Citrix Systems Reduces Risk by Standardizing on McAfee’s Integrated Security Risk Management Platform

Citrix Systems is the global leader and the most trusted name in application delivery infrastructure. More than 215,000 organizations worldwide rely on Citrix to deliver applications of any kind to users anywhere. Citrix customers include 100 percent of the Fortune 100 companies and 99 percent of the Fortune Global 500, as well as hundreds of thousands of small businesses and consumers. The company’s network is accessed daily by more than 10,000 users in its major London, Sydney, and Hong Kong sites and elsewhere.

Protection of global infrastructure and endpoints needed 24/7
“With security threats increasing in complexity and scope, we need to protect our network infrastructure and data around the clock, around the globe, every single day” says Ricardo Bonefont, IT governance and compliance manager at Citrix. “With limited resources for IT security and shrinking windows of availability for patch management, we need all the help we can get to protect against threats, especially zero-day viruses.”

Superior protection, management console, and integration
Citrix conducted an intensive evaluation of the top three anti-virus solutions. “Of these top vendors, McAfee was far superior for several reasons,” says Bonefont. “First, McAfee’s management console, ePolicy Orchestrator, is leaps and bounds ahead of the competition. Not only is it easy to use but it has a long, proven record of success. Second, McAfee offers a seamlessly integrated solution that provides a lot more than just anti-virus protection.”

Adding to its existing arsenal of McAfee security risk management solutions, Citrix purchased McAfee Total Protection (ToPS) for Endpoint to provide anti-virus, anti-spyware, anti-spam, firewall, email filtering, and host intrusion prevention across all 10,000 systems. In addition to integrating all this security risk management functionality in one solution, managed by a single console — McAfee ePolicy Orchestrator (ePO) — McAfee ToPS for Endpoint also provides the scalability Citrix needs, without requiring additional server hardware.

Smooth deployment for Citrix
With the company’s previous anti-virus solution, deployment to all 10,000 nodes had been extremely difficult. Deployment of McAfee ToPS for Endpoint, on the other hand, was easy and fast.

“We simply instructed ePO to uninstall the old software and deploy the new agents and, in less than an hour, we had 500 systems protected by McAfee,” says Bonefont. “The IT Service Desk said it was one of the best deployments in the history of the company; not a single Service Desk ticket was submitted. The ease of deployment really is remarkable.” Citrix estimates the McAfee solution saved $40,000 in deployment costs alone.

ePO eases administration, saves time
“With McAfee ePO, managing security at our endpoints is many times easier than before,” says Bonefont. Customizable dashboards and reports provide at-a-glance visibility that lets Citrix administrators know right away the status of security on the company’s desktops and servers. If they need to update machines, they simply instruct ePO to push the required .DAT or other files to the out-of-date systems. “McAfee ePO has eliminated countless hours of manual intervention for patches, upgrades, and hot fixes.”

Citrix administrators also use ePO to keep the company’s Macintosh users protected. McAfee VirusScan® for Mac protects Mac desktops and can be centrally managed alongside ToPS for Endpoint from the McAfee ePO console.

In addition, McAfee’s superior on-access scanning technology saves administrators time by reducing the number of potential security incidents they need to handle. Since installing McAfee ToPS for Endpoint, Citrix has reduced incident response times by 40 percent.

"With McAfee ePO, managing security at our endpoints is many times easier than before… ePO has eliminated countless hours of manual intervention for patches, upgrades, and hot fixes."

Ricardo Bonefont
IT Governance and Compliance Manager, Citrix Systems

Tangible ROI
Citrix’s arsenal of security tools also includes McAfee Vulnerability Manager which is deployed across the network to mitigate the findings of internal and external audits. Daily and monthly scans are scheduled to run automatically and ensure that vulnerabilities found in audits have been remediated and do not resurface. Vulnerability Manager has reduced remediation time by approximately 70 percent.

With McAfee Vulnerability Manager, Citrix estimates savings of $130,000 from the reduction in hours spent remediating audits, and a return on investment of only one year. And, although the company didn’t calculate savings from freeing up IT administrators, it has calculated a reduction in total expenditure for endpoint protection. The company calculates a hard return on its McAfee ToPS for Endpoint investment of $640,000 after three years.

Encryption protects data on laptops
Because its mobile users present the highest risk for data loss due to device theft, Citrix is also rolling out McAfee Endpoint Encryption to protect the data on its 2,200 laptops. It is also complimented by additional functionality provided by ePO.

Citrix has experienced a 99.5 percent installation success rate with Endpoint Encryption. Upper management and users are all pleased because the encryption solution is completely transparent to them. And, with ePO, they can easily test their deployment methodology before rolling out to the remaining laptops.

Proactively blocking attacks before they occur
Citrix had an intrusion detection system (IDS) but, to provide more robust protection, they recently added McAfee Network Security Platform (formerly McAfee IntruShield). A market-leading intrusion prevention system (IPS), Network Security Platform not only detects all network intrusions but also blocks any unwanted or suspicious intrusions before they can inflict harm. “Since implementing McAfee Network Security Platform, we are aware of — and block — attacks that we would never have known about before,” says Tom Krawczyk, senior security architect at Citrix.

This extra layer of protection for Citrix business information helps the company comply with both regulatory and corporate regulations and the prevention of downtime — caused by unchecked attacks—decreases operational expenses. Network Security Platform also lets Citrix administrators quarantine suspect or vulnerable systems, thus protecting other systems on the network and buying time for patches to be created, tested, and deployed.

Citrix Systems

Customer profile

Leading provider of application delivery infrastructure


High technology

IT environment

The company’s network supports more than 10,000 systems on three continents.


Citrix must protect its global infrastructure and endpoints 24/7.

McAfee solution

  • McAfee Total Protection (ToPS) for Endpoint provides anti-virus, antispyware, firewall, email filtering, and host intrusion prevention across 10,000 systems.
  • McAfee ePolicy Orchestrator (ePO) centralizes management.
  • McAfee VirusScan for Mac protects 600 Mac desktops.
  • McAfee Endpoint Encryption protects data on 2,200 laptops.
  • McAfee Vulnerability Manager detects and helps manage network vulnerabilities.
  • McAfee Network Security Platform prevents unwanted network intrusions.


  • Deployed quickly and easily, saving $40,000 in deployment costs
  • Reduces incident response rate by 40 percent and overall TCO of security risk management
  • Dramatically eases security administration and accelerates patch deployment
  • Reduced remediation time by 70 percent