Session Recording 7.18 – support for dynamic recording and app launch logging

What is Session Recording? Session Recording is a security feature available only in Citrix XenApp & XenDesktop Platinum Edition. It uses flexible policies to automatically trigger recordings when a session is started. This enables IT to monitor and examine user activity in the virtualized session, such as having the ability to determine that someone accessed financial operations systems or healthcare patient information systems. The fact that IT can see these actions demonstrates internal control, thus helping to ensure regulatory compliance and successful security audits. Similarly, it also aids in technical support by speeding problem identification and time-to-resolution.

Here is a quick reminder regarding the Feature Matrix that Session Recording keeps delivering!

In today’s digital workspaces, as the use of virtual apps and desktops increases, so do security concerns for these IT resources.  Malicious users and other unauthorized connections may cause damage to the whole system and confidential enterprise information may be inadvertently disclosed. We may ignore that security problems arise not only from the untrusted outsiders, but also from the ‘trusted insiders,’ which is a challenging task to IT administrators. While there are numerous tools to grant access to the servers and other resources, it is absolutely essential to track what users are doing when they access IT resources. This is where a robust mechanism for recording and playback of sessions like Session Recording will help.

As you may be aware, Session Recording leverages policies matching to record when a user starts or reconnects his session. Also thanks to Citrix Director integration, you can flexibly force recording to occur whenever a user’s next logon occurs. The benefit of this is that it reduces time needed for auditing or troubleshooting.

With the intention of recording as a preventive security approach where recording needs to be more dynamic, which also echos the Citrix Analytics announcement of early May 2018 and the Citrix Synergy 2018 Keynote, Session Recording provides unique value in our portfolio in securing customer’s digital workspaces. In order to introduce a complete security solution aligned with the Citrix Analytics service, the latest dynamic session recording — Session Recording 7.18 — is being introduced.

Dynamic session recording

This feature is all about empowering the IT admin to use recording as a security approach — as a preventive action — in addition to functioning as a flexible troubleshooting tool.

With this feature, you can manually trigger it to start or stop recording for a specific desktop or application session launched by any user at any time during the session.

With dynamic session recording, we provide a set of PowerShell commands to be used, to start, stop and get-recording-status. In addition, if you have your own monitoring tool, certainly you can consume those commands for a joint solution.

Let’s see how we can use it.

Similarly, considering of another scenario, when an end user reports an issue and needs some timely support, what can the IT admin do?

Now, with the new capability of recording in the middle of a session, these new actions are now possible:

  • Find the user session and query the current recording status with Get-RecordingStatus command
  • Not being recorded? Okay, let’s start the recording to see what’s going on.
  • Stop the recording when we have enough data for troubleshooting.

That’s everything the administrator needs to do and that’s how dynamic session recording can be – a powerful tool to facilitate administration in day-to-day work life. Please refer to the Citrix documentation in detail about those commands.

What’s more, Session Recording enhances a major use case — activity monitoring by introducing additional event logging capability. This was added based on valuable feedback and customer surveys from our previous release. Let’s learn more:

App launch logging – Tech Preview

One of the biggest challenges for security teams is alerts fatigue — with thousands of security events generated every day and limited security teams, it is important to maximize the ability to quickly and accurately respond to potential threats.

While having ability to see the recording of user activity is important, it could quickly turned into a problem if we cannot quickly sort through large amounts of data.

That’s why we started adding features that enables security expert to quickly identify the most critical parts of recorded data — first by showing idle times that can be skipped, later by including information about USB insertion and CDM mapping events.

Now we are extending this by adding the ability to make a special note whenever one of the specified processes is launched (such as command prompt) to simplify and fasten the navigation in session recording.

Please refer to Session Recording configuration documentation — “Log application starts” to configure AppMonitorList accordingly.

With this feature, the IT administrators can easily search for events of a particular application launch on specific server on particular day from large amounts of recordings and can locate the events during playback in the Session Recording Player.

Thus, a key benefit of this new event is that administrators can make decisions and analyze based on user behavior.

We keep improving Session Recording and your feedback is critical for us, let us know what is important for you or if there are any features you would like to see in upcoming releases.

Citrix TechBytes – Created by Citrix Experts, made for Citrix Technologists! Learn from passionate Citrix Experts and gain technical insights into the latest Citrix Technologies.

Click here for more TechBytes and subscribe.

Want specific TechBytes? Let us know!