Skip to content

Reflex

Reflex is SenseOn’s automated response against Ransomware threats, which often spread too quickly for manual human intervention. Utilising multiple detection techniques, Reflex is capable of automatically and rapidly isolating an endpoint or endpoints, quarantining malicious activity and Ransomware strains from spreading. In operation 24/7, SenseOn Reflex works tirelessly to respond to threats, halting the progress of attacks before they become a problem, helping to prevent lateral spread across the network and limiting potential damage.

An example SenseOn case showing Reflex detection and intervention of ransomware infection chain Reflex Case

How Reflex Works

Upon confirmation of ransomware activity, Reflex ensures the device is isolated from the network. All non-essential communication is blocked, preventing further spread. Only connectivity with the SenseOn platform remains active to enable response actions. Reflex can be configured in one of two modes:

  • Automatic: The device is isolated immediately upon detection.
  • Manual Approval: Reflex issues an alert to approve or deny device isolation. This offers more control while maintaining confidence, as Reflex has reported zero false positives to date.

Reflex Configuration

Configure Reflex to either isolate devices automatically or require manual approval from an authorised user. To do this, you will first need to create segments in order to define configuration for given devices.

💡 Segment creation: To create a segment go to Settings > Device Segments > Create New Segment

Create a new segment option in SenseOn interface

Once you have created the segment to which you wish to apply Reflex configuration, select to edit the configuration of that segment.

💡 Apply Configuration: To apply a configuration, go to Device Configuration and select the segment you wish to apply the settings to. Click edit to change a setting.

Edit options for a segment in SenseOn UI

Under Reflex, select your desired configuration for Reflex in that particular device segment.

Configure Reflex Mode

Key Benefits

Benefit Description
Early Ransomware Detection Identifies and responds to aggressive ransomware activity before it has a chance to spread.
Stops Lateral Movement Immediately isolates affected devices, preventing spread to other endpoints.
Zero False Positives Reflex has demonstrated high accuracy, reducing the need for administrator validation.
Operational Flexibility Supports both automatic and manual containment modes depending on customer preference.
Seamless Integration Runs in the background with minimal impact to normal operations or device performance.

Use Cases

Reflex is especially valuable in environments where: - Ransomware is a high-priority threat. - Fast containment is critical to business continuity. - SOC teams require confidence in automated response. - Security operations seek to minimise manual overhead.

Who Should Use Reflex?

Reflex is ideal for: - Security Operations Centres (SOCs) aiming to reduce incident response time. - CISOs and IT Leaders needing assurance against ransomware outbreaks. - Incident Responders looking for tools to limit impact without manual intervention.