The True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Arrow pointing leftBlog

Customer Story: Tackling Citrix VDI with Correlated Visibility

How one financial services firm used ExtraHop to solve the unsolvable

Brittany Iwata

November 13, 2017

One of the most common challenges our customers encounter is gaining visibility into Citrix. For IT teams, it's a major challenge because a problem with Citrix often means that end-users feel the effects immediately. If employees can't log in, or if logins are taking a minute or more — as was the case for Seattle Children's Hospital — it can dramatically impact productivity, customer experience, and the bottom line.

Recently, ExtraHop was working with a financial services firm whose Citrix VDI sessions for a remote site had abruptly stopped registering successfully. The Citrix admin spent days trying to troubleshoot the issue, but the narrow visibility delivered by other performance management tools, including Citrix itself, made it nearly impossible to understand when or from where the problem originated.

A call to an ExtraHop systems engineer was all it took to break the case wide open. Leveraging the custom devices capability within ExtraHop to get visibility into the Desktop Delivery Controller (DDC), the Citrix admin and the systems engineer were able to look at all communications between the Citrix VDI and the DDC, and then from the DDC to Active Directory (AD) / DNS / MSSQL, etc.

Within minutes, the Citrix admin was able to use that correlated, cross-tier information to pinpoint precisely when the issue started. A problem that had seemed unsolvable for weeks could now be quickly and easily unraveled.

The admin determined that the Citrix registration errors happened to coincide with some other issues: SYNs received pentupled and accepted connections dropped to 20 percent below previous levels. RTO's increased, as did LDAP requests and DNS fails. Database connections stopped entirely. Even as this was happening, other segments of the IT team were saying that their systems looked green.

Armed with this information, the Citrix admin was able to identify the likely stakeholders and call a meeting with leadership to determine the root cause of the issue. This problem, which had already begun to have a severe impact on branch business operations, is now well on its way to resolution!

Experience RevealX NDR for Yourself

Schedule a demo