Amidst all the hype and hysteria around the WannaCry ransomware attack, I read an interesting and grounded piece by Citrix’s Martin Zugec explaining why Citrix customers weren’t affected, and I wanted to summarise his key points for you.
As attacks of this nature continue to increase, Martin’s blog serves as a timely reminder of the benefits of a strategic approach to end user computing. Despite its huge impact, WannaCry was surprisingly low-tech – and the next major exploit may be more sophisticated and more difficult to counter.
Some of the reasons Citrix customers weren’t affected are the traditional advantages of VDI/RDS: single image management to quickly patch all systems, non-persistent machines for fast recovery, centralised management to improve response times, and if everything else fails, prompt disaster recovery and failover to a backup data centre. But as Martin details, it goes further than this.
Firstly, Citrix has developed a solution that protects against the initial infection, from phishing or web browsing. This is based on using XenServer as a hypervisor. XenServer includes a security feature called XenServer Hypervisor Introspection, which helps security companies block attacks.
After one computer is infected, ransomware typically spreads around the network by exploiting a vulnerability in the SMB protocol. Citrix XenApp can help block this, by providing a middle man between applications (and their data) and endpoints (and thus the Internet). This isolation can halt the attack, or at least contain it within an isolated zone where it’s easy to destroy.
If the worst does happen, ransomware will lock you out of your system or encrypt your files. Having reliable, up to date backups is the key to recovery. To achieve this, Citrix ShareFile can be invaluable, as its versioning functionality keeps multiple copies of each file, enabling you to restore the last uncompromised version. Citrix App Layering also makes it easy and quick to patch many computers with a few clicks, before recovering their data from a backup.
It’s a truism, but IT security is all about prevention and planning. Do your research thoroughly – you can read Martin’s full post here – and take action to ensure you’re prepared, because it’s only a matter of time to the next major attack.