The Citrix Story: Two years with zero malware by email and users don’t even know it’s there.
By Stan Black, Chief Security and Information Officer, Citrix, Inc.
Cyber Security Professional of the Year – Gold Award 2018
I want to tell you about Glasswall FileTrustTM ATP for Email, a technology I use at Citrix. I was first a customer, then an advisor and finally became a board member. I don’t do that lightly, so I wanted to tell my story.
The entire security industry is used to buying products that find problems. Not products that solve problems. It’s like going to a doctor who lets you know you’re sick but can’t treat you. Flagging that you might have a problem and that something bad might have occurred, is evidence of a symptom, it doesn’t treat the cause. Since 2005, over 10.5 trillion records have been breached worldwide. Yet, what do we do? We continue to invest in the 1,000s of security technologies out there that keep allowing these breaches.
In my opinion, this is the definition of insanity. If I spend millions of dollars on security technology – and I do – and they ultimately don’t fix the problem, isn’t that insane? It’s very rare, almost non-existent, to find a technology that actually eliminates a risk and for me, it’s those rare technologies that treat the cause that are absolutely critical to mitigate my corporate risk.
Despite the initial skepticism of my team, what we did at Citrix was to implement Glasswall in our email gateway. I have multiple layers in our email defense-in-depth strategy that progressively filter all out all links, virus, and spam that could be dangerous to my organization. They’re pretty good at it: we receive 2-3 million emails a day, 87% of which I filter off. But there are still files in those communications where the software that looks for malware can only see things it understands, not those it doesn’t. That left a significant window of risk.
The value of Glasswall at this point is simple: It looks at a file and compares it to a published standard. It then remediates everything that doesn’t adhere to that standard. It doesn’t look for anything bad. It just removes everything that shouldn’t be there. Finally, it reconstitutes the file and gives it back to you without you ever knowing it happened. All in less than a second.
It is so rare to implement a technology that solves a problem so elegantly and that doesn’t have any impact on our users. With other technologies, when an email might be malicious, you’ll get a notification along the lines of “hey, we’re not really sure if you want to get this as it might be bad, but if you think it’s legit, please contact your admin and we’ll release it.” It becomes a burden on end-users. I ran Glasswall for two years with zero impact to end-users. This also eliminated computer rebuilds, help-desk tickets and the burden on the SecOps team associated with malicious email.
My team’s skepticism has evaporated and I can now honestly say that in email attachments, I have zero malware. Only Glasswall customers can say that.