Called Deep Visibility, it uses the kernel hooks already present in the SentinelOne Endpoint Protection Platform to see the cleartext traffic at the point of encryption, and again at the point of decryption. Detecting the presence of malware through recognition of malicious encrypted traffic then allows the security team to pivot to the response part of the SentinelOne platform and take remedial action.
The traditional route for seeing into encrypted traffic is to decrypt it at a firewall and examine it there in a sort of benign man-in-the-middle attack. The company’s solution doesn’t need some form of man-in-the-middle decryption to see what is happening. Furthermore, if decryption is done at the firewall, the performance of both the firewall and the endpoint is impacted.
By using endpoint protection and response engine, the company has increased security analysts’ view into potential threats without requiring an additional agent on the endpoint. If endpoints are seen displaying worrying characteristics, the security analyst can either immediately stop those endpoints from connecting to the network to spread an infection; or just roll back the endpoints if they display ransomware characteristics.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now