In the dynamic landscape of enterprise browsing solutions, ensuring not just security but also comprehensive admin visibility is paramount. At Citrix, we take pride in our Citrix Enterprise Browser — a robust solution that goes beyond “just” enabling secure access to your web/SaaS applications to also providing unparalleled insights for administrators. In this blog, we’ll dive into the seamless integration between the Enterprise Browser and Citrix Analytics Service (CAS) for Security, showcasing how it elevates the admin’s ability to monitor, manage, and respond to potential risks effectively.
Host: Andy Whiteside
Co-host: Bill Sutton
Co-host: Todd Smith
Co-host: Geremy Meyers
In the dynamic landscape of enterprise browsing solutions, ensuring not just security but also comprehensive admin visibility is paramount. At Citrix, we take pride in our Citrix Enterprise Browser — a robust solution that goes beyond “just” enabling secure access to your web/SaaS applications to also providing unparalleled insights for administrators. In this blog, we’ll dive into the seamless integration between the Enterprise Browser and Citrix Analytics Service (CAS) for Security, showcasing how it elevates the admin’s ability to monitor, manage, and respond to potential risks effectively.
Host: Andy Whiteside
Co-host: Bill Sutton
Co-host: Todd Smith
Co-host: Geremy Meyers
WEBVTT
1
00:00:02.440 --> 00:00:21.049
Andy Whiteside: Alright welcome to episode 1 52 of the Citrix session of your host. Andy. Wise side today is December eighteenth, 2023. Got my my team, my crew with me. Guys starting with Bill sudden. Director of services here at Zintigra Bill, can you believe 2024 is over.
2
00:00:21.440 --> 00:00:27.620
Andy Whiteside: No, I can't. You got your Christmas shopping done? Maybe I should start there. Yeah, most of it, except for the stockings.
3
00:00:28.410 --> 00:00:32.390
Andy Whiteside: Now your wife, your team. Has that done, or you haven't done?
4
00:00:32.780 --> 00:00:49.879
Bill Sutton: I have it done well. The the Christmas shopping for my wife was really it was gifts for the family. We all got new iphones. So course. The funny thing is, it was a very inexpensive gif gift, because of all the promotions I picked last per month now than I did before. Believe it or not. So
5
00:00:50.650 --> 00:00:57.090
Andy Whiteside: getting other stuff, you know other stuff, and it's all done. I'm just waiting for Amazon to show up with all the packages.
6
00:00:57.570 --> 00:01:12.580
Andy Whiteside: Well, that definitely makes Christmas easier. I don't know if it's less fun, more fun. I don't know if you get what people want. Maybe. Right? Yeah. My daughter just texted me literally 5 min ago and said, Do you want to go out and get stocking stuffers for Mom? And I'm all over that. Let her
7
00:01:12.630 --> 00:01:15.299
Andy Whiteside: let her help me pick stuff out, you know. So
8
00:01:15.490 --> 00:01:18.989
Andy Whiteside: you do have to deal with the crowd, though. Keep that in mind. Yes, for sure.
9
00:01:19.020 --> 00:01:22.070
Andy Whiteside: Jeremy Myers, how about yourself? You ready for the holiday?
10
00:01:22.330 --> 00:01:28.399
Geremy Meyers: I started shopping at 5 30 afternoon yesterday. So
11
00:01:28.540 --> 00:01:36.349
Geremy Meyers: yeah, I would say I'm early. I would also say, I know what I'm getting into. This is this every year. Actually, so my wife usually does most of it.
12
00:01:36.440 --> 00:01:40.279
Andy Whiteside: And then I fill in the gaps, and I started filling those gaps yesterday.
13
00:01:40.520 --> 00:01:41.540
Geremy Meyers: so we'll see.
14
00:01:41.940 --> 00:01:54.989
Andy Whiteside: I may be a glen for Punch, but I'm going to the local shopping center after my live wife leaves town to go to where we're going for the holidays a couple of days early, and I'm I like it, and I think it's a program. I'll buy it. If she wants to bring it back. I'll keep. I'll get a gift for seat
15
00:01:56.170 --> 00:01:57.359
Andy Whiteside: to South Columbia.
16
00:01:57.400 --> 00:02:12.420
Geremy Meyers: you know what call me old school, but at least once a year I do like to make the trip out with the masses into the shopping. you know just to just to be a part of it. I'll be honest. And then, after I'm done, I'm like, why don't I do that? I won't do it next year. But what do I do next year? All over again?
17
00:02:12.470 --> 00:02:13.840
Geremy Meyers: Get my coffee.
18
00:02:14.230 --> 00:02:18.150
Andy Whiteside: Do the things. Hi, can you get Amazon up in a cabin in Maine.
19
00:02:19.040 --> 00:02:23.079
Todd Smith: Yeah, they actually do deliver.
20
00:02:23.140 --> 00:02:30.199
Todd Smith: they do deliver to a house that's not limited I can that out. But it wasn't. It wasn't my gift. It was
21
00:02:30.380 --> 00:02:31.890
Todd Smith: It was someone else
22
00:02:32.220 --> 00:02:34.499
Todd Smith: who lives up in the area
23
00:02:34.700 --> 00:02:39.609
Todd Smith: had a 350 pound box dropped off in right front of a garage door. So
24
00:02:39.800 --> 00:02:47.830
Todd Smith: yeah, it was it was. Yes, Amazon does deliver pretty much everywhere. How'd you handle that? Throw it on the tractor and haul it off to him.
25
00:02:47.930 --> 00:02:57.980
Todd Smith: Now, actually, I pinged out on the on the local community Facebook page that said, Hey, does anyone know who would be getting this? And I got like
26
00:02:58.930 --> 00:03:05.450
Todd Smith: one person responded back and said, Yep, that's mine. It got got dropped off, and we'll come over and pick it up. So
27
00:03:07.350 --> 00:03:09.340
Andy Whiteside: yes, one day it was
28
00:03:09.440 --> 00:03:10.450
Todd Smith: that was it!
29
00:03:11.690 --> 00:03:12.940
Geremy Meyers: It's hot!
30
00:03:13.230 --> 00:03:38.440
Andy Whiteside: Alright! Let me do the let me do this integral commercial if you are, or looking at becoming a Citrix customer, a net scalar customer, Hr. File customer and you do not feel like your partner is adding value the way they should. Well, that's why we exist or 12 years old. Now it's been the model from day one, whether it's Citrix service. Now, salesforce, I can go on and on with vendors that we can help up. Level your partnership with.
31
00:03:38.490 --> 00:04:03.279
Andy Whiteside: Let us know. Reach out to myself on Linkedin. Let's talk about it. I know the opportunity. And I and and actually, you know what I'll say this, the the amount of partners out there that were like us are becoming less and less and less. They're getting bought up by private equity. They're they're they're growing up, I guess you might say. But that doesn't mean they're getting better. We're not interested in that, and it it'll it's really opening the door to a lot more customer conversations. We met with a couple of large customers 2 weeks ago that
32
00:04:03.280 --> 00:04:10.810
Andy Whiteside: they don't want to work with the big guys. They don't want to work backward the big Lars or Si's, because they know what they're going to get. They're super open these conversations these days.
33
00:04:12.160 --> 00:04:24.639
Andy Whiteside: Alright the blog we're gonna look at today. The title of it is unveiling the power of citrix enterprise browsers integration with citrix analytics service for security. I think.
34
00:04:24.720 --> 00:04:31.170
Andy Whiteside: Jeremy, I'll come to you first. The the browser scenario within the Citrix workspace portfolio.
35
00:04:31.240 --> 00:04:34.569
Andy Whiteside: It doesn't seem like people know enough about it.
36
00:04:35.590 --> 00:04:49.240
Geremy Meyers: No, in fact, one of the questions that I usually get when we demo Enterprise browser off. So let's take a step back. Enterprise Browser is a local browser that is integrated right into the Citrix workspace app, and when you launch
37
00:04:49.450 --> 00:04:56.379
Geremy Meyers: a web link that launches in the Enterprise browser. It's using a local browser. So you're using the local resources.
38
00:04:56.500 --> 00:05:03.669
Geremy Meyers: You know, of that machine. It's not hosted. Hosted, shared virtual desktop. Any of those things is actually leveraging that local
39
00:05:03.710 --> 00:05:06.099
Geremy Meyers: enterprise browser, which, by the way.
40
00:05:06.460 --> 00:05:21.409
Geremy Meyers: includes security security controls as well. But when I did with this thing off. The first thing first question usually comes up is, Where are you hosting that that browser? And I'm like, no, no, no, this is not a hosted browser. So you know, sometimes we're we're kind of crippled by our own success, Andy.
41
00:05:21.530 --> 00:05:23.269
Geremy Meyers: In that.
42
00:05:23.520 --> 00:05:31.590
Geremy Meyers: Folks are so used to things from Citrix being virtual, that you know it takes a mind shift. Just sort of think about this from a local perspective. So
43
00:05:31.900 --> 00:05:41.450
Andy Whiteside: a large corporation couple weeks ago, CIO, and and I'm trying to taught him about the browser options within Citrix. And and he
44
00:05:41.490 --> 00:05:56.159
Andy Whiteside: he stops me and says, I've been doing Citrix since the late nineties. I know all about publishing a browser in Citrix, and for 5 min I tried to convince him that wasn't what this was. but he was so adamant. He knew it already that this didn't exist. Only the old way exists. Go ahead, Todd.
45
00:05:56.790 --> 00:06:00.889
Todd Smith: Yeah, II was just gonna add on to that. You know, if you look at it.
46
00:06:01.040 --> 00:06:03.370
Todd Smith: the majority of our customers.
47
00:06:03.410 --> 00:06:19.059
Todd Smith: historical customers, especially the number one app that they would that they would publish out using. Xenap was a browser because they could manage the controls. They could manage the update of that browser. They could put in their own security controls and they would leverage
48
00:06:19.140 --> 00:06:21.270
Todd Smith: the Zen app policies
49
00:06:21.380 --> 00:06:24.639
Todd Smith: that were out there. And and they had
50
00:06:25.050 --> 00:06:26.550
Todd Smith: management reporting
51
00:06:26.700 --> 00:06:29.049
Todd Smith: reliability. All that stuff
52
00:06:29.790 --> 00:06:31.569
Todd Smith: problem is that came with a price.
53
00:06:32.030 --> 00:06:38.689
Todd Smith: and that price was it consumed back end resources on your servers to to be able to deliver that
54
00:06:39.750 --> 00:06:40.480
right?
55
00:06:41.390 --> 00:06:50.049
Andy Whiteside: Well. And it's not like that doesn't still exist. The use cases are there, but they're minimum days versus the used cases for what we're talking about. Here was a locally running
56
00:06:50.100 --> 00:07:08.919
Andy Whiteside: chromium, iterative or chromium version of a browser. That's part of the Citrix Workspace app. And Jeremy, just to be clear when I install Citrix Workspace app to get access to this magical citrix digital workspace that I use. That browser is in there and ready to go.
57
00:07:08.980 --> 00:07:11.650
Geremy Meyers: The bits are already in there and ready to go. You got it.
58
00:07:12.670 --> 00:07:27.510
Andy Whiteside: Bill, are you are you seeing customers that are starting to understand this? Are they still just as unaware of this solution. They're largely still unaware. They're they're still in the mindset of what Todd was mentioning, which is where they
59
00:07:27.870 --> 00:07:55.970
Bill Sutton: they publish the browser. Maybe they publish it with a link embedded. So you launch it and you get salesforce, or what have you? But you know that's kind of the way we used to do it like, Todd was saying. But today, it might still make sense in some cases where you've got a really fat app that needs to run in the data center. And you you can't really get to that with a browser outside of the environment. But so many users are remote now, and it really doesn't make sense to publish a browser on a Zen App server just to turn right around and go out to the Internet and get to salesforce.
60
00:07:56.080 --> 00:08:07.390
Andy Whiteside: is it? Is it the is when you say fatness of the app? Are you talking about the old school days where you had all these different plugins and things that needed to be there is that part. Not that necessarily, but just the the app being client server, oriented.
61
00:08:07.390 --> 00:08:26.660
Bill Sutton: You know where you got a whole database tier and an app tier and all of those. And then the the end user tier. Those types of we don't see that as much, maybe in some old insurance industry apps and maybe medical apps a lot of them are starting to move out of that, or have already moved out of that realm. But there's still some legacy stuff out there.
62
00:08:26.660 --> 00:08:54.539
Andy Whiteside: I mean, Java was a great example of things that where you just need to make sure you controlled all that. So you put it in a in a virtualized back end sandbox and then present it versus having deployed. But HTML 5 and the the codecs and things that are all part of that capability these days, or they've kind of mitigated the need for all the control that you used to would have, wouldn't you think they absolutely have? But I guess my point here is that most of what most of the apps that folks today are accessing
63
00:08:54.640 --> 00:09:10.130
Bill Sutton: our web. Or I'm sorry our Saas based or web based apps. So it doesn't. It doesn't even make sense it. It might have made sense then, from for security reasons. But it certainly doesn't make sense now to publish a browser. So the user launches it in the data center. And then it turns right it out, goes out to the Internet
64
00:09:10.190 --> 00:09:11.630
Bill Sutton: to get to salesforce.
65
00:09:11.810 --> 00:09:23.220
Bill Sutton: Yeah, why not just do it from the endpoint to salesforce and then wrap a a secure browser around it with controls and and limitations on cut paste and other such things. Which is what this does. We'll get into it in a minute.
66
00:09:23.340 --> 00:09:32.309
Andy Whiteside: Yeah. Hey, Todd, do you want to tackle this this first section after after the Intro. The title of this section is navigating the web. Every URL or every move.
67
00:09:32.970 --> 00:09:46.580
Todd Smith: Yeah. And and I think that's one of the biggest challenges that's been out there historically, has been okay. I've got a URL. I need to be able to lock it down. I need to be able to provide controls, customize to that URL or that that site
68
00:09:46.680 --> 00:09:55.710
Todd Smith: and be able to do things like monitor and control cut pace, control, clipboard functionality, printing capabilities, all of those type of things.
69
00:09:55.760 --> 00:10:03.900
Todd Smith: And really, this enterprise level browser really allows you to have that same level of controls
70
00:10:04.000 --> 00:10:29.630
Todd Smith: in a browser delivered session that you would normally have with a virtualized app session. Right? Because we've been able to take those controls and migrate them over, but not only migrate the controls over, but also migrate the reporting and analysis, the the analysis component of it right? So be able to not only say, Hey, we've got these controls, but we can then prove that those controls are actually effective
71
00:10:30.110 --> 00:10:33.269
Todd Smith: which anyone who has to deal with compliance programs.
72
00:10:33.850 --> 00:10:42.629
Todd Smith: That's the that's both sides of the of the argument. There, right? You've got to be able to have the controls, and you gotta be able to prove that those controls are actually
73
00:10:42.940 --> 00:10:44.110
Todd Smith: working.
74
00:10:45.350 --> 00:10:54.489
Andy Whiteside: I mean to me when I dive deeper into this which I have, which I do occasionally. This is like the most powerful new thing that Citrix has had in the last 10 years.
75
00:10:54.610 --> 00:10:55.790
Andy Whiteside: Do what do you think?
76
00:10:56.660 --> 00:11:12.400
Todd Smith: And I think, under, I think, under the covers. This is something that that a lot of customers have have been doing a workaround for the past 15 years. When really this was the end solution that really should have been should have been delivered.
77
00:11:12.510 --> 00:11:18.199
Todd Smith: II wanna say, in the first place, but certainly if we could have delivered this a lot sooner.
78
00:11:18.240 --> 00:11:28.909
Todd Smith: It probably would have been able to alleviate a lot of customers. Pains of having to manage browsers. And you know, think about it. How many times do you get an update
79
00:11:29.610 --> 00:11:37.040
Todd Smith: on your browser that requires you to do a reboot or the relaunch of the browser? I mean, I think.
80
00:11:37.350 --> 00:11:43.339
Todd Smith: as an example. My chrome browser. I'm up. I'm getting an update. Probably every other day.
81
00:11:43.530 --> 00:11:45.210
Todd Smith: Something is changing in that.
82
00:11:45.500 --> 00:11:51.359
Todd Smith: And it could be these subtle changes, or could be big changes. But the thing is, those are things that have to be done.
83
00:11:51.700 --> 00:11:58.449
Todd Smith: If I can then say, Hey, I've got a I've got an enterprise browser that is managed, that is controlled
84
00:11:58.560 --> 00:12:02.640
Todd Smith: without me having to worry about the updates that are occurring on my local.
85
00:12:02.830 --> 00:12:08.429
Todd Smith: II can. I can definitely get more control and more security around it.
86
00:12:08.560 --> 00:12:10.550
Todd Smith: and then also have a better experience
87
00:12:11.370 --> 00:12:12.400
Andy Whiteside: right?
88
00:12:12.840 --> 00:12:22.879
Andy Whiteside: While all that true and 100% true, while in parallel, not having to produce consumption compute on the back end, which is where a big chunk of the cost kicks in.
89
00:12:23.000 --> 00:12:28.319
Andy Whiteside: Yeah, I mean, listen, Bill, use the word salesforce, I mean, Andy, you've got salesforce running. Now.
90
00:12:28.400 --> 00:12:32.030
Geremy Meyers: salesforce lightning is a hog and running. That is, a published app
91
00:12:32.070 --> 00:12:42.980
Geremy Meyers: just consumes a lot of resource in the back end. So yeah, listen if I can. If security was the issue, Bill brings up a good point. I mean, if this is already a Sas hosted off site application. Anyways.
92
00:12:43.090 --> 00:12:53.260
Geremy Meyers: Now, I'm just tying up data center resources. For what reason? Right? I can secure this app through controls in this enterprise, browser. I'm offloading the processing to my local machine.
93
00:12:53.330 --> 00:12:56.110
Geremy Meyers: You know. Why not? Why not?
94
00:12:56.290 --> 00:12:57.979
Geremy Meyers: So? The first thing that's a
95
00:12:58.430 --> 00:13:22.289
Andy Whiteside: sorry, real quick. Let me understand the traffic flow in this I know when I when I used to bring it as a published app, I knew it came in through presentation, and then went in and out through your typical http, https in this situation where I'm actually running a browser locally, and I'm outside the office. Can I force that traffic back in and then back out, back in to get to local resources directly out, or all the above.
96
00:13:22.560 --> 00:13:45.910
Geremy Meyers: you can do all the above. So the idea would be, listen, if you want to keep the traffic flow from your endpoint directly, like salesforce, that's something that can completely be done. If you want to force it through the data center. And there's some use cases for that. So, for instance, there are certain Sas apps that require all the data, all the traffic to originate like, say, from a data center. Again, you can also force it through the data center, so that traffic from a local machine at my house
97
00:13:45.910 --> 00:13:53.170
Geremy Meyers: appears to be going through the data center and out to the Sas app. So you know, that's also a supported scenario as well, you can configure. Yeah.
98
00:13:53.800 --> 00:14:07.779
Andy Whiteside: Next section talks about clay. Let's go back up. So there is an important point to the first one. So this first section talks about the fact that because you're running this from the local Mr. The local enterprise browser, we're actually logging
99
00:14:07.960 --> 00:14:10.910
Geremy Meyers: the yeah Urls that you go to. So, for instance, you can publish
100
00:14:10.950 --> 00:14:19.440
Geremy Meyers: a link to an app or a link to a website, it will launch in this enterprise Browser, which is great. But I can also open up another tab and go navigate to a different website. So
101
00:14:19.760 --> 00:14:27.419
Geremy Meyers: where that comes in useful is number one. I like the fact that I'm getting folks used to using it. But secondly, there's a feature that you can enable
102
00:14:27.430 --> 00:14:41.920
Geremy Meyers: that will let you understand where these Urls are going. So, for instance, you could certainly look at this from a security perspective like, I don't want folks going to certain websites from the Flip side. I might understand that my users are actually trying to go to this one website that they can't get to like they're having to type it in.
103
00:14:41.980 --> 00:14:48.950
Geremy Meyers: And it was just something I missed. So now I know a new website that I need to publish to my end users that maybe I didn't realize I needed to before.
104
00:14:49.040 --> 00:14:54.639
Geremy Meyers: In fact, there's a feature integrated into this called the app discovery feature. That helps you turn that on and figure it out.
105
00:14:55.320 --> 00:15:23.159
Andy Whiteside: Yeah, I think what you would really highlight here, and and very much true. We've talked about the local browser running, but it's control of that local browser. And then analytics and insight into everything happening within that browser which you know when you use. Maybe the same I should have made earlier. It's it's 2023, 2024, almost a and most corporate users of enterprise. Commercial Midmarket, Smb. They still use a consumer grade browser to do their job. If you stop looking at that way that makes no sense
106
00:15:23.270 --> 00:15:24.600
Andy Whiteside: at this stage of the game.
107
00:15:25.170 --> 00:15:26.210
Geremy Meyers: It doesn't.
108
00:15:26.270 --> 00:15:28.660
Geremy Meyers: But like those are people people just don't know.
109
00:15:29.120 --> 00:15:34.710
Todd Smith: And the the other benefit here is, what if? What if it could become
110
00:15:34.800 --> 00:15:41.689
Todd Smith: proactive instead of reactive? Right? So, as a as Jeremy was just saying with the app discovery capabilities?
111
00:15:41.860 --> 00:15:45.409
Todd Smith: What if you could say, Hey, you know what we're so we're noticing
112
00:15:45.420 --> 00:15:48.829
Todd Smith: our users are doing more with this website.
113
00:15:49.210 --> 00:15:58.970
Todd Smith: What if we could then include that right as part of our service, or or go and understand how to optimize that.
114
00:15:59.240 --> 00:16:07.219
Todd Smith: you know. Now, all of a sudden, you're you're you're meeting the you're meeting your users needs before the users actually start complaining about it.
115
00:16:07.310 --> 00:16:11.160
Todd Smith: and you can help uncover shadow it, too. That's exactly it.
116
00:16:13.110 --> 00:16:23.299
Andy Whiteside: Anything else to cover on this part, Jamie, I'm glad you stopped us, because that's most one of the most important parts of this whole blog is the ability to see on the back end. What's happening from a security and performance perspective?
117
00:16:23.390 --> 00:16:26.780
Geremy Meyers: Yep, no, that's it. Yeah, we can. We can move on to the next one.
118
00:16:26.870 --> 00:16:32.840
Andy Whiteside: Alright. Let's talk about this clipboard control cutting through the risk. Let's cover this. I
119
00:16:32.860 --> 00:16:36.360
Andy Whiteside: extremely applicable in this conversation. Jeremy, go ahead.
120
00:16:36.380 --> 00:16:38.850
Geremy Meyers: Yeah. So when you think about why
121
00:16:39.130 --> 00:16:48.870
Geremy Meyers: customers were publishing applications like web browsers in the past. Some of it, to Bill's Point was certainly client server, but some of it was just good old plain security, right? Like they wanted to contain
122
00:16:48.880 --> 00:17:03.159
Geremy Meyers: the data. They wanted to keep it in the data center. So of course, Zen Apps and Desktop, you can. Those are policies. You can turn on block copy and paste, which is kind of what we're getting on here. You can just manage the clipboard well, as it turns out we can extend that same security control
123
00:17:03.170 --> 00:17:08.569
Geremy Meyers: out to this enterprise, Browser, that's running on that local machine. So, for instance, if I'm within.
124
00:17:08.730 --> 00:17:17.679
Geremy Meyers: you know I've pulled. I've got a web page up on the Enterprise browser. I can turn on. Maybe this is salesforce. I can restrict the clipboard even at this local machine, even if it's not hosted.
125
00:17:18.690 --> 00:17:24.419
Andy Whiteside: Am I doing that based on URL? What's my key indicator that says, when that turns on and off
126
00:17:24.740 --> 00:17:38.059
Geremy Meyers: you can do it. Per, yeah. URL, so you can have a couple of different yeah. Urls, you might have one that's wide open. You couldn't care less about. And then you've got one that might be an internal jira app that you certainly want to maintain the day on, so you can do it on a per URL basis
127
00:17:38.110 --> 00:17:39.330
Geremy Meyers: when you probably am.
128
00:17:39.370 --> 00:17:43.189
Andy Whiteside: Is that also per tab, or that through is through the session itself.
129
00:17:43.520 --> 00:17:46.210
Geremy Meyers: Be per tab. Yeah, yes, you can do it per tab.
130
00:17:46.330 --> 00:18:16.090
Bill Sutton: But the interesting thing, the interesting thing about this and this goes back to what you were saying earlier, Jeremy. And I think, Andy, you said it as well is obviously you can. You can MoD you could create policies to restrict or allow cut, copy, paste, etc., between the browser and the local workstation, and vice versa. But the thing, I think, is really neat about this is that leveraging the security analytics, it's logging all of this activity. So it could. We could. We can see when somebody cut and pasted from, you know,
131
00:18:16.180 --> 00:18:18.440
Bill Sutton: Pirate Bay into
132
00:18:18.480 --> 00:18:31.690
Bill Sutton: into a workstation, or if I tried to try to cut and paste something back and forth between the local workstation into a certain app, and you may not be able to see what they cut and paste it, but at least you can see that it was attempted, and then you can take action on it
133
00:18:32.020 --> 00:18:40.129
Geremy Meyers: well, and to take it a step further. So now that we can see now, first of all, how would you have done this with the Zen App, or a Zendesk.
134
00:18:40.160 --> 00:18:53.599
Geremy Meyers: or see bad, you know session right now. I might have turned copy and paste, off and on. I've seen what it is you actually did, and here's the best part is now I can take a policy action based on what you did as well. So now only set it. But if I've noticed that.
135
00:18:53.840 --> 00:18:59.170
Geremy Meyers: I mean, listen, Bill cannot be trusted and he spans control. C control. V. If we see that enough.
136
00:18:59.800 --> 00:19:06.070
Geremy Meyers: maybe we just turn off his access or we take some proactive action, we alert someone to let them know. This is what's going on.
137
00:19:06.550 --> 00:19:23.639
Andy Whiteside: Yeah, I think part of the argument you guys are making in theory, there's there's, there's elements of this are more controllable, more visible, than if we hosted in the data center and consumed all those resources where we may or may not be able to do as much as we can do here. Yeah, we have more context. We have the ability to get more context into what's going on and can take action on it
138
00:19:23.670 --> 00:19:27.069
Bill Sutton: in real time versus what we could do in the past.
139
00:19:28.440 --> 00:19:29.770
Andy Whiteside: Hey, Todd? Anything we missed.
140
00:19:30.670 --> 00:19:31.989
Todd Smith: Nope, I think we're good.
141
00:19:32.200 --> 00:19:46.089
Andy Whiteside: Okay, let's Todd, you wanna cover print printing precision managing output safely. Right? There's the digital. That we've been talking about. But analog still happens. And analog. Still a major concern, Aka printing
142
00:19:46.390 --> 00:19:54.229
Todd Smith: Yup. And and you know this, this is something that re really happened when we started sending people home to to work from home.
143
00:19:54.410 --> 00:20:06.029
Todd Smith: One of the big risk factors out there, whether you're talking about regulated industries like healthcare or banking. where customer service reps or billers are being sent to work from home
144
00:20:06.170 --> 00:20:08.940
Todd Smith: on a regular basis. And
145
00:20:09.210 --> 00:20:22.039
Todd Smith: their process was, Hey, I'm at the office. I'm just gonna print this out and put it into the file. That same process says, print it out. Well, you're now. You're now at home, right? You shouldn't be printing thing. You may or may not be allowed to print
146
00:20:22.210 --> 00:20:36.269
Todd Smith: copies and keep them at home because it's less secure or or it could be a potential data privacy issue things like that. So being able to manage where that print output actually occurs
147
00:20:36.310 --> 00:20:37.790
Todd Smith: and restrict it
148
00:20:37.990 --> 00:20:59.110
Todd Smith: and when you connect them through something like a VPN, right? So basically, you can say, Hey, don't. When you're connected to the VPN. Don't allow any downloads or or printing or things like that. But oftentimes it's at the application level, right? So this could be the application or the or the site level, where you can actually then
149
00:20:59.350 --> 00:21:08.530
Todd Smith: turn on the ability to print or turn it off and identify. You know not only what they're printing, but also where they've printed it to
150
00:21:08.640 --> 00:21:13.379
Todd Smith: right could be identified as the the printer name, or, you know.
151
00:21:13.660 --> 00:21:19.819
Todd Smith: printing off to a Pdf file. This is it right? So, being able to track that, and once again to Bill's comment
152
00:21:20.140 --> 00:21:24.029
Todd Smith: if we can. If we can restrict it, we can also report on it
153
00:21:24.350 --> 00:21:33.449
Todd Smith: right? So first time, hey? You know, you get a notification from manager saying, Hey, you shouldn't have been printed that off. If you're a repeat offender for that.
154
00:21:33.580 --> 00:21:42.019
Todd Smith: Guess what you're gonna have that access turned off, or you may have some type of an easy phone call. With that your manager and Hr rep on, call
155
00:21:42.860 --> 00:21:43.590
Andy Whiteside: right.
156
00:21:44.350 --> 00:21:49.569
Andy Whiteside: Do you have any other comments on the the printing aspects of what the secure browser brings to this solution.
157
00:21:49.680 --> 00:21:58.620
Geremy Meyers: No, no, I mean, I think think Todd hit it here. Along the same line is this copy and paste, you know. If we can start tracking this, we can. We can be proactive with us with it as well.
158
00:21:59.310 --> 00:22:00.600
Andy Whiteside: Bill, are you seeing?
159
00:22:01.450 --> 00:22:11.610
Andy Whiteside: Or after we beat it to death. Customers don't even know this stuff exists, much less using it. Do we have any examples where customers have have turned this on in your working set of customers. No.
160
00:22:11.750 --> 00:22:16.079
Andy Whiteside: now II think it's just they don't know. They they literally don't know.
161
00:22:16.460 --> 00:22:25.030
Bill Sutton: It kind of goes back to something. I think, Jeremy, you alluded to earlier, and that is, you know, we're victims of our success. And
162
00:22:25.160 --> 00:22:33.909
Bill Sutton: and I think a lot of customers still see Citrix as a use Mark Templeton term from years ago. One trick pony right?
163
00:22:34.350 --> 00:22:46.230
Andy Whiteside: Well. So in my situation with the CIO the other week of this major corporation that you know they started the whole conversation with, I know metaphrame, and I knew when app. Therefore you can't tell me anything, and I'm like, Oh, God, I know where this one's going.
164
00:22:48.030 --> 00:22:51.740
Todd Smith: I know which customer that was. Okay. Yeah.
165
00:22:52.110 --> 00:23:02.039
Andy Whiteside: Yup put me in my place right away. I was on that call. Yeah, alright, it's Jeremy back to your download dynamics, tracking every bytes.
166
00:23:02.170 --> 00:23:03.880
Andy Whiteside: every bite.
167
00:23:04.370 --> 00:23:12.370
Andy Whiteside: this is where it really gets scary for customers, and that was one of the reasons why we had the published app concept of a published browser.
168
00:23:12.600 --> 00:23:16.750
Andy Whiteside: But we don't need to do that anymore, because guess what we can do. It here helps understand that.
169
00:23:16.830 --> 00:23:25.840
Geremy Meyers: Yeah, yeah. So think about what would happen if you tried to download something from a website that was in your published app. What did you typically download to? It was probably.
170
00:23:26.230 --> 00:23:41.040
Geremy Meyers: you know, hopefully, your Citrix session. Your Citrix environment was set up correctly, so they would redirect that to a network share right? But some kind of personal folder, of course, but once you've taken the web browser quote unquote off net, now it sits locally, and I go to download something
171
00:23:41.150 --> 00:23:49.779
Geremy Meyers: all of a sudden. Where's it? Downloading was downloading locally to my machine? So again, this is a this is an area that I might not have considered in the past.
172
00:23:49.870 --> 00:23:54.419
Geremy Meyers: In the past it might have looked like security controls, like a chrome browser, just to turn off
173
00:23:54.480 --> 00:23:59.570
Geremy Meyers: downloads in general. But now that I'm gonna download something, and it could potentially be local.
174
00:23:59.580 --> 00:24:02.180
Geremy Meyers: can I turn that off as well? And so being able to log.
175
00:24:02.210 --> 00:24:12.990
Geremy Meyers: you know, number one, what got downloaded where it got downloaded, where it was downloaded from. And is that something that I'm even going to allow. You know these are security controls, the number one you can turn on. And second, second of all. And this is the the trend. Here
176
00:24:13.030 --> 00:24:26.680
Geremy Meyers: I can log and track against and take proactive security. You know actions against as well. So some of these things. And this is kind of what the next session is is, you know, in micro chunks. Maybe it doesn't
177
00:24:26.850 --> 00:24:37.809
Geremy Meyers: indicate any sort of security threat. But this all feeds into a risk score that tags the user as more or less risky. So you know, again, in in the theme of
178
00:24:37.980 --> 00:24:40.209
Geremy Meyers: feeding this into security analytics?
179
00:24:40.270 --> 00:24:51.440
Geremy Meyers: Yes, we can take proactive actions. But ultimately, what is the posture of the user doing all of these things? Or one of these things is one thing more important than the other like. I might not care about printing, but I care a lot about downloading
180
00:24:51.450 --> 00:24:55.799
Geremy Meyers: again. These are all things that can be controlled, things that can be logged. And ultimately.
181
00:24:55.820 --> 00:24:59.149
Geremy Meyers: you know, I can tag the user as risky and be proactive about it.
182
00:24:59.830 --> 00:25:02.059
Andy Whiteside: Right? Thought anything else.
183
00:25:02.380 --> 00:25:09.400
Todd Smith: III think it's a great lead into the to to the kind of the last topic here, which is the
184
00:25:09.920 --> 00:25:13.670
Todd Smith: you know the whole comments around establishing a risk score
185
00:25:13.780 --> 00:25:21.350
Todd Smith: you know, and how how so much of our security is based on contextual items.
186
00:25:21.450 --> 00:25:28.839
Todd Smith: whether it be someone changes their location. what the application they're using. you know, really kind of
187
00:25:28.890 --> 00:25:38.919
Todd Smith: identifying what their, what their score is compared to some of their peers, and compared to some of the other folks that are that are out there using these systems, being able to
188
00:25:39.190 --> 00:25:40.390
Todd Smith: address
189
00:25:40.780 --> 00:25:46.829
Todd Smith: the needs of the users and also the needs of the security requirements of the organization
190
00:25:47.000 --> 00:26:00.339
Todd Smith: are critical, right. So being able to say, Hey, you know what this this person, this user, needs to be able to print, they need to be able to download files. They need to be able to maybe edit some things, and then and then once they download it, re upload it.
191
00:26:00.480 --> 00:26:03.359
Todd Smith: What if I could have something like that reported.
192
00:26:03.990 --> 00:26:11.310
Todd Smith: you know. Hey? You downloaded something, but you never re uploaded. you know. What was. Is that a process issue, or is that something.
193
00:26:11.430 --> 00:26:17.229
Todd Smith: you know. Are you still working on it? You know there's a variety of different things that we can. We could help manage here.
194
00:26:17.340 --> 00:26:21.579
Todd Smith: But it really helps us balance out that the
195
00:26:21.660 --> 00:26:24.480
Todd Smith: user experience versus the security requirements.
196
00:26:24.950 --> 00:26:33.769
Andy Whiteside: And guys, I think this is the right answer here. But you can. You don't necessarily have to turn on a bunch of enforcement. But you can turn this on and start evaluating your risk
197
00:26:33.780 --> 00:26:35.210
Andy Whiteside: portfolio
198
00:26:36.240 --> 00:26:38.939
Andy Whiteside: just by turning this on without ever enforcing anything
199
00:26:38.960 --> 00:26:46.060
Geremy Meyers: correct. Yep. So if you just want to watch and get a feel for what users are doing and understand.
200
00:26:46.100 --> 00:26:48.540
Geremy Meyers: you know what the activity is. I mean. That's step number one.
201
00:26:48.740 --> 00:26:52.109
Geremy Meyers: and then you can create controls after that if you choose to.
202
00:26:53.290 --> 00:26:57.480
Andy Whiteside: So the question, you guys, if you can do that, and it doesn't have to be heavy handed. Why.
203
00:26:57.510 --> 00:27:10.710
Andy Whiteside: why don't you like? Why didn't everybody just turn this on start using it? And the truth is going back to the comments over. They just don't even know you can do it. They are, I think, going. You know, the the idea that Citrix and the successful idea of publishing a browser. That's how you do. It
204
00:27:10.780 --> 00:27:13.460
Andy Whiteside: is almost really been a detriment.
205
00:27:14.690 --> 00:27:25.359
Geremy Meyers: Yup, Yup! And, in fact, what's interesting about this is you pointed this out, Andy, is you actually get more functionality out of this than you would have just publishing the app for the brow, for the Zen app session.
206
00:27:27.020 --> 00:27:35.720
Todd Smith: III think the other thing that that we're seeing is in the past. We weren't always engaging with the folks that were running the Security guard
207
00:27:35.910 --> 00:27:48.939
Todd Smith: the or the security organization within our customers. Right? It was very much reactive as opposed to being proactive in security. Folks would tend to go out and say, Hey, we just got this report.
208
00:27:49.140 --> 00:28:02.929
Todd Smith: We just did an investigation. We just read something that says we need to go in, either fix it or buy something new. And oftentimes it's not being done in collaboration with the same folks that are running the Citrix environment.
209
00:28:03.170 --> 00:28:05.180
Todd Smith: So there's no need there
210
00:28:05.220 --> 00:28:08.919
Todd Smith: to make a change and to to turn some of these features on.
211
00:28:09.050 --> 00:28:17.090
Todd Smith: But if you're a customer and you listen to this, podcast you know, get to know your security folks. They're not scary. They're there to help you
212
00:28:17.390 --> 00:28:20.839
Todd Smith: find ways to to leverage what you've already made the investment in.
213
00:28:20.860 --> 00:28:33.949
Todd Smith: or potentially come up with a different way of doing things. You have the answer right here they're looking for. They just don't know, because they're not looking in the citrus world for the answers. They're going out trying to find new products that are sassy and 0 trust related. Yep.
214
00:28:34.880 --> 00:28:38.509
Andy Whiteside: Bill, any comments on the whole concept of contextual risk.
215
00:28:38.750 --> 00:28:53.279
Bill Sutton: No, III agree with the title there. A game changer, for sure. Is the, you know, the ability to look at the users act users behavior and activity and make make policy based decisions on whether they can continue to have that level of access or adjust it.
216
00:28:53.330 --> 00:29:02.390
Bill Sutton: So I really, this is, I knew this existed, but didn't realize it was this extensive at this point. So now I want to go test it
217
00:29:03.400 --> 00:29:08.149
Bill Sutton: hopefully. Folks on the call want to do that, too, and if you do reach out we can work together.
218
00:29:08.530 --> 00:29:38.529
Andy Whiteside: We we've we've got it turned on within zoom integral. We just don't enforce anything at the moment, therefore people just keep doing their own it their own, it sneaker net doing their own thing but we're talking about. We talked about our management call this morning, turning this on so that in order to get this integral salesforce, you have to come through our digital workspace, it's it's a mutual blend of mandating stuff, as all also getting people to come to it up to their own on their own device and their own vice their own. What's it called their their own reason for want to get to it?
219
00:29:38.560 --> 00:29:39.940
Andy Whiteside: What's where I live working?
220
00:29:40.050 --> 00:29:54.790
Geremy Meyers: So the carrot for me is, there are quite a few web apps that are only available internal to Citrix, so like our Geir page, and you know some some of our internal sites, and you know, for me to launch my virtual desktop or me to launch a virtual app. Don't be around
221
00:29:55.450 --> 00:30:04.660
Geremy Meyers: great use, case, but I would much rather do that. My enterprise, browser, which is what I tend to do. In fact, I've got bookmarks for most of the stuff inside Enterprise browser, and
222
00:30:04.760 --> 00:30:09.090
Geremy Meyers: you know it's quicker. It's easier, simpler, especially if I just need to pop in and pop out
223
00:30:09.800 --> 00:30:20.160
Andy Whiteside: most of the customers I'm running into today. They're using a local browser completely unmanaged in a VPN. To get to that back end. And you're like, what year are you living in that? That's
224
00:30:20.500 --> 00:30:30.560
Andy Whiteside: the 2,005. I get it. Not. Yeah. You shook your head like, you see that all the time? Yeah, I see it a lot more frequently than I thought
225
00:30:30.630 --> 00:30:33.330
Todd Smith: we would see it as far as the
226
00:30:33.460 --> 00:30:49.810
Todd Smith: the older method and part of it is the architecture of some of these applications that are out there. Some of these websites that people are hitting where especially the internal ones, right? So the internal websites tend to have local data sources to that data center for that to that organization.
227
00:30:50.010 --> 00:30:59.680
Todd Smith: but if they're using something like salesforce or service now, or some other type of commercially available websites, it's a true software as a service.
228
00:31:00.630 --> 00:31:11.409
Todd Smith: The architecture is totally different. Right? You're not going back to that data center, to to your company's data center to get a lot of this information residing someplace up in the cloud or in someone else's
229
00:31:11.440 --> 00:31:19.090
Todd Smith: location, or you're pulling it from multiple sources. So that has changed considerably. The the architecture has changed to the point where
230
00:31:19.230 --> 00:31:28.340
Todd Smith: You know the old way of doing things. You said the 2,005 way of doing things doesn't really, it's no longer applicable.
231
00:31:28.780 --> 00:31:38.900
Todd Smith: But it's nice to be able to turn around and say, Hey, we can do now both ways, right through this one single enterprise browser that's included in your Workspace app
232
00:31:38.980 --> 00:31:43.480
Todd Smith: that you've got it already on there we can address both of those concern.
233
00:31:43.680 --> 00:31:50.430
Todd Smith: the traditional legacy websites or the software as a service new next generation website.
234
00:31:51.020 --> 00:32:03.319
Andy Whiteside: exactly in one pane of glass with with the same security controls on all the above it. It's amazing. It really is amazing. And if you need a published desktop Vdi server based whatever. Hey? That's there, too.
235
00:32:03.680 --> 00:32:04.360
Todd Smith: Yep.
236
00:32:04.650 --> 00:32:08.819
Andy Whiteside: it. It really is the most holistic end to end digital workspace platform on the planet.
237
00:32:10.450 --> 00:32:28.399
Andy Whiteside: Alright. Well, guys, I appreciate you jumping on maybe we'll do this again next week. I'm not sure I don't even know when the twenty-fifth is. I'm not sure. I think we may need a break from all the
238
00:32:28.760 --> 00:32:32.170
Todd Smith: the the chaos that tends to be Christmas morning.
239
00:32:32.670 --> 00:32:34.370
Geremy Meyers: That's true.
240
00:32:34.500 --> 00:32:45.849
Geremy Meyers: my youngest is 8, so I'll say little, especially compared to yours. You've got the college kids and Todd's of are married. Now
241
00:32:45.920 --> 00:32:47.950
Todd Smith: I'm I'm on round 2 of
242
00:32:48.620 --> 00:32:52.439
Todd Smith: oh, you're circling back. Okay? Okay, yes.
243
00:32:52.510 --> 00:33:00.330
Andy Whiteside: that's exactly what I meant.
244
00:33:00.550 --> 00:33:22.830
Andy Whiteside: no matter what. Don't show up your next Monday. We'll take the day off. But, guys, I appreciate it. It's been a great year, a lot of great conversations Monica has been fantastic to work with. We have a lot of great listeners. We don't have enough. Great listeners cause what we talk about here in the Citrix world is is so applicable, and I guarantee you. I mean, it's probably 95% or higher. The people don't know what we just talked about, and they're missing the boat
245
00:33:23.690 --> 00:33:27.010
Bill Sutton: and all they need to give us to be to whet their appetite.
246
00:33:28.380 --> 00:33:33.919
Andy Whiteside: It's crazy. Alright, thank you. Enjoy the rest of your week.