10.460<br \/>Andy Whiteside: right?<\/p>\n<p>209<br \/>00:31:11.740 &#8211;&gt; 00:31:20.149<br \/>Andy Whiteside: Hear me your thoughts on session recording it&#8217;s origins and how it&#8217;s worked in any real world examples where you know it. It proved it&#8217;s worth<\/p>\n<p>210<br \/>00:31:20.350 &#8211;&gt; 00:31:33.929<br \/>Geremy Meyers: so Todd specifically talked. And this blog is specifically focused on security. I think one of the other areas we&#8217;ve seen, this use is training. So being able to reproduce an issue, you know, cause you know, user will dial in call in and say, Hey, I&#8217;m having this issue.<\/p>\n<p>211<br \/>00:31:33.950 &#8211;&gt; 00:31:44.440<br \/>Geremy Meyers: Actually be able to go back and say, Hey, what you&#8217;re doing. Let&#8217;s do this a little bit differently. So just being able to understand what users are doing, and kind of train them up on<\/p>\n<p>212<br \/>00:31:44.490 &#8211;&gt; 00:31:53.170<br \/>Geremy Meyers: how to do something a little bit differently. So that is the other use case. I&#8217;ve seen what? How? The services evolved is becoming more and more managed.<\/p>\n<p>213<br \/>00:31:53.250 &#8211;&gt; 00:32:07.080<br \/>Geremy Meyers: So one of the reasons most customers have not deployed is simply because, historically, there&#8217;s just been a lot to go turn on to get session recording up and going. And so what&#8217;s nice now is the session recording service. You can deploy a lot of it.<\/p>\n<p>214<br \/>00:32:07.230 &#8211;&gt; 00:32:15.509<br \/>Geremy Meyers:&nbsp; you know, hands, I would say hands-free. But just recently we had the ability to deploy most of it out to azure. And it&#8217;s automated, which is pretty slick.<\/p>\n<p>215<br \/>00:32:15.990 &#8211;&gt; 00:32:25.449<br \/>Andy Whiteside: And and maybe to give this blog it&#8217;s due, some of this is talking about the ability to manage those configurations and rollouts. That is that really what this portion here is.<\/p>\n<p>216<br \/>00:32:28.360 &#8211;&gt; 00:32:31.519<br \/>Andy Whiteside: the cloud cloud client update kind of control thing.<\/p>\n<p>217<br \/>00:32:31.700 &#8211;&gt; 00:32:34.480<br \/>Geremy Meyers: Yeah, I would think so. Yeah, yeah.<\/p>\n<p>218<br \/>00:32:34.790 &#8211;&gt; 00:32:36.710<br \/>Andy Whiteside: Sorry.<\/p>\n<p>219<br \/>00:32:36.720 &#8211;&gt; 00:32:38.670<br \/>Geremy Meyers: By the way, what was this originally called?<\/p>\n<p>220<br \/>00:32:38.890 &#8211;&gt; 00:32:46.980<br \/>Geremy Meyers: I Googled that because the name escaped me, and as it turns out. None of the Google<\/p>\n<p>221<br \/>00:32:47.100 &#8211;&gt; 00:32:48.050<br \/>Geremy Meyers: hits<\/p>\n<p>222<br \/>00:32:48.360 &#8211;&gt; 00:32:54.379<br \/>Todd Smith: hit. But I&#8217;ve got web chat, Gpt running on the side. So it automatically looks it up to. Of course.<\/p>\n<p>223<br \/>00:32:54.620 &#8211;&gt; 00:33:06.910<br \/>Andy Whiteside: I don&#8217;t know if you guys saw that or not. But I just sent you a chat. I just popped up the screen. So Microsoft is releasing, like as we speak and enterprise browser like it&#8217;ll it&#8217;ll still be edge. But whatever my point is.<\/p>\n<p>224<br \/>00:33:07.100 &#8211;&gt; 00:33:11.120<br \/>Andy Whiteside: you gotta get this consumer browser crap out of the way. It&#8217;s it&#8217;s a problem.<\/p>\n<p>225<br \/>00:33:11.130 &#8211;&gt; 00:33:12.150<br \/>Geremy Meyers: It is<\/p>\n<p>226<br \/>00:33:12.270 &#8211;&gt; 00:33:22.210<br \/>Andy Whiteside: alright. So let&#8217;s go, Jeremy. I think new on-premise security features for session, recording what is this part of the blog calling out.<\/p>\n<p>227<br \/>00:33:23.000 &#8211;&gt; 00:33:37.379<br \/>Geremy Meyers: oh, let&#8217;s take a look. Yeah, I think there&#8217;s a couple of different things here. So number one just managing who can see recordings. So, for instance, you know, as you expand this out, and you give more people access, just being able to tear. Who can see what<\/p>\n<p>228<br \/>00:33:37.410 &#8211;&gt; 00:33:41.489<br \/>Geremy Meyers: just notifying users before they&#8217;re logged down, their sessions locked, locked.<\/p>\n<p>229<br \/>00:33:41.650 &#8211;&gt; 00:33:54.540<br \/>Geremy Meyers: It&#8217;s pretty important. The you know the other piece to this. Maybe it&#8217;s not called here, is. There&#8217;s an integration with you know the Security analytics service as well. So maybe that&#8217;s a little bit of the tie in there, you know. If something were to happen.<\/p>\n<p>230<br \/>00:33:54.680 &#8211;&gt; 00:34:02.410<br \/>Geremy Meyers: And your machine was to, you know, maybe trigger security analytics. You could log some folks out and make sure they have an update before it happens.<\/p>\n<p>231<br \/>00:34:03.250 &#8211;&gt; 00:34:06.079<br \/>Andy Whiteside: You know, we haven&#8217;t talked about security analytics at all<\/p>\n<p>232<br \/>00:34:06.360 &#8211;&gt; 00:34:11.880<br \/>Andy Whiteside: in any of this. That&#8217;s that&#8217;s a whole nother element of taking the workspace and bringing it to<\/p>\n<p>233<br \/>00:34:11.960 &#8211;&gt; 00:34:17.640<br \/>Andy Whiteside: a place where it&#8217;s got all kinds of security initiatives going on real time, or as on demand, as needed.<\/p>\n<p>234<br \/>00:34:17.800 &#8211;&gt; 00:34:18.580<br \/>Geremy Meyers: Umhm<\/p>\n<p>235<br \/>00:34:19.699 &#8211;&gt; 00:34:23.569<br \/>Andy Whiteside: Todd. Anything else you&#8217;d want to highlight around the session recording feature.<\/p>\n<p>236<br \/>00:34:24.040 &#8211;&gt; 00:34:25.920<br \/>Todd Smith: I think the the<\/p>\n<p>237<br \/>00:34:26.090 &#8211;&gt; 00:34:39.589<br \/>Todd Smith: the comment you just made around security analytics piece of it. You know. What if you could have a security analytics, event, trigger session recording to automatically start. And then, once the recording is done.<\/p>\n<p>238<br \/>00:34:40.040 &#8211;&gt; 00:34:46.270<br \/>Todd Smith: then notify not the administrator, but notify the person who is responsible for reviewing that<\/p>\n<p>239<br \/>00:34:46.440 &#8211;&gt; 00:34:53.150<br \/>Todd Smith: and and make it seamless. Right? So that&#8217;s that&#8217;s a critical step, and that&#8217;s a critical<\/p>\n<p>240<br \/>00:34:53.409 &#8211;&gt; 00:34:55.790<br \/>Todd Smith: move in the right direction when it comes to<\/p>\n<p>241<br \/>00:34:57.110 &#8211;&gt; 00:34:59.550<br \/>Todd Smith: making it less cumbersome<\/p>\n<p>242<br \/>00:35:00.030 &#8211;&gt; 00:35:07.999<br \/>Todd Smith: for security administrators to really do their jobs. And it&#8217;s a it&#8217;s a piece of the automation stack that a lot of people overlook.<\/p>\n<p>243<br \/>00:35:08.850 &#8211;&gt; 00:35:09.580<br \/>\u090f\u0902\u0921\u0940 \u0935\u094d\u0939\u093e\u0907\u091f\u0938\u093e\u0907\u0921: \u0939\u093e\u0901\u0964<\/p>\n<p>244<br \/>00:35:11.100 &#8211;&gt; 00:35:29.439<br \/>Andy Whiteside: So this last section says, the tools you want to create the secure environment you need. And then it lists a whole bunch of stuff Google identity, authentication, azure dynamic security groups and trusted launch support for azure ephemeral OS disk. I think my main point in calling out this whole blog as well as others is.<\/p>\n<p>245<br \/>00:35:29.640 &#8211;&gt; 00:35:37.439<br \/>Andy Whiteside: You know, Citrix kind of built this space. And they&#8217;re still. You guys are still investing cloud software groups investing in what Citrix does from a security place.<\/p>\n<p>246<br \/>00:35:37.600 &#8211;&gt; 00:35:48.830<br \/>Andy Whiteside: I can&#8217;t say any people just assume Citrix is done, and there&#8217;s no innovation going on. I think there&#8217;s probably more innovation going on now than there was a year ago. Just gotta make sure people realize it.<\/p>\n<p>247<br \/>00:35:49.240 &#8211;&gt; 00:35:52.589<br \/>Todd Smith: I think what&#8217;s interesting is security doesn&#8217;t live in a silo.<\/p>\n<p>248<br \/>00:35:52.710 &#8211;&gt; 00:36:20.899<br \/>Geremy Meyers: and you&#8217;ve gotta be able to integrate with a lot of what folks bring to their conversation. Right? So part of the hybrid talk we have is the fact that you&#8217;ve got to integrate together with things that you got so multiple clouds, multiple things like that. And we&#8217;re just extending out security as well, right? So we understand a lot of folks are using things like azure id. There&#8217;s a security platform with azure id that folks are gonna leverage. How do we integrate with that? You know, later today, we&#8217;re gonna do a podcast around service. Now, the idea being.<\/p>\n<p>249<br \/>00:36:20.900 &#8211;&gt; 00:36:24.469<br \/>Geremy Meyers: how do we integrate citrix cloud, the on-prem stuff<\/p>\n<p>250<br \/>00:36:24.500 &#8211;&gt; 00:36:41.830<br \/>Geremy Meyers: with service. Now, in fact, we&#8217;re gonna do that on our next. Podcast but the idea is, you&#8217;ve got to be able to tie these things together, and security is no different right? So how can we consume? How can we contribute to? You know, sort of the broad solution that a customer is going to have. How do we integrate into it part of every conversation? You have<\/p>\n<p>251<br \/>00:36:41.840 &#8211;&gt; 00:37:11.370<br \/>Todd Smith: improvements that we&#8217;re making.<\/p>\n<p>252<br \/>00:37:11.730 &#8211;&gt; 00:37:14.509<br \/>Todd Smith: you know. Zen app performance, or you know.<\/p>\n<p>253<br \/>00:37:14.630 &#8211;&gt; 00:37:26.089<br \/>Todd Smith: the next feature within Zendeskop. you know what we&#8217;re really doing when it comes to looking at security and looking at security as a holistic component<\/p>\n<p>254<br \/>00:37:26.500 &#8211;&gt; 00:37:36.279<br \/>Todd Smith: of what we do right, and we used to have a one of the slides that we always had in our decks. That I absolutely hated was the secure by design<\/p>\n<p>255<br \/>00:37:36.420 &#8211;&gt; 00:37:48.980<br \/>Todd Smith: slide, because it didn&#8217;t explain exactly what that meant. It was just well, yeah, we&#8217;re working on security. Well. we need to lead with that. And this is this is this, blog is yet again, another example of<\/p>\n<p>256<br \/>00:37:49.060 &#8211;&gt; 00:37:58.869<br \/>Todd Smith: you know where security is a critical component in every single thing we&#8217;re doing when it comes to developing an application developing product, developing a service.<\/p>\n<p>257<br \/>00:37:59.030 &#8211;&gt; 00:38:12.429<br \/>Todd Smith: It cannot be an add on, it has to be an integral. You know, it&#8217;s got to be built into the foundation. It&#8217;s the rebar that goes into the concrete.&nbsp; you know. It&#8217;s it&#8217;s not just something that we add on at the at the very end<\/p>\n<p>258<br \/>00:38:14.120 &#8211;&gt; 00:38:19.069<br \/>Geremy Meyers: secure. Did you say security is the rebar? That might be my new favorite<\/p>\n<p>259<br \/>00:38:19.980 &#8211;&gt; 00:38:24.840<br \/>Todd Smith: analogy. There, Tom, yeah. Feel free to use it any time in alright, Jeremy.<\/p>\n<p>260<br \/>00:38:26.540 &#8211;&gt; 00:38:29.070<br \/>Andy Whiteside: I will. I&#8217;m sure he will, too.<\/p>\n<p>261<br \/>00:38:29.130 &#8211;&gt; 00:38:33.590<br \/>Geremy Meyers: I&#8217;m sure I will. And sometimes that security might be as simple as turning off.<\/p>\n<p>262<br \/>00:38:33.930 &#8211;&gt; 00:38:39.549<br \/>Andy Whiteside: you know. Local client drive mapping or printer, redirection or printer print redirection it.<\/p>\n<p>263<br \/>00:38:39.720 &#8211;&gt; 00:38:44.810<br \/>Andy Whiteside: There&#8217;s so many things that in the presentation protocol of Ica hdx, if you will.<\/p>\n<p>264<br \/>00:38:45.010 &#8211;&gt; 00:38:54.349<br \/>Andy Whiteside: It&#8217;s in there from a security perspective that was enable customers to do stuff at the same time can easily be turned off. Those are. Those are security features.<\/p>\n<p>265<br \/>00:38:54.510 &#8211;&gt; 00:38:56.870<br \/>Andy Whiteside: If you want to stop and look at it the right way.<\/p>\n<p>266<br \/>00:38:56.990 &#8211;&gt; 00:38:57.680<br \/>Todd Smith: Yep.<\/p>\n<p>267<br \/>00:38:58.370 &#8211;&gt; 00:39:03.310<br \/>Andy Whiteside: And look, if you&#8217;re an organization still using Vpns for users to get work done, you need to stop<\/p>\n<p>268<br \/>00:39:03.610 &#8211;&gt; 00:39:06.430<br \/>Andy Whiteside: cause. It&#8217;s wrong. It just it is. It&#8217;s wrong.<\/p>\n<p>269<br \/>00:39:07.780 &#8211;&gt; 00:39:17.209<br \/>Andy Whiteside: Well, guys, thank you for the time today. Talk citrix and security. I am. I&#8217;m adamant that it is, and III fight the good fight all the time, talking to<\/p>\n<p>270<br \/>00:39:17.370 &#8211;&gt; 00:39:30.459<br \/>Andy Whiteside: other security folks, vendors that don&#8217;t even keep it in the loop as one of the layers, but it without a doubt it&#8217;s one of the layers in our world to bring security to to ourselves as well as our customers. So I appreciate you guys talking through this<\/p>\n<p>271<br \/>00:39:30.480 &#8211;&gt; 00:39:46.049<br \/>Geremy Meyers: absolutely appreciate it, guys. Well, I&#8217;ll tie something back into what Jeremy, said I, we were spending a ton of money internally to implement service now for ourselves and for our customers, and I may have done this with you before. But then I asked my team. Okay, this is great. Why are we spending so much money? What&#8217;s our goal here? And the answer was, security<\/p>\n<p>272<br \/>00:39:46.580 &#8211;&gt; 00:39:53.319<br \/>Andy Whiteside: implement service. Now for security, I&#8217;m like. I don&#8217;t understand that, he said. Well, look until you get everything into one place. You can&#8217;t secure it because you don&#8217;t know what you have.<\/p>\n<p>273<br \/>00:39:54.630 &#8211;&gt; 00:40:08.710<br \/>Andy Whiteside: and that. And we&#8217;re going to be launching that series where we talk about service now, a lot that&#8217;s that&#8217;s enabling user enabled initiated workflows very important, getting your hands around your virtual and physical environment, so you can secure it equally as important.<\/p>\n<p>274<br \/>00:40:10.370 &#8211;&gt; 00:40:11.630<br \/>Geremy Meyers: Couldn&#8217;t agree more.<\/p>\n<p>275<br \/>00:40:12.110 &#8211;&gt; 00:40:15.620<br \/>Geremy Meyers: Alright, gentlemen, enjoy the rest of your Monday. Alright.<\/p>\n<p><\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>We\u2019ve released a variety of Citrix security features over the past few months that improve security in the cloud, on-premises, and in hybrid environments. Working to make Citrix solutions work &hellip;<\/p>","protected":false},"author":7,"featured_media":65995,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-66012","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcast"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>142: The Citrix Session: Strengthening your Citrix security - XenTegra<\/title>\n<meta name=\"description\" content=\"Your feedback is crucial to Citrix, listen to why we built our Destination: Hybrid product roadmap around more security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xentegra.com\/hi\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/\" \/>\n<meta property=\"og:locale\" content=\"hi_IN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"142: The Citrix Session: Strengthening your Citrix security - XenTegra\" \/>\n<meta property=\"og:description\" content=\"Your feedback is crucial to Citrix, listen to why we built our Destination: Hybrid product roadmap around more security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xentegra.com\/hi\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/\" \/>\n<meta property=\"og:site_name\" content=\"XenTegra\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XenTegra\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-29T21:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-18T10:57:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1100\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chase Newmyer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xentegra\" \/>\n<meta name=\"twitter:site\" content=\"@xentegra\" \/>\n<meta name=\"twitter:label1\" content=\"\u0926\u094d\u0935\u093e\u0930\u093e \u0932\u093f\u0916\u093f\u0924\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chase Newmyer\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0905\u0928\u0941\u092e\u093e\u0928\u093f\u0924 \u092a\u0922\u093c\u0928\u0947 \u0915\u093e \u0938\u092e\u092f\" \/>\n\t<meta name=\"twitter:data2\" content=\"40 \u092e\u093f\u0928\u091f\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/\"},\"author\":{\"name\":\"Chase Newmyer\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#\\\/schema\\\/person\\\/84736408f096bfd92b80305aea8846a7\"},\"headline\":\"142: The Citrix Session: Strengthening your Citrix security, one feature at a time\",\"datePublished\":\"2023-08-29T21:00:00+00:00\",\"dateModified\":\"2025-02-18T10:57:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/\"},\"wordCount\":9040,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/Citrix-Session.png\",\"articleSection\":[\"Podcast\"],\"inLanguage\":\"hi-IN\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/\",\"url\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/\",\"name\":\"142: The Citrix Session: Strengthening your Citrix security - XenTegra\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/Citrix-Session.png\",\"datePublished\":\"2023-08-29T21:00:00+00:00\",\"dateModified\":\"2025-02-18T10:57:29+00:00\",\"description\":\"Your feedback is crucial to Citrix, listen to why we built our Destination: Hybrid product roadmap around more security.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/#breadcrumb\"},\"inLanguage\":\"hi-IN\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"hi-IN\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/Citrix-Session.png\",\"contentUrl\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/Citrix-Session.png\",\"width\":1100,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/xentegra.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"142: The Citrix Session: Strengthening your Citrix security, one feature at a time\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#website\",\"url\":\"https:\\\/\\\/xentegra.com\\\/\",\"name\":\"XenTegra\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xentegra.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"hi-IN\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#organization\",\"name\":\"XenTegra\",\"url\":\"https:\\\/\\\/xentegra.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"hi-IN\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/1519903807641-min.jpg\",\"contentUrl\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/1519903807641-min.jpg\",\"width\":200,\"height\":200,\"caption\":\"XenTegra\"},\"image\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XenTegra\\\/\",\"https:\\\/\\\/x.com\\\/xentegra\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/xentegra-llc\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#\\\/schema\\\/person\\\/84736408f096bfd92b80305aea8846a7\",\"name\":\"Chase Newmyer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"hi-IN\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g\",\"caption\":\"Chase Newmyer\"},\"url\":\"https:\\\/\\\/xentegra.com\\\/hi\\\/resources\\\/author\\\/chasenewmyer\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"142: The Citrix Session: Strengthening your Citrix security - XenTegra","description":"Your feedback is crucial to Citrix, listen to why we built our Destination: Hybrid product roadmap around more security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xentegra.com\/hi\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/","og_locale":"hi_IN","og_type":"article","og_title":"142: The Citrix Session: Strengthening your Citrix security - XenTegra","og_description":"Your feedback is crucial to Citrix, listen to why we built our Destination: Hybrid product roadmap around more security.","og_url":"https:\/\/xentegra.com\/hi\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/","og_site_name":"XenTegra","article_publisher":"https:\/\/www.facebook.com\/XenTegra\/","article_published_time":"2023-08-29T21:00:00+00:00","article_modified_time":"2025-02-18T10:57:29+00:00","og_image":[{"width":1100,"height":600,"url":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","type":"image\/png"}],"author":"Chase Newmyer","twitter_card":"summary_large_image","twitter_creator":"@xentegra","twitter_site":"@xentegra","twitter_misc":{"\u0926\u094d\u0935\u093e\u0930\u093e \u0932\u093f\u0916\u093f\u0924":"Chase Newmyer","\u0905\u0928\u0941\u092e\u093e\u0928\u093f\u0924 \u092a\u0922\u093c\u0928\u0947 \u0915\u093e \u0938\u092e\u092f":"40 \u092e\u093f\u0928\u091f"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/#article","isPartOf":{"@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/"},"author":{"name":"Chase Newmyer","@id":"https:\/\/xentegra.com\/#\/schema\/person\/84736408f096bfd92b80305aea8846a7"},"headline":"142: The Citrix Session: Strengthening your Citrix security, one feature at a time","datePublished":"2023-08-29T21:00:00+00:00","dateModified":"2025-02-18T10:57:29+00:00","mainEntityOfPage":{"@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/"},"wordCount":9040,"commentCount":0,"publisher":{"@id":"https:\/\/xentegra.com\/#organization"},"image":{"@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/#primaryimage"},"thumbnailUrl":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","articleSection":["Podcast"],"inLanguage":"hi-IN","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/","url":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/","name":"142: The Citrix Session: Strengthening your Citrix security - XenTegra","isPartOf":{"@id":"https:\/\/xentegra.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/#primaryimage"},"image":{"@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/#primaryimage"},"thumbnailUrl":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","datePublished":"2023-08-29T21:00:00+00:00","dateModified":"2025-02-18T10:57:29+00:00","description":"Your feedback is crucial to Citrix, listen to why we built our Destination: Hybrid product roadmap around more security.","breadcrumb":{"@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/#breadcrumb"},"inLanguage":"hi-IN","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/"]}]},{"@type":"ImageObject","inLanguage":"hi-IN","@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/#primaryimage","url":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","contentUrl":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","width":1100,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/xentegra.com\/resources\/142-the-citrix-session-strengthening-your-citrix-security-one-feature-at-a-time\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xentegra.com\/"},{"@type":"ListItem","position":2,"name":"142: The Citrix Session: Strengthening your Citrix security, one feature at a time"}]},{"@type":"WebSite","@id":"https:\/\/xentegra.com\/#website","url":"https:\/\/xentegra.com\/","name":"\u091c\u093c\u0947\u0928\u091f\u0947\u0917\u094d\u0930\u093e","description":"","publisher":{"@id":"https:\/\/xentegra.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xentegra.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"hi-IN"},{"@type":"Organization","@id":"https:\/\/xentegra.com\/#organization","name":"\u091c\u093c\u0947\u0928\u091f\u0947\u0917\u094d\u0930\u093e","url":"https:\/\/xentegra.com\/","logo":{"@type":"ImageObject","inLanguage":"hi-IN","@id":"https:\/\/xentegra.com\/#\/schema\/logo\/image\/","url":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2023\/06\/1519903807641-min.jpg","contentUrl":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2023\/06\/1519903807641-min.jpg","width":200,"height":200,"caption":"XenTegra"},"image":{"@id":"https:\/\/xentegra.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XenTegra\/","https:\/\/x.com\/xentegra","https:\/\/www.linkedin.com\/company\/xentegra-llc"]},{"@type":"Person","@id":"https:\/\/xentegra.com\/#\/schema\/person\/84736408f096bfd92b80305aea8846a7","name":"Chase Newmyer","image":{"@type":"ImageObject","inLanguage":"hi-IN","@id":"https:\/\/secure.gravatar.com\/avatar\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g","caption":"Chase Newmyer"},"url":"https:\/\/xentegra.com\/hi\/resources\/author\/chasenewmyer\/"}]}},"_links":{"self":[{"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/posts\/66012","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/comments?post=66012"}],"version-history":[{"count":1337,"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/posts\/66012\/revisions"}],"predecessor-version":[{"id":717031,"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/posts\/66012\/revisions\/717031"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/media\/65995"}],"wp:attachment":[{"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/media?parent=66012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/categories?post=66012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xentegra.com\/hi\/wp-json\/wp\/v2\/tags?post=66012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}