SaaS Security - Citrix ShareFile

Avanan provides a full suite of security solutions for customers that use Citrix ShareFile. Avanan connects cloud-based versions of third-party security tools directly to the Citrix customers’ ShareFile infrastructure using the built-in application programming interface (API).

Citrix ShareFile offers file sharing and file collaboration tools that allow employees and outside collaborators to share files. Avanan adds layers of security, privacy, and compliance not offered by Citrix.

Avanan Cloud Security for ShareFile

Citrix ShareFile is a secure file sharing and transfer service. ShareFile provides some security solutions but still does not provide other necessary security solutions. Avanan adds a layer of security that provides the following security features for ShareFile:

  • Malware detection with Antivirus
  • File Sanitization
  • User Anomaly Detection

Security events that are generated by Avanan are actionable, and allow to automate the remediation process. The supported actions are specified below.

Benefits

  • Secure ShareFile files by scanning for Malicious files and Data Leakage (DLP).
  • Generate actionable events on ShareFile malicious content.
  • Integrated solution to protect SaaS platforms, including ShareFile.

Default Policies

There are two default security policies for ShareFile:

  1. ShareFile DLP: scans posted text messages for potentially leaked information, such as Credit Card and SSN.
  2. ShareFile Threat Protection: scans files loaded to ShareFile for malicious content.

The policies include an option to skip generating events on internal communication.

Note: ShareFile engine does not scan personal File Boxes.

Actions

Data Leakage Protection

  • Creating DLP security events for files containing sensitive data
  • Move files containing sensitive data to the vault (where the users cannot share files from)

Malware

  • Creating Malware security events for files containing malicious content
  • Move files containing malicious content to quarantine

Prerequisites

To activate Citrix ShareFile, you must have administrator access to ShareFile.

Configurations

On-boarding

  1. Navigate to SaaS Apps and click Start on the ShareFile app.
  2. The Avanan platform then redirects the user to an authorization page on [URL].
    sharefile onboarding
  3. Using the company’s ShareFile admin account, the user approves access for Avanan.

The minimum required permissions for the Avanan platform are:

  • Users Type: Standard ShareFile Users
  • Content: Read/Write All Files/Folders
  • Management: Manage Enterprise

Notes:

  • We recommend ensuring all folder/file download email notifications are turned off for all participating ShareFile users. This will prevent automatic email notifications for each scanned file.
    • More information about the email notifications is available here
    • How to disable the email notifications is available here.

New Policy Creation

  1. Navigate to the Policy page.
  2. Click Add New Policy.
  3. From the Select SaaS drop-down, select Citrix ShareFile.
  4. From the Choose Security drop-down, select DLP or Malware and click Next.
  5. Select the protection mode required for the policy (Detect and Protect or Monitor).
  6. Based on the policy type:
    1. Select the requested DLP rules.
    2. Choose if you want to activate the scans on internal files (not shared with external users).
    3. Select the tools you want to activate in the scan.
      • DLP
      • Malware
  7. Click Save and Apply.

Stop ShareFile protection

Go to Configuration > SaaS Applications and click Stop for Citrix ShareFile.

Forensics

ShareFile detections are recorded as events for forensic and auditing purposes. The event types depend on the policy type that created the event. For DLP the events include what type of sensitive information was potentially leaked (PII, HIPAA, etc.). 

Slack-Events-page-new