Portnox, which makes zero trust access control solutions, has forged a new integration with SentinelOne, which makes endpoint protection and AI-powered security. This combination of the Portnox cloud-native unified access control platform and SentinelOne’s autonomous endpoint security is designed to let organizations enforce dynamic, machine-speed access policies based on real-time threat detection and behavioral analysis.
The recent Portnox integration with SentinelOne comes on the heels of the company’s recent integration with CrowdStrike. It creates a powerful union between network access enforcement and endpoint protection. By harnessing SentinelOne’s AI-powered prevention, detection, and threat hunting, Portnox Cloud is now able to deliver smarter and more precise access decisions as part of a unified, interconnected security ecosystem. Security is thus strengthened at every connection. This “radically simple cloud-native unified access control platform” lets organizations automatically block or quarantine devices exhibiting suspicious behavior, so that they can effectively isolate threats before they can spread.
“Portnox controls who can access your network, your apps, and your data,” said Denny LeCompte, CEO at Portnox. “With more information we can make better decisions. With our new SentinelOne integration, we can leverage all the information provided by one of the most popular Endpoint Detection and Response agents in the market. Sentinel One has enough data to use AI to detect anomalous behavior. With Portnox integration, we can block the questionable device from gaining access, and if it starts behaving in a suspicious manner after it’s gained access, we can kick that user and their device off of your network and all of SaaS apps until you figure out if it’s a real threat, allowing SentinelOne users to get more out of their existing investment.”
With this integration, Portnox Cloud can now automatically calculate a dynamic risk score for endpoints based on real-time security posture data from SentinelOne. This allows making smarter, faster, and more precise zero trust access decisions – without the headaches of manual configuration or custom scripting. SentinelOne excels at detecting and responding to threats at the endpoint level, using AI-powered prevention, detection, and threat hunting. Portnox, in turn, excels at enforcing adaptive access policies based on risk. Together, they close the loop, so you can automatically incorporate SentinelOne’s findings into Portnox’s access decisions.
“A former university professor, I’m a passionate advocate for optimizing technologies to solve critical customer problems by leveraging empirical, data-driven approaches,” LeCompte indicated. “My disciplined methodologies guide teams to create and execute strategies that drive business growth and improve the lives of professionals in the IT management space.”
The Portnox-SentinelOne integration was built to be ready from day one, with quick enablement through Portnox Cloud’s integration settings, and no coding required, because the API connection is already built, and pre-configured risk scoring rules for infection, management, and dormancy status.
“Portnox Network Access Control upends network engineers’ expectation that NAC has to be painful,” LeCompte said. “Portnox proves that NAC can be simple to deploy and then fade into the background, quietly enforcing all of your security policies.”
So how does it work? Once enabled, Portnox Cloud continuously queries SentinelOne for three key endpoint health indicators. The first is infection status. If SentinelOne flags an endpoint as infected, Portnox automatically applies a higher risk score to that device. This can trigger automated enforcement actions, such as quarantining the device, restricting network access, or requiring remediation before reconnecting.
The second indicator is management status: Devices not managed by SentinelOne are automatically scored as higher risk. This ensures that rogue, unprotected, or BYOD devices without the SentinelOne agent can’t slip through unnoticed.
Finally comes dormancy status. If SentinelOne reports that a device has been inactive for an extended period, Portnox can treat it as potentially vulnerable. Dormant devices often miss critical updates, making them attractive targets for attackers once reconnected.
Portnox then incorporates these signals into its dynamic risk policy engine, adjusting each device’s score in real time. These risk scores directly influence zero trust enforcement policies – allowing only healthy, compliant devices onto your network.
“In today’s distributed IT environments, building a unified and responsive security stack is essential,” LeCompte stated. “Following our recent integration with CrowdStrike, this partnership with SentinelOne is the latest step in our commitment to help customers build a robust security ecosystem. By combining Portnox Cloud’s granular access control with SentinelOne’s autonomous detection and response capabilities, organizations can now enforce zero trust principles not just faster – but smarter. This enables a new level of proactive, AI-driven defense that minimizes risk at every connection point.”