January 27, 2020 Salih Yilmaz

Security Advice: Citrix post incident scan

From Kahuna we want to make you aware of the fact that conducting a ‘post-incident’ investigation is crucial in closing the ‘security incident lifecycle’ within the framework of ‘lessons learned’ and continuous improvement of our resilience.

In the flowchart below you can easily find out which follow-up steps your organization can take. This flowchart is on the advice of the NCSC. However, Kahuna strongly advises all organisations that use Citrix to perform a post incident scan. We can help you with this or even carry it out completely for you!

NCSC

NCSC

In this analysis, Kahuna uses technical tooling to check your compromised systems related to the Citrix vulnerability (CVE2019-19781). In addition, an analyst from us will analyze the log data for you on suspicious ‘log lines’ that may lead to deviating traffic in your network. The end-result is a concrete advice on the activities to restore your system. The effort to achieve this result varies from 1-3 days. The condition, however, is that log data is available to Kahuna’s analysts.

For more information contact us via info@kahuna.nl or call +31 (0)33 4500 370.