Category: Security

The best features in Varonis 7.4

The new big update to Varonis (7.4) was released about an month ago. Now after I have been upgrading and using it for a while I’m starting to get a feeling for the new features and it feels like a great time to talk a bit about the great features that were released.

The first big thing I want to show you are the new dashboards that will help you get a good overview of the status of your environment.You can use the predefined dashboards or create your own.

Active directory dashboard:

GDPR dashboard where you can see if you are compliant to the regulations and if you have control over your sensitive data.

The next thing I really like is that it now is possible to search through the logs via the web interface. It is more responsive and the user interface looks great.The reason why it’s more responsive now is because from this version SOLR software is being used. Varonis promises significant performance improvements and that investigations will go lightning-fast with SOLR and I can definitely agree on that. Searching and investigating alerts in the web interface works perfectly.

Another interesting feature that have been added to the web interface is the integrated incident response playbooks that can be used when handling incidents from DatAlert. As you can see in the picture below you will get detailed information about what happened and which next steps to take.

Varonis Edge have got multiple new threat models added to DatAlert so you can now among other things find out if data have been exfiltrated via DNS tunneling, if DNS cache poisoning have occurred or if data have been uploaded to external websites.

Varonis Edge is a product that is used to analyze metadata from perimeter systems like DNS, VPN and web proxies. These kinds of devices often write the logs in very different ways and it can be very hard to obtain interesting and useful data from them. Edge is used to filter out only the interesting metadata from the perimeter devices and present the events more readable for the user. With help from Varonis Edge you can for example find out whether a user was accessing the network from their usual location, if sensitive data was accessed, and if the event occurred during a user’s normal time window and more.

If you want to know more about the features in the latest version or are interested in Varonis products don’t hesitate to send me an email at rickard.carlsson@xenit.se



TLS 1.0 and 1.1 will be blocked, so update your Citrix Receiver!

Background

As most of the things around us constantly gets updates and improvements, the enhancements regarding flaws in vulnerabilities of security are for most people the most critical. Since cryptographic protocols like TLS 1.0 has been used since 1999, with an update to TLS 1.1 in 2006, these protocols have been vulnerable to attacks like POODLE and BEAST. The best way to prevent similar attacks from happening again is to have people to stop using the outdated protocols and having them to be forced to use the more enhanced 1.2 version.

Last year, some of the largest IT-companies in the world (Microsoft, Google, Apple & Mozilla) announced that TLS 1.0 and TLS 1.1 protocols will be deprecated from their respective web browser in 2020. After this, other companies adapted and cleverly joined the train.

As of the 15th of Mars, 2019, Citrix will no longer support communication over TLS 1.0 and 1.1 to Citrix Cloud Services.

Which cases will be affected?

The standard way of TLS negotiation is to have the latest version be the first negotiator, and if that one fails go to the next one, and so on. This means that if you are running an old version of Receiver that only supports TLS 1.0 / 1.1, you will not be able to connect to Citrix Cloud with an old Receiver. On-prem StoreFront implementations that still support TLS 1.0 / 1.1 will be unaffected by the change.

How will this affect you?

Listed below is the minimum required version of Citrix Receiver. If you have an earlier version, you will be prohibited trying to connect.

Receiver Version
Windows 4.2.1000
Mac 12.0
Linux 13.2
Android 3.7
iOS 7.0

 

What can you do to prevent this?

As of last May, at Synergy, Citrix announced that the Receiver would join the Workspace family. So don’t go looking for any version of Citrix Receiver, go look for the latest version of Citrix Workspace, which can be downloaded here. All the Workspace applications has been stripped from the TLS 1.0 and 1.1 protocol.

The full statement from Citrix can be found in this link