Security Advice: Citrix post incident scan

From Kahuna, we want to make you aware of the fact that conducting a ‘post-incident’ investigation is crucial in closing the ‘security incident lifecycle’ within the framework of ‘lessons learned’ and continuous improvement of our resilience.

In the flowchart below you can easily find out which follow-up steps your organization can take. This flowchart is on the advice of the NCSC. However, Kahuna strongly advises all organizations that use Citrix to perform a post-incident scan. We can help you with this or even carry it out completely for you!

In this analysis, Kahuna uses technical tooling to check your compromised systems related to the Citrix vulnerability (CVE2019-19781). In addition, an analyst from us will analyze the log data for you on suspicious ‘log lines’ that may lead to deviating traffic in your network. The end result is a concrete advice on the activities to restore your system. The effort to achieve this result varies from 1-3 days. The condition, however, is that log data is available to Kahuna’s analysts.

For more information contact us via info@kahuna.nl or call +31 (0)33 4500 370.