Duration 44:43
16+
Play
Video

Citrix Synergy TV - SYN190 - Secure your users' access to the web–and the browsers that surf it

Kurt Roemer
Chief Security Strategist at Citrix
+ 1 speaker
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 22, 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN190 - Secure your users' access to the web–and the browsers that surf it
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
234
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

Kurt Roemer
Chief Security Strategist at Citrix
Shaun Donaldson
Director of Strategic Alliances at Bitdefender

About the talk

Learn how an architecture including application virtualization and hypervisor-based security combine to create a virtual air gap between end user web resources while maintaining the desired web experience. In other words, this is 45 minutes to learn how you can sleep better at night. It's no mystery that the web is a dangerous place. The habits of workers, third parties and administrators accessing your web presence or using external resources often have frightening results. Drive-by downloads, watering-hole attacks, legitimate sites with rogue content: the list of threats is sadly as endless as the web. After decades of blame and weak directives, see how to offer more worker-focused web security technologies.Note: This session will be available for on-demand viewing post-event on Citrix Synergy TV.

Share

Hello everyone. I hope you're doing well today. My name is Sean Donaldson is he can see there and with the alliance's team at bitdefender? I've been there for about eight years. If you hear me say a couple of things funny it always cracks up Kurt. It's because I'm from Ottawa Canada. So I'll try to avoid saying a boat and words like that cuz but tends to confuse people and to my right is thanks John. Hi everyone. I'm Kurt Roemer cheap security office and really happy to be here this afternoon. We got a lot of interesting things to talk about

been with Citrix for 13 years. Now. I'm looking forward to you Tweeting this session. This is open content and will definitely get you a copy of the presentation afterwards as well. So Shawn I thought that we would do the session with just one slide. All right. Oh, okay. So we're going to very quickly go through the web threat landscape. It should not be anything terribly surprising the web is an interesting place Kurt will cover how browsers should be thought of as applications necessarily but more how they can be viewed as Frameworks all talk about how

isolated browsers won't cover. What isolated browsers me. I also need to be secured and then how that actually works what the underlying security that were applying in browser isolation how the actual mechanics are the come together and then bring it all together see how it works in action. There is a record a demo and what to do now. so Very quickly. This is one of my favorite quotes. I don't often quote analyst no offense Fanny analyst but this was from a

Gartner report and literally the first line in the report was the weather's assassin pull back and said I'm going to enjoy this report and indeed. It was a good thing. Now in today's everything is a service world. One of the challenges is so many of the productivity apps are today access via web browser web browsers that are sometimes used for other things as well users on the other hand. We can educate them as much as we want and indeed we can't blame and users. They will click on things attackers are very good at fooling end-users even

sophisticated and users. And none of what I've said so far should really be as interesting as those models make it appear. What we're here to talk about today is that there is a better way you can increase the security of the browsers and the plugins. They happen to be successful on their own and not isolate your end users from the website resources, which they demand access to and beyond that not increase the workloads of admins. So first very quickly the threat landscape.

These are the vulnerability friends over the last 10 years from about 6,000 to 16000 over the last decade. This should not be a surprise more code more vulnerabilities better techniques for 5 bring in finding vulnerabilities 2019. So far isn't looking any better. This is from nist. This is a really interesting one. It covers the types of vulnerabilities being exploited overtime. If you look at the far right you'll see a buffer errors and code injection. So to memory manipulation techniques Keep that in mind.

It comes up later this latest Intel processor vulnerability that was announced within the last week can also be executed from within a browser. So from within userspace, it's crazy and guess who's researchers found that at this point. We are beating a dead horse with this vulnerability information, but we know web browsers are always at the top of the list. I don't know how exhaustive how would you go through every version of every plugin out there to compile this sort of list. I mean, we all know intuitively from her own experienced a lot

of time attacks are coming in through browsers and plugins. Very familiar attack scenario if this looks surprising as it says kindly contact the authorities. So this should be very familiar. It's pretty rare for attackers to send malicious attachments or else now that way they can manipulate the attack code that lives on the server that they're controlling as soon as something get detected. They'll start fiddling with it change it and essentially the same

link will work when the end-user inevitably an end-user somewhere. It will click on the link that launches an exploit a vulnerability and their browser the plugins. If the attacker does not successfully they gain remote access that's how they got the initial foothold. What they do at that point. They could inject ransomware. They could drop command-and-control they could do a completely file this attack where they never write anything to disc. They just start attacking the next system over on and on and on the bottom line here is this is how

in one scenario they can gain that initial foothold on systems. This is what the demo will look like. So from the user view, it's essentially here's a link. Of course, you know, we stick a pretty innocuous looking Lincoln there. They're getting really sophisticated using characters from different alphabets that look kind of like characters in the alphabet we use but are different and on and on and on they're getting really really good at this. So over to you Kurt, yes little primer or a reminder as we go through

this what do people actually use browsers for well. Most of the should be rather obvious. So ubiquitous cat videos, we've got Facebook and other social media also great ways for malware to be injected to not safe for work content see a lot of that happening and that can cause legal issues as well as other other problems. I thought we were going to meet legal change that and other Rob communication and collaboration technology arbitrary links often times will

lead not just to shopping sites, but directly to ransomware and fishing and other things and then we also have increasing amounts of business applications that are driven through the browser and on top of that also the web consoles behind them. Anything that you do in the cloud is by definition through a browser. All of your Cloud Administration is through a browser increasingly. Everything you're doing is a highly privileged user is through browser see the problem. We're going to explore that a little further little further expansion on what

businesses are using browsers for I'm sure you could add substantially to that list. Don't just think of these as use cases that are lumped together think of these as use cases that demand a different level of security or different security method different verifications. How would you audit access to each of these how would you go through it investigated incident go through and look at the truck inspected. If you're just letting people run the browser that's on their laptop or device. How can you go through and control any of these these very critical functions and how can you audit

them? So don't think you use cases just as yeah. I need to let users use. There's a lot of administrative access back behind it. And the Brows are also is almost always completely over privileged in over configured your browser is set up to get to any type of resource use any certificate from the US from Canadia from anyplace house throughout the world. It's got all the browser Frameworks in plugins and everything else connected into it. It's connected to your registry. It's connected to your file system is connected

to your key store in your password stores. Think of all of the things that we have munged into the browser these days is definitely over privileged in over configured. Absolutely the things that we definitely need to solve it. I'll leave lead you to read the rest of these but one of the big things were going to focus on his control over resource delivery through the browser. Don't just thinking Browsers a nap as Sean said think of it as a framework and a framework for delivering resources. So what we're going to do is spend a couple minutes talking about

delivering resources through browser. And in order to do that. I want to introduce the four primary delivery methods. So if you're delivering any resource, you have four predominant methods you can go direct to the resource also called native access pretty easy. Somebody just pulled up their browser. They go to their favorites house or cloudapp. There's no intervening proxies or technology or filtering or anything. It's just that I'm going to the resource is that appropriate? Course it is but not for a high-security contacts. Right might be good for you to but they'll

for training or stuff like that. But the second method is proxies. So you've got forward to reverse proxies. They do content filtering scrubbing you can do rewrites redirect see some applicability with the browser there. There's a lot that a proxy can do with with browser-based functionality and remember browser proxies are not just networking technology proxies can be in a lot of places. You can have a proxy framework embedded in the browser and you can have proxies as part of your work space and is part of cloud services. So don't just think of them as a

piece of kid on the network. The third method for delivering resources is virtualization and particularly with the browser being able to virtualize your browser gives you a lot of functionality you otherwise wouldn't have today if somebody went home and they were running Office 365 or Salesforce or concur work day and one of the the very common app's how do you control their ability to print information to a printer and whether they can print their personal info but maybe not info that is related to customers are there teams are things that would involve intellectual

property. How can you control your clipboard? How can you control where they save information? How can you control whether they can utilize other peripherals within the environment and even if the webcam and microphone aren't need to turn them off by default. Well with virtualization you can very easily do that. That's why we see a lot of people using virtualization in a browser context. We're going to show more of that here in a second. And then the last deployment method is containerization. So the ability to have a container and when you hear

container is don't just automatically think doctor in kubernetes are very important. You also add mobile base containers, you've got project-based containers containers are used for offline access their used for delivery. They're used to help control deployment of resources, and we're going to increasingly see the browser used within this context. So it doesn't matter what type of resource you're delivering you're using one of these delivery methods Direct. Proxeed virtualized or containerized now these used to be something that you had to pick when you

were architect in the application. The nice thing is with the workspace. You can dynamically pick movies at the point of service. So if somebody is in a different situation or there's a different risk level you can pick the deployment method that makes the most sense for them. So you lysing situational awareness you can make sure that all access and usage is risk appropriate by using a combination of these methods. Let's take a look at that. But we did that on purpose because browsers are not just an app. They're very complex and they

really need to be considered as a framework on the left hand side. You got your local browser on the endpoint all of us have browsers. I'm many of our in points and many of the devices that we work with. There are times when it's appropriate to use that but remember often times at local browser is over configured and overprivileged especially for things like privileged access and administration. You don't want to rely on that. There's there's too much risk in using that browser by itself. You also have a lot of options for containerizing a browser on the endpoint and we've seen things like

bromium you got Microsoft and what they're doing with the edge browser and and embedding chromium in there. Even the Citrix workspace app has an embedded browser as part of it and you can consider that as a containerized browser to increasingly you've got ways to make the browser much more specific even as it runs on the endpoint and may be able to do some things offline in the middle are a lot of the resources that would be published through the data center. So you can deliver any of the types of browsers that you would need on Windows on Linux and we'll talk about the special

hbi thing here in a second and then way off on the right you got cloud-hosted browsers. We might think why would you want to host a browser out in the cloud? Well, you may have some non-strategic traffic that you just don't want on your network in the first place. You don't want to going across your network. You don't want it on your endpoints. You don't want it hitting any of your logs, but you need to use it examples are things like social media where maybe you want to give your employees and contractors access to social media, but you don't want it actually coming within the four walls. You

want to keep it outside might be good for investigations by the security team where they have to click on one of those bad links or something that suspect launch it out in the cloud. So it never touches your infrastructure. We've also seen those used in areas where you cannot do content filtering like libraries and prisons and other things within the US where you need to provide the service, but you really don't want that to be on-site. You don't want it interacting with the machine or the network. So very very interesting enough. What more on the slide that we can get into talking

through a lot of the the various aspects of whether you're going direct whether you're going containerized weather going virtualized or whether you're going through a proxy? So when you think about browsers think about all the different ways that you can deploy them in the benefits for usage and administration and then we get to the fun part that Sean had to make sure is going to flash on the slide at least. I didn't find the blink tag. So yes hypervisor introspection. This is really where were when you think about the four pieces of the framework. We're

concentrating on virtualized browsers here. And the reality is there isolated. They're not running on the end-user system, which is that's good. That's really good, but they're not necessarily secured. So a browser running within a virtualized container basically Citrix and Virtual Lab I'm probably going to say xenapp to change the name again, and I don't think I'm alright though. It's running in an isolated session. I can still be compromised. And so

the question is and this was a direct parallel to non-persistent vdi. What are you willing to sacrifice during the. Of time that is compromised until it's destroyed Andre instantiated East-West attacks. Obviously, if an attacker has gotten onto the low-hanging fruit, they're after something else or potentially are after something else. So they're going to use that as a foothold in the environment to move on to other systems. So even if you can reset that system the attacker may already be on another box

also and end this goes back to your conversations with kiosk vendors years and years ago is compromised once and then Night at midnight you reset the thing. So that means you're willing to sacrifice being compromised for 11 hours 59 minutes a day. That doesn't really sound ideal to me. It's funny you bring that up because you see some developers these days relying on that old kiosk model putting the browser for microservices in a container and just refreshing it when things mess up that can cause problems to write. Oh absolutely and we know once an attacker can get in there.

They'll just keep doing it over and over again. So what is hypervisor introspection the quick overview of it? We have the Citrix hypervisor down at the bottom. If you guys are into the Zen project there something called virtual machine introspection that has been in there. We have Defender put a lot of work with the Zen project folks into extending that essentially putting it on steroids as it's been rolled up into the Citrix hypervisor the commercial name. direct inspect apis What does that mean? What that is is it

gives our security Appliance in this is an open API anyone can can code against this any security vendor can it's only Defender that is done. So our security Appliance essentially can access the raw memory of running virtual machines without having to touch those virtual machines. So we're running outside and do the access that the hypervisor gives us. We can see everything that is occurring within the memory of running virtual machines. So pretty cool and there are some implications about it that will briefly cover I could go on all day just about

that piece, but it's actually what we're looking at is if somebody attacks ever Collide browser any virtualized and since we see that we got the alert we know what is happening. We can block that we can report on it we can even if I want in Jack's clean up tools and get rid of that problem. Now the cleanup tools that's really over kill again. We're looking at the point of exploit if we're blocking the exploit the attacker doesn't get that initial foothold on the system injecting cleanup tools as a way to say. Okay, we

know something's going on. Let's just be sure let's basically look at the entire system in a more traditional way. How does this really work? How does a actually detect these things? So quite often because bitdefender is known mostly as an anti malware Company. Please don't say antivirus defense us a different approach. So essentially first, what's it based on I mentioned VMI under the hood. It's using Intel extension. So this is going right down to fertilization instruction sets on the silicone and it allows their party appliances to get privileged access to memory. The

appliance itself is running in a privileged space essentially. We register rules with the Citrix hypervisor that allows us to trap certain event. So what do I mean by that and you know, I'm simplifying this to make it. Unreadable, especially here were talking about a buffer overflow. So somebody forgot to do balance checking you stuff way more data into a certain parameters and should be there. That means you can write memory that is beyond what should be allowed for that particular parameter. And if you do it, right you can execute something. So essentially

what you're doing is you're over running the buffer in Heap to execute your code again, most of the time you're probably going to crash the process maybe with crash the Box by attackers have all the time in the world. They eventually if they get it, right they can take advantage. Now what we're doing with HBO eyes were saying, hold on. That particular piece of memory is read right? Why is something trying to execute on it? We don't care what the vulnerability is. We certainly don't care what the specific exploit is. We just know someone

is trying to commit a memory violation to produce unexpected results by in a buffer overflow case. The ultimate goal is to run code on a system remote code execution and gained control it is we don't care what the boner ability is anybody in here have folks within your organization that develop web apps for contractors. You hire to develop web apps. Will it be kind of cool for them to have those to be able to take a look at what's going on debug the application be able to get the running State and

even when it's crashed be able to reset it instantly and then try the attack again and see exactly what's happening as their lives making modifications to the code. How much developer perspective this is tremendous how about security teams anybody in here from a security team? So what if you got something that is coming in that, you know is causing major problems, but it's not being highlighted anywhere. You can redirect it over to this system and because of in memory forensics be able to see exactly what is being targeted against your organization be able to see why it's

Unique and be able to develop some medications for it. These are a couple things most people don't talk about but I see is being a very core value and Sean goes to hear you. He just wanted to say, you know people don't care if they do care. That's why we want to make sure you saw and they can go through and help you look for any in memory violations. It's that this technology can be used for so much more than just security incidents and malware. Absolutely, absolutely. And there is good forensic data

that gets pushed out. But certainly the point of not having prior knowledge of the exploit or the vulnerability is something that our customers enjoy when wannacry first started hitting we weren't that surprised because as soon as we saw external external heater, no blue thing. We did was say, hey guys, it definitely does a blog post three weeks later wannacry hit I want to watch right? It could not spread across their networks because I add HBO I installed so

it it's having no a priori knowledge of the exploit or the vulnerability. Just seeing if a buffer overflow. I'm going to stop it. That means going back to you. It's not answering our at the hypervisor level. We're looking for attack techniques attackers use the same techniques over and over again in this is so much more efficient than looking for known bad or trying to whitelist. No one good. Those are valid approaches, but we all know they have their limitations attackers only need to succeed. Once where is Defenders need to succeed every single time. So if we can take

these attack techniques out of their hand buffer overflow heatspray code injection function tutoring. There's a whole bunch more of it not going to go through an exhaustive lit. We're really raising the bar on the cost of attack if they can't use buffer overflows. That's really painful for the attacker. Another piece is this security is actually isolated from what is being protected. So because the virtual Appliance is running at a higher level of privilege and obviously where we're getting the information the

hypervisor. Is that a Hardware in Forest higher level of privilege. That means we are isolated from what is being attacked. When you're running within a VM, what is the first thing the attacker does turns off the security or otherwise obvious case itself to hide from the attack? We see that all and we're not affected because where we don't have a footprint within the VM to attack. So this is really Bridging the Gap between contacts and isolation. That's another concept I could go on and on about

but let's just say is classic security problem is my network IDs IPS or my web app firewall is painful to configure because it has zero contextual awareness of what's going on within the VM where I was if I'm in the VMI great contextual awareness, but I have zero isolation. So I'm susceptible to attack in the same way everything within that VM is susceptible to attack in Hindi. I'm using OSAP eyes within the VM to protect the OSAP lies within the so this is a great way of getting complete contextual awareness, but still

being isolated from what is being protected. Guy would say as we're getting into the demo one thing to keep in mind. No, Sean didn't show that this is any workload that would run on top of the hypervisor and I'm so you've got tons of different were close current application told her applications that can't be patched an updated. You can run a browser server on top of it. And that's one of the main things that were talking about here is being able to run a browser server and being able to do re directions from email arbitrary links from just people who click and open

up a browser open up Facebook. Click on the link for Salesforce. You can have it go to the service and have it be able to protect the levels that Sean was just talking about and what you're about to see in the demo. So we're focusing on web browsing today, but there's a lot more that you want to stop by and see you later. Absolutely and and I've seen a lot of very worried admins, especially Healthcare finance places like that who have to publish i-86 Like that must really, you know lead to some 2 a.m. Sweats. So let's see what this thing looks like

in action. Top hits offender browser isolation, which is a specific solution running on top of Virtual Lab. So of course little thing from ponymon, there was like to throw big numbers out there. No surprise. We know web browsers are a problem. So there's not user view attack review. You're going to see some, you know, welcome to the Matrix stop. The bottom line there is when they clicked on the link, they talked to the web server. Now the attacker is running within the context of The Flash Player and they

have full admin on that box. You can see that they just downloaded secret docks in that case are just pulling information officer never going to write anything to death. So what is there to look for the whole problem is? Liam users are running browsers with in there and point. So that means that entire endpoint is infected now again, but with browser isolation running with hypervisor introspection, they didn't get us a ship write the best security is exciting because nothing happens. So again, we're wrapping those virtualize

browsers with in browser isolation applying younique security unique capabilities of the Citrix hypervisor to protect those browsers in ways that are not possible with other approaches. You could have perfect Hardware perfect OS patched and up-to-date perfect browsers running on there as well. This was a boner ability Flash. West with most shop men's is saying hate. Okay, you're running on a hypervisor that is not Citrix hypervisor that's reality and I've had two admins go while you're not so if you think I'm going to move this entire thing on tube Citrus hypervisor

and our messages. Well, let's let's first talk about isolating browser execution. You're already doing that. But let's talk about the most vulnerable end-users. Maybe it's people in HR departments because they're dealing with a lot of inbound stuff a lot of PDFs. I don't think people are sending any flash resumes these days we have but you never know web design is a crazy crazy place. So they are very vulnerable folks and finance very vulnerable. Mahogany Row the sea levels perhaps if it's a large

manufacturing there could be intellectual. Property things like that their users and their situations and this goes back to the framework. We're in certain cases. It's appropriate to have those users browsers or specific browsers or browsers matter accessing specific resources. Do it via this setup via browser isolation running on top of Xanax. Another Advantage, which I covered is you gain contacts without sacrificing isolation and that don't sacrifice isolation works both in the context vs isolation security dilemma, which this resolved but it also works

in the end-user dial Emma. Not every end user needs to access Facebook, but they do need to access a lot of resources at their that you don't own you don't control you cannot trust. And then there also accessing your internal resources, which you own and you hope to protect with potentially the same browsers from the same system. So you need to allow that access don't isolate the end users but isolate and secure where those browsers are running. How do you get started? It's pretty simple. We have

Management console. We call gravity zone. Of course. If it depended we do a whole lot more be on browser isolation. But within gravity sooner Management console add xenserver that pulls in your hierarchy your inventory in the whole structure that's in there. Set up an HPI policy in this case. What applications do you want it to apply to be on protecting kernel memory. And by the way, if you have other security tools running Within These instances, we protect the drivers

that run the security tools. That's just another tech box rust obviously in this case you'd be going with protecting browsers. And that's really it is pretty straightforward. I think the biggest step is planning it out figuring out which users which URLs which browsers. Do you want to be published in this high security browser isolation environment and planning that an actual implementation standing up a couple of xenserver instances and configuring gravity Zone in hypervisor introspection against them. Is you know I'm

warning not not not at all. We've got a joint white paper that we develop that goes through in detail how to do this. What are the considerations how to configure the environment and Oceanside even if you're you're running VMware you're running hyper-v, you you're running another hypervisor. It's very simple to stand up then server for just this type of solution and not be able to utilize it within the other environments probably key takeaways perspective. We want to make sure that you were thinking of some of the areas that would benefit know you're highly privileged

users people who have privilege with an it within your security organization know your network administrators and people who manage your certificates hold the SSH keys, but also privileged users that exist in other parts of the yard legal HR. People are privileged to wear outside the organization. Maybe you have suppliers coming in and you're really concerned because you don't own the systems are coming in from you want them to hit a very pristine browser and you want to make sure that as they're getting access maybe even through email or another collaboration

platform that any link any file that happens to have embedded URLs any image that happens to have been better. You are all is handled appropriately. I've even heard about the reverse case where you on the application, but you don't trust the systems that that your end users external and users are accessing your application through so you basically provision to them Citrix Receiver and they're accessing via a remote browser that you're protecting. So you don't care about the security state of you know, Grandma's computer that is being used to access your very sensitive

application. So it can also be on the inbound side. Arbitrary links perspective, you know within the workspace you can obviously redirect those arbitrary links. Do you wear El filtering uip reputation? You can go through and do content scrubbing you can watch it in a virtualized browser cloud-hosted browser. You can also have your arbitrary links go over to HPI for further inspection and as you've heard even if it's something brand new that nobody else in the malware Community has seen before if it causes an in-memory violation, you're going to see it. You're

going to be able to snapshot it you're going to be able to stop it which you probably want to do remediate it and you're also going to be able to go through and perform some forensics against it and that's why I said this is also very appropriate for security teams because in addition to the protections you get a lot of visibility you otherwise wouldn't have it helps you click on those links where you know, you've got to look at something from an investigative perspective and you don't have your Chrome. Look in front of you or something else that you can trust at a pretty high level and

would otherwise reset and to me one of the other core areas as developers. This gives a lot of very rich information and developers and continuing to develop browser-based apps mobile apps on a lot of microservices funnel it through HPI so that you get a much better picture of what's Happening. Maybe there's something that the OS just kind of stumbled over it tripped, but you never really saw it and went into a log somewhere or maybe didn't and it's something that might be a problem later on a very very slow leak. For example, this is going to show it other

Solutions are not going to give you that level of visibility cuz it's looking from outside without any desk agent. So that's why we're pretty excited about it. We've got a lot of great customer success stories and happy to share those. Absolutely. So I guess in in closing before we get to the Q&A and and they requested please use the microphone because It is the audio is being recorded. So we don't want your question laws come by the booth. And anyone not know where the bitdefender booth is. It's a good-sized booth. Okay. I'm glad to see that. I wanted escort anyone down to the show floor

right now, but it is a good-sized booth stop by we have a lot of people are much smarter than I am at the booths who can answer any in-depth. You can also explore all the other fun stuff that bitdefender is doing Beyond hypervisor introspection and the browser isolation. So is that I think we are either confused everyone. They just appreciate getting done early Brian man there so many tools out there and so many security vendors and you're bringing another solution in that could add

complexity. I wish things could lead to more risk, where could you reduce that? You know, we're just reduce the complexity. Is it on the network side? Is it on a different malware protection side? Where is that reduction in complexity do to maybe show more value of this solution. The most significant area is that this is an entirely different approach by leveraging the hypervisor and this is something it and I've always been kind of curious about this because as virtualization is taking over the data center expected that there would be a lot of security

vendors looking at the stock and going how can we actually take advantage of this rather than how do we re architect anti-malware to not have such a huge performance hit? What what many have done so really it's a brand new approach, but it is complementary to the existing approaches. So we're looking at memory with this within an endpoint. You still want to do file system scanning friends since but we can protect the drivers within the endpoint that are doing the file systems scanning. So I wouldn't look at it as bad as

adding more complexity. It is certainly another layer of security that is protecting things that are higher in the sky directly complementary though. So I wish I could say Hey, you could rip out all these other Security Solutions and just use this but as a security guy, you know, if anyone ever says that to you to shake your head in and say thank you for meeting with me and let them let them go for a reason. Maybe you're in a PCI environment you have to have them but this does You some additional tools where else you going to get this level of browser protection where

else you going to get the visibility in memory of events where else you going to be able to redirect arbitrary links that otherwise were tripping up others. It could also be a fun tool to go through and test some of your testing Tools in your QA and some of the other anti-malware Solutions out there to be able to see here. What's what's getting through what's not getting through? Anyone else going once going twice? So does this also support Pub list of virtual desktops as well as virtual apps get

that has yes, we have a specific solution because the case for around browsers is quite simply so compelling and people absolutely they understand it. And so we have a specific Lesage solution for that. The underlying mechanisms are basically the same the broader hypervisor introspection solution yea databases video and so on and so forth. You can apply protection there. Right agent list or is there an agent that goes on the VM? I love that question. Okay. So it's a really great marketing turn that

damn war came up with what it really describes is re-architecting antimalware. So to say instead of putting a full sentence in each and every vdi in Spencer virtualized and since we're going to pull off as much as we can and run it as a single copy within a virtual appliance that really does a scanning so it has the engines all the threat until and all that. They're still needs to be a communication Point file system drivers and a few other things but you've taken out all the heavy stuff that needs to be updated a lot. So that gives you tremendous performance

benefits, but there is still something that needs to be in there in the case of VMware. It's embedded within vmtools. They say agent list because from a security vendor perspective you don't need necessarily install something within the VM every security vendor does ultimately layer something on on top. So it's agent list from the perspective of the security vendor doesn't necessarily have to install an agent but they're still a piece there. Defender happens. We do in a great with with NSX including dashti. We also have a version that is

agnostic at the underlying hypervisor in which case that tool set the file system drivers in the communication point or bitdefender software. So there's still a small footprint in there. Hypervisor introspection on the other hand. There's absolutely no software footprint within the VM that you're protecting. So anytime there's a memory call with send a VM the supervisor the operating system says, hey, I'm going to talk to you what is actually virtualize Hardware which is the hypervisor and it says I'm going to actually do stuff in the hardware there were down at that layer

with our inspection so we can see everything that goes on within the VMAs without having to touch them so completely isolated but still back in touch with awareness. Thank you for that question because I I love her to blowing up the agent must marketing term attending enjoy the rest of synergy and now stop by the bitdefender booth. There's a lot more that can be shown.

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN190 - Secure your users' access to the web–and the browsers that surf it”
Available
In cart
Free
Free
Free
Free
Free
Free

Access to all the recordings of the event

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “Software development”?

You might be interested in videos from this event

September 28, 2018
Moscow
16
129
app store, apps, development, google play, mobile, soft

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN190 - Secure your users' access to the web–and the browsers that surf it”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
525 conferences
20515 speakers
7489 hours of content