NetScalerⓇ has introduced a new feature within Application Delivery Management (ADM) Service called File Integrity Monitoring that will help you determine if changes have been made to your NetScaler build files.
The challenge: Unapproved changes in your NetScaler build files
Even when you take all precautions to prevent unapproved changes to the core build files for NetScaler, subtle manipulation of these files can go unnoticed, allowing attackers to operate undetected.
Compounding this problem is the sheer volume of files within NetScaler. Monitoring each of these files for changes manually is an enormous task, prone to error, and often insufficient for detecting subtle or rapid alterations. Even with existing security measures in place, the dynamic nature of cyber threats demands a more proactive approach to identifying unauthorized modifications to your NetScaler build files.
NetScalerⓇ File Integrity Monitoring provides you with valuable insights that help you manage this risk.
The response: NetScaler File Integrity Monitoring
NetScaler File Integrity Monitoring proactively identifies any changes in the very core of your NetScaler ADCs — the build files.
How it works:
NetScaler File Integrity Monitoring examines the integrity of your NetScaler build files. Think of it as a digital fingerprint: NetScaler will compare the binary hash value of your current NetScaler build against the original binary hash linked to the same NetScaler build. Discrepancies in the NetScaler build files identified by this feature will be flagged for your attention.
/applications/core/interface/js/spacer.png" data-src="/monthly_2023_08/image.jpg.d4e4d5cc7fc956162ef319ba172e407c.jpg" data-ratio="41.68" width="1526" class="ipsImage ipsImage_thumbnailed" alt="image.jpg">
1. On-demand scan: Run file integrity scans as needed.
2. Reliable comparisons: NetScaler ADM stores the original binary hashes of files across all NetScaler build releases and compares them against your existing NetScaler files. Any detected deviation raises a red flag for further investigation. Please proceed with your organization's digital forensics procedure if you see any changes.
3. File altered and file added: File Integrity Monitoring helps detect changes in the existing NetScaler build files as well as files added to your NetScaler build.
How to use File Integrity Monitoring
Go to the Security Advisory section of the NetScaler Application Delivery Management dashboard, click the File Integrity Monitoring tab, and run an on-demand scan:
/applications/core/interface/js/spacer.png" data-src="/monthly_2023_08/image.jpg.ef626e59156072717c15a06bdb5652d6.jpg" data-ratio="25.53" width="940" class="ipsImage ipsImage_thumbnailed" alt="image.jpg">
You can view the identified NetScaler ADCs and the list of files that were changed or added:
/applications/core/interface/js/spacer.png" data-src="/monthly_2023_08/image.jpg.fa3acd2c46127c744ba1916370842c11.jpg" data-ratio="47.66" width="940" class="ipsImage ipsImage_thumbnailed" alt="image.jpg">
Click the existing files that were modified or on the newly added files to see the impacted file names:
/applications/core/interface/js/spacer.png" data-src="/monthly_2023_08/image.jpg.ba886f810f81435e94926f450f733a3f.jpg" data-ratio="46.6" width="940" class="ipsImage ipsImage_thumbnailed" alt="image.jpg">
/applications/core/interface/js/spacer.png" data-src="/monthly_2023_08/image.jpg.1aa6f41dd027b2f5f2af69654665c893.jpg" data-ratio="50.43" width="940" class="ipsImage ipsImage_thumbnailed" alt="image.jpg">
This proactive approach will help you detect file changes early so you can take immediate action to secure your NetScaler ADCs.
To learn more about NetScaler File Integrity Monitoring, refer to the documentation.
Note that File Integrity Monitoring is available only with the cloud-hosted NetScaler Application Delivery Management (ADM) Service. If you do not yet have access to NetScaler ADM Service, get started today.
DISCLAIMER
Please note that NetScaler File Integrity Monitoring (“the Feature”) is not capable of detecting all techniques, tactics, or procedures (TTPs) threat actors may use when targeting relevant environments. Threat actors change TTPs and infrastructure frequently, and therefore the Feature may be of limited to no forensic value as to certain threats. You are strongly advised to retain the services of experienced forensic investigators to assess your environment in connection with any possible threat.
This document and the information contained in it is provided as-is. Cloud Software Group, Inc. makes no warranties or representations, whether express or implied, regarding the document or its contents, including, without limitation, that this document or the information contained in it, is error-free or meets any conditions of merchantability or fitness for a particular purpose.
- Read more...
- 0 comments
- 14,359 views