Contain and Isolate Ransomware with Citrix and Microsoft 6/12/2018 9:26 PM THR3086 Contain and Isolate Ransomware with Citrix and Microsoft Florin Lazurca Citrix Technical Security Strategist © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The world is under attack. 74% 80% see need for new security framework worry about data breaches Cyber Security The world is under attack. 49% $1 trillion feel they can reduce risk of DDoS or ransomware attacks spent on cyber security by 2021

Credit: Symantec

6/12/2018 9:26 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

WannaCry: 230k Hosts infected NotPetya: 15k servers, 50k endpoints at one organization

To Pay or Not to Pay? Tactically – may be the only viable option Paying or not paying the ransom incurs a cost Rewards criminal activity Strengthens the incentive for such attacks throughout the industry No guarantee of recovery - “boneidleware” and “leakerware” Paying should not be Plan A

3-2-1 Rule Have at least three copies of your data 6/12/2018 9:26 PM 3-2-1 Rule Have at least three copies of your data Store the copies on two different media Keep one backup copy offsite © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How Microsoft Helps

Hyper-V 2016 Security Capabilities Secure Boot vTPM BitLocker Virtualization Based Security Credential Guard Device Guard - Code Integrity

Virtual Secure Mode Features Credential Guard Protects against “Pass-the-HASH like” attacks Leverages nested Hyper-V and vTPM (VSM) Device Guard Provides a “White List” of valid code for execution

Hyper-V enhancements – Shielded VMs Security value based upon separation of admin responsibility – hypervisor vs. workloads

How Citrix Helps

Citrix Secure Digital Workspace Software-Defined Perimeter Unified Experience “BYO” Identity Single Sign-on Contextual Access Unified Endpoint Mgmt. App Ops Users Secure IT Contextual Performance Legacy/ Custom Apps Content Control Security & Performance Analytics

Strategic Approach Publish virtualized, sandboxed, and hardened browsers Shield web app users and keep sensitive data off the endpoint Publish email clients to prevent email-borne ransomware Protect mobile devices using: containerization, encryption, blacklists and whitelists, and device compliance checks Protect data with an enterprise grade file sync and sharing service, enabling quick recovery

It's time to isolate your users from the internet cesspool with remote browsing Gartner published: 30 September 2016 ID: G00315285 Analyst(s): Neil MacDonald

Internet Separation Threat Mitigation Resource Location On-premises Internet SaaS Confidential Browser Intranet Internet NetScaler Secure Web Gateway Web filtering SmartAccess & Federation NetScaler Gateway XenApp Web App Firewall Hypervisor Intranet

Virtualized, sandboxed, hardened email client Resource Location On-premises Internet SaaS Secure Outlook NetScaler Secure Web Gateway Web filtering SmartAccess & Federation NetScaler Gateway XenApp Web App Firewall Hypervisor Intranet

Containerize mobile data and apps NetScaler Data XenMobile ShareFile

Security-driven design Network XenApp Farms Apps Data XenApp Sensitive Data Desktops Application 1 XenApp Sensitive Data NetScaler Application 2 Thin Clients XenApp Common Data Branch/Call Center Kiosks Various Applications Common Data Common Data Service Management Monitoring Analytics Automation Provisioning Devices

Protect data with an enterprise grade file sync and sharing service

Encrypted file by ransomware How ShareFile can help Ransomware Use Cases How ShareFile helps Encrypted file by ransomware Ransomware Detection ShareFile versioning helps store history even if the file is renamed ShareFile supports recovery from ransomware after the endpoint device is remediated (Powershell script) Configure sync on file format (registry) ShareFile Desktop App (no file sync) ICAP integration popular Malware and Antivirus solutions for on premises storage API integration with cloud security platforms that offers Multiple AV engines Malware sandboxing solutions Predictive and AI detection Macro and embedded malicious code detection

Hardening Best Practices Educate end users Don’t run applications or desktops in administrator mode Disable macros and active content Move from blacklisting to whitelisting Sandbox the email client and browser Harden the OS and critical applications

Please evaluate this session Tech Ready 15 6/12/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.