In the age of remote work, it is critical for organizations to provide easy and secure access to corporate applications and resources from anywhere, on any device, and on the go. The challenge is that traditional perimeter-based solutions implicitly trust all endpoints and do not check endpoint health before granting access to enterprise applications and resources. 

As more work is done on remote endpoints, the attack surface for malicious users increases. With the old perimeter-based access control solutions, stopping attacks from compromised and uncontrolled endpoints becomes increasingly difficult. As a result, organizations of all sizes are turning to Zero Trust network access to simplify access control and improve resource security. One of the key pillars of the Zero trust philosophy is establishing device trust before allowing an end user to access corporate resources.

Why Citrix and CrowdStrike Integration?

Integrating Citrix and CrowdStrike technology gives customers unique capabilities to implement Smart Zero Trust access. It allows administrators to use CrowdStrike Security Posture Assessment as part of Device Posture access policies to enable secure contextual access to Citrix Virtual Apps & desktops, SaaS & Web apps and more. Our combined solution provides a single pane of glass to enforce access control to corporate resources before allowing an end user to login, ensuring that a compromised device never gets access to a protected resource.

How it Works:

CrowdStrike Falcon Zero Trust Assessment (ZTA) delivers a continuous real-time security posture assessment of an end device by calculating a ZTA security score. The ZTA score of an end device indicates the device’s health. A higher ZTA score means that the posture of the end device is better.

Citrix Device Posture Service can enable contextual access (Smart Access) to Citrix Desktop as a Service (DaaS) and/or Citrix Secure Private Access (SPA) resources by using the ZTA score of an end device.

Device Posture administrators can use the ZTA score as part of policies and classify the end devices as compliant, non-compliant (partial access), or even deny access. For example: an end user connecting from a device with a CrowdStrike ZTA score of less than 70 can be categorized as non-compliant and will have access to a limited set of applications and desktops, with watermarking enforced.

ZTA score policies are supported for Windows and macOS platforms.

With Citrix Device Posture Service, administrators can use CrowdStrike ZTA score as part of Citrix Device Posture Service policies to enforce permission control (smart control) over end-user actions, such as print, copy/paste, delete, download, etc., for your Citrix DaaS and SPA environment. For example: an end user connecting from a personal device (BYO) with a CrowdStrike ZTA score less than 60 can be categorized as non-compliant and will not be allowed to download any information on that end device.

The Smart control capability provides administrators with granular control over the actions end users can perform based on the trust level of an end device.

The combination of the Device Posture’s native scans with CrowdStrike Falcon’s ZTA score gives your organization a straightforward way to create and enforce granular least-privilege-access policies to enable secure access to native apps, virtual apps, SaaS and internal web apps, desktops, and files on any device, from anywhere, delivered with the resiliency and scalability of Citrix Cloud.

Learn more about Citrix Device Posture Service in our product documentation.


Disclaimer: The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.