• Home

  • Documents

  • Citrix and Qualys - Vulnerability Management and Policy
4
Citrix and Qualys | Solution Brief Citrix NetScaler Application Firewall With Qualys Web Application Scanning citrix.com

Citrix and Qualys - Vulnerability Management and Policy

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Citrix and Qualys - Vulnerability Management and Policy

Citrix and Qualys | Solution Brief

Citrix NetScaler Application Firewall With Qualys Web Application Scanning

citrix.com

Page 2: Citrix and Qualys - Vulnerability Management and Policy

Citrix and Qualys | Solution Brief

Web based applications have become predominant in the enterprise data center. They allow sophisticated applications to run from virtually any PC, netbook, tablet or smartphone. They are generally easier to use, lower cost and faster to deploy than traditional client side applications. To allow these web applications to run, the network ports through which the web application traffic flows are configured to be open (allowed) on a standard firewall. Unfortunately, over 70 percent of successful attacks now exploit application vulnerabilities using these open ports. To mitigate these vulnerabilities, a Web Application Firewall (WAF) is now a necessity for all enterprise data centers. WAFs secure the web applications and communications by blocking the attacks that traditional firewalls are not designed to protect against.

How Applications Are AttackedWhile it is appropriate to allow bona fide users to access web applications, neither users nor hackers should be allowed to abuse the access given. Unfortunately there are often vulnerabilities in web applications and attackers exploit these vulnerabilities. By sending data in a web page URL that causes the backend application to malfunction, the attacker can gain control of backend resources such as databases. The potential fallout of a data breech in a large enterprise can be devastating. Millions of dollars are lost, and companies have been forced out of business from such attacks.

Protecting Applications Against Attack with NetScaler Application FirewallCitrix® NetScaler Application Firewall is a comprehensive ICSA certified web application security solution that blocks known and unknown attacks against web and web services applications. NetScaler Application Firewall enforces a hybrid security model that permits only correct application behavior and efficiently scans and protects known application vulnerabilities. It analyzes all bi-directional traffic, including SSL-encrypted communication, to protect against a broad range of security threats without any modification to applications.

2

citrix.com

Page 3: Citrix and Qualys - Vulnerability Management and Policy

Citrix and Qualys | Solution Brief

Below are the key protection tactics employed by NetScaler Application Firewall:

• Cross-Site Scripting

• Cross-Site Request Forgery

• SQL Injection

• XML Security

• Buffer Overflow

• Data Theft

Customization of the WAF rules to match applications allows attacks to be identified and blocked. The effort and knowledge to manage this rules set however can be time consuming. The rule set needs to be reviewed often and always when a back end application system is added or modified.

To keep the WAF up to date, there are two steps needed. Firstly to identify the vulnerabilities of all applications both hosted in the enterprise and those hosted off site. Second is to update the WAF policies to protect against any identified vulnerability.

Keeping these two in sync and being sure that the right policies are in place can be a challenge.

Understanding Application Vulnerabilities with QualysQualysGuard Web Application Scanning (WAS) identifies web application vulnerabilities that can then be used to automatically create rules for the NetScaler Application Firewall to prevent malicious users from exploiting the vulnerabilities. Thanks to this integration, customers can quickly mitigate the vulnerabilities discovered by QualysGuard WAS with NetScaler Application Firewall and reduce the risk exposure of the business supported by the vulnerable web applications.

Web application scanning helps to identify vulnerabilities that are traditionally fixed by developers with patches. The problem is that it can take days or weeks to deploy the patches in production and that leaves the web applications vulnerable to attacks if no other counter measure are taken.

The integration of QualysGuard web application vulnerability scanner with Citrix NetScaler can be used to quickly protect the web applications while application developers takes time to assess the risk and implement the best application level controls or patch to remediate the application.

By using the QualysGuard WAS scan results to create virtual patching in Citrix NetScaler WAF for the application, the window of risk due to the vulnerability is closed in a much shorter period of time than with the traditional approach.

Citrix NetScaler Application Firewall combined with Qualys WAS simplifies the complexity and reduces the risk of error while delivering cost reductions. This is achieved by:

• Reducing the resources required to perform web application security tasks by automating the vulnerability assessment of all web applications.

• Leveraging the Qualys elastic cloud platform that removes the burden of installing and maintaining software.

• Enabling collaboration between and organization’s application security stakeholders.

• Performing WebApp scans hosted inside the network or outside of the organization without deploying additional physical of virtual scanners.

3

citrix.com

Page 4: Citrix and Qualys - Vulnerability Management and Policy

Citrix and Qualys | Solution Brief

Summary of the Benefits from Qualys and Citrix NetScaler IntegrationThe Citrix NetScaler Application Firewall integration with QualysGuard provides the following benefits:

• A scalable and highly automated web application scanning with QualysGuard that provides insight to increase the Citrix NetScaler Application Firewall level of detection based on the actual vulnerabilities detected.

• Eliminates the need to have access to the web application development team in order to create a “virtual patch” on the application itself or any underlying system.

• Quickly protects against identified web application vulnerabilities without involving or impacting application development timelines.

• Reduces the exploitation time window by ensuring organizations take the time to create to best application level controls instead of rushing out an untested patch that may cause other problems to the web application.

• NetScaler Application Firewall protects web servers without degrading throughput or application response times. It blocks application-level and other attacks, at over a gigabit per second throughput.

• NetScaler Application Firewall hybrid security model blocks all known and day-zero application-layer attacks. Web application behavior deviating from normal application use is treated as potentially malicious and blocked. A second level of protection is provided through the efficient scanning of thousands of automatically updated signatures.

• NetScaler has many other security features providing a multi-layer security model.

citrix.com

Corporate HeadquartersFort Lauderdale, FL, USA

India Development CenterBangalore, India

Latin America HeadquartersCoral Gables, FL, USA

Silicon Valley HeadquartersSanta Clara, CA, USA

Online Division HeadquartersSanta Barbara, CA, USA

UK Development CenterChalfont, United Kingdom

EMEA HeadquartersSchaffhausen, Switzerland

Pacific HeadquartersHong Kong, China

About Citrix ReadyCitrix Ready identifies recommended solutions that are trusted to enhance the Citrix Delivery Center infrastructure. All products featuredin Citrix Ready have completed verification testing, thereby providing confidence in joint solution compatibility. Leveraging its industryleading alliances and partner eco-system, Citrix Ready showcases select trusted solutions designed to meet a variety of business needs.Through the online catalog and Citrix Ready branding program, you can easily find and build a trusted infrastructure. Citrix Ready not only demonstrates current mutual product compatibility, but through continued industry relationships also ensures future interoperability.Learn more at www.citrix.com/ready.

About PartnerLorem ipsum dolor sit amet, an has convenire erroribus. Est et minim adolescens voluptaria, vitae legendos gubergren no cum, quo at error propriae lucilius. Ad eum nostrum vivendum, at nec inermis similique. Quod graecis inimicus nam eu, id mei epicuri adipisci similique, per no modus omittam lobortis. Id qui meis mediocritatem

©2012 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix Receiver™, HDX™, CloudGateway™, XenDesktop®, XenApp™, NetScaler® and XenVault™ are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners.

4


Qualys Vulnerability Analysis Plugin for Jenkins · About the Vulnerability Analysis Plugin for Jenkins ... CoreOS, and various orchestrators and cloud environments, ... This plugin

Qualys Vulnerability Analysis Plugin for Jenkins · About the Vulnerability Analysis Plugin for Jenkins ... CoreOS, and various orchestrators and cloud environments, ... This plugin

Documents
Qualys Management Service Descriptions

Qualys Management Service Descriptions

Documents
Qualys Container Security User Guide · Qualys Vulnerability Analysis Plugin for Jenkins ... Docker provides a simple way to build new images or ... Azure Container Registry or Google

Qualys Container Security User Guide · Qualys Vulnerability Analysis Plugin for Jenkins ... Docker provides a simple way to build new images or ... Azure Container Registry or Google

Documents
Vulnerability and Configuration Management Best Practices for State and Local Governments Jonathan Trull, CISO, Qualys, Inc

Vulnerability and Configuration Management Best Practices for State and Local Governments Jonathan Trull, CISO, Qualys, Inc

Documents
Ethical Hacking and Countermeasures Course Contents.pdf · Best Practices for Selecting Vulnerability Assessment Tools ... Vulnerability Assessment Tools o Qualys Vulnerability Management

Ethical Hacking and Countermeasures Course Contents.pdf · Best Practices for Selecting Vulnerability Assessment Tools ... Vulnerability Assessment Tools o Qualys Vulnerability Management

Documents
Cloud Platform 2.37 API Release Notes - Qualys...Qualys Cloud Platform v2.x 2 The Qualys API documentation and sample code use the API server URL for the Qualys US Platform 1. If your

Cloud Platform 2.37 API Release Notes - Qualys...Qualys Cloud Platform v2.x 2 The Qualys API documentation and sample code use the API server URL for the Qualys US Platform 1. If your

Documents
Laboratorios VM Qualys 2

Laboratorios VM Qualys 2

Documents
Qualys Cloud Platform (VM, PC) v8 · 2019-11-15 · This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance

Qualys Cloud Platform (VM, PC) v8 · 2019-11-15 · This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance

Documents
NOVEDADES - Qualys€¦ · soluciones de seguridad en la nube de Qualys”, resalta la compañía. Qualys Patch Management (PM) Asimismo, la recién introducida aplicación de gestión

NOVEDADES - Qualys€¦ · soluciones de seguridad en la nube de Qualys”, resalta la compañía. Qualys Patch Management (PM) Asimismo, la recién introducida aplicación de gestión

Documents
Vulnerability analysis of 2013 SCADA issues · Vulnerability analysis of 2013 SCADA issues Amol Sarwate Director of Vulnerability Labs, Qualys Inc. ... Wired or wireless communication

Vulnerability analysis of 2013 SCADA issues · Vulnerability analysis of 2013 SCADA issues Amol Sarwate Director of Vulnerability Labs, Qualys Inc. ... Wired or wireless communication

Documents
Qualys Cloud Platform (VM, PC) v8 · This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance. Qualys Vulnerability

Qualys Cloud Platform (VM, PC) v8 · This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance. Qualys Vulnerability

Documents
Qualys Container Security User Guide...3 Table of Contents About this Guide..... 5 About Qualys ..... 5 Qualys Support

Qualys Container Security User Guide...3 Table of Contents About this Guide..... 5 About Qualys ..... 5 Qualys Support

Documents
Vulnerability Management...As enterprises adopt cloud computing, mobility, and other disruptive technologies for digital transformation, Qualys VM offers next-generation vulnerability

Vulnerability Management...As enterprises adopt cloud computing, mobility, and other disruptive technologies for digital transformation, Qualys VM offers next-generation vulnerability

Documents
Secure your mobile devices - Qualys...QUALYS SECURITY CONFERENCE 2020 Secure your mobile devices Secure Enterprise Mobility (SEM) Jimmy Graham Senior Director, Product Management Qualys,

Secure your mobile devices - Qualys...QUALYS SECURITY CONFERENCE 2020 Secure your mobile devices Secure Enterprise Mobility (SEM) Jimmy Graham Senior Director, Product Management Qualys,

Documents
Qualys Scanner Appliance

Qualys Scanner Appliance

Documents
Critical Citrix Vulnerability - SANS Institute

Critical Citrix Vulnerability - SANS Institute

Documents
Qualys guard rollout guide

Qualys guard rollout guide

Technology
Qualys Supports Sans 2014

Qualys Supports Sans 2014

Documents
Unified Web Application Vulnerability Assessment and ... · Unified Web Application Vulnerability Assessment and Virtual Patching with Qualys and Imperva In order to protect critical

Unified Web Application Vulnerability Assessment and ... · Unified Web Application Vulnerability Assessment and Virtual Patching with Qualys and Imperva In order to protect critical

Documents
Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Documents
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys

Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys

Software
2016 State of Vulnerability Exploits - Where The World ... · PDF file2016 State of Vulnerability Exploits. ... citrix. debian. d-link. elasticsearch. fortinet. ... ericsson. feedwordpress_project

2016 State of Vulnerability Exploits - Where The World ... · PDF file2016 State of Vulnerability Exploits. ... citrix. debian. d-link. elasticsearch. fortinet. ... ericsson. feedwordpress_project

Documents
Qualys WAS Integration for ServiceNow Vulnerability

Qualys WAS Integration for ServiceNow Vulnerability

Documents
Introducing Qualys · Introducing Qualys Bringing the #1 Vulnerability Management solution to the next level All-in-One Vulnerability Management, Detection and Response . Discover,

Introducing Qualys · Introducing Qualys Bringing the #1 Vulnerability Management solution to the next level All-in-One Vulnerability Management, Detection and Response . Discover,

Documents
Penetration Testing and Vulnerability Scanning · Guide for Implementing HIPAA ... • Rapid 7 Nexpose - commercial • Qualys –commercial ... DNS Admin Clemson University Clemson

Penetration Testing and Vulnerability Scanning · Guide for Implementing HIPAA ... • Rapid 7 Nexpose - commercial • Qualys –commercial ... DNS Admin Clemson University Clemson

Documents
Vulnerability Analysis of 2013 SCADA issues  Amol Sarwate Director of Vulnerability Labs, Qualys Inc

Vulnerability Analysis of 2013 SCADA issues  Amol Sarwate Director of Vulnerability Labs, Qualys Inc

Documents
Citrix and Qualys · Citrix and Qualys | Solution Brief Below are the key protection tactics employed by NetScaler Application Firewall: • Cross-Site Scripting • Cross-Site Request

Citrix and Qualys · Citrix and Qualys | Solution Brief Below are the key protection tactics employed by NetScaler Application Firewall: • Cross-Site Scripting • Cross-Site Request

Documents
2015 Industrial Control System Vulnerability Trends · SESSION ID: #RSAC Amol Sarwate 2015 Industrial Control System Vulnerability Trends SEC-F04 Director of Vulnerability Labs Qualys

2015 Industrial Control System Vulnerability Trends · SESSION ID: #RSAC Amol Sarwate 2015 Industrial Control System Vulnerability Trends SEC-F04 Director of Vulnerability Labs Qualys

Documents
Overwhelmed By Security Vulnerabilities? Learn … · Overwhelmed By Security Vulnerabilities? Learn How to Prioritize Remediation Amol Sarwate Director of Vulnerability Labs, Qualys

Overwhelmed By Security Vulnerabilities? Learn … · Overwhelmed By Security Vulnerabilities? Learn How to Prioritize Remediation Amol Sarwate Director of Vulnerability Labs, Qualys

Documents
Implementation Best Practices by David French – Technical Account Manager, Qualys Inc. Deploying Vulnerability Management and Policy Compliance on a Global

Implementation Best Practices by David French – Technical Account Manager, Qualys Inc. Deploying Vulnerability Management and Policy Compliance on a Global

Documents