ProtonBlog(new window)
Subscribe by RSS

The Proton Sentinel high-security program

Dingchao Lu(new window)

Share this page

Today, we are making the Proton Sentinel high-security program available to anyone who wants the highest level of account security protection and support.

If you are subscribed to a Proton Visionary, Lifetime, Family, Unlimited, Business, or Pass Plus plan, you can go to account.proton.me and enable Proton Sentinel in Settings → All settings → Account → Security and Privacy.

The growth of the Proton ecosystem

When we first launched Proton Mail in 2014, we were asked if Proton was a privacy company or a security company. The biggest benefit for Proton users was the seamless end-to-end and zero-access encryption, which prevented even us, the service provider, from looking at our users’ email content. This made us confident that we were at least a pioneering privacy company(new window) fighting against internet surveillance. However, with just a few employees and servers, we knew there was a long way to go before we could also become a pioneering security company.

Nine years later, Proton is now a much more capable organization operating several widely-used internet services. Since our start as a crowdfunded project, we have steadily grown every year since 2014 and invested all our resources into building a private and secure ecosystem. The Proton ecosystem now consists of the following products:

The need for advanced protection

As the Proton ecosystem grew and more people used our services as digital safe havens, Proton Accounts became more attractive as targets for hackers and bad actors. While Proton’s encryption helps reduce some security risks, it is not enough to keep accounts secure. For example, if an attacker gets your Proton Account password, they could log in, read all your encrypted data, and even change your password to lock you out.

Even though Proton has not had any data loss, leaks, or breaches, attackers can potentially get your password by phishing you(new window) or trying leaked passwords from other services in the hope that you may have re-used passwords. This was a major threat, especially for accounts without two-factor authentication, and we had to carefully help many users recover their compromised accounts.

Risks like these were why, in addition to easy-to-use encryption, a lot of other pieces had to be built for Proton to be a reliable security company that users can trust and depend on for their most important communications. This is why under the hood of all Proton products and mostly invisible to our 100 million users, we have been investing heavily in fighting bad actors and securing Proton accounts and infrastructure.

Of Proton’s nearly 500 employees, over 10% have been dedicated to building these anti-abuse and security solutions(new window). As engineers, we were driven to innovate and didn’t want to just rely on legacy systems from third-party vendors. Instead, we decided to build scalable systems from the ground up that would run on our servers in Proton data centers, ensuring our complete control over our data security. We knew that over time, these custom systems would allow our top engineers and analysts to quickly iterate and improve our defenses after each attack, eventually becoming better than anything on the market.

We now employ global teams across three continents dedicated to managing these sophisticated solutions that combine human intellect with machine learning to protect all Proton users around the clock. Some results of our investments include:

  • Our custom spam filtering system, which is at least 60% more accurate than popular systems like SpamAssassin and catches millions of dangerous phishing emails every month.
  • The Proton VPN NetShield Ad-blocker(new window) feature, which in addition to blocking ads, can also prevent users from visiting the over 1 million phishing and malware-infested websites on its blocklists.
  • Our unique account protection system, which thwarts millions of attacker login attempts every month and has reduced compromised accounts by 80%.
  • Our custom traffic protection system, which mitigates hundreds of massive DDoS and brute force attacks each year.

Introducing the Proton Sentinel program

Today, we are launching Proton Sentinel, a high-security program that will allow our teams and systems to better protect users who need the most security. This program was motivated by our years of experience serving high-profile people and organizations from around the world. Some of our most security-demanding users include journalists from the largest publications, governments of several countries, leaders of international peace organizations, heads of major religions, and members of parliaments. Accounts such as these have a high risk of being attacked by criminals or state-backed hackers. We are now ready to provide the same level of advanced protection and support that we reserved for these VIPs to any Proton user that wants it through the Proton Sentinel program.

Users who enable Proton Sentinel will enjoy benefits such as:

  • Advanced protection that will be more likely to detect and challenge suspicious events such as login attempts.
  • Suspicious events will be escalated 24/7 to security analysts who will review the assessments made by our automated systems, providing a level of security that’s only possible by combining AI with human expertise.
  • Support requests related to account security will automatically escalate to trained security specialists.

The Proton Sentinel program distinguishes itself from other enhanced protection programs by going beyond strengthening the default protections (Proton’s defaults are already very secure). Proton Sentinel surpasses everything that has come before due to the human element. 

Accounts enrolled in the Proton Sentinel program are not just monitored 24/7 by software but also by teams of security analysts who are experts at detecting infiltration and account takeover attempts. This provides protection and support that greatly exceeds what is possible via automated systems alone.

Finally, we believe users are the ultimate guardians of their security, so Proton Sentinel users will see more account security alerts and information for self-monitoring. Important events in security logs, such as logins and account changes, will have a new column called Protection, showing any defensive actions our systems took. There will also be other useful information, such as the operating system and device that triggered the event.

Security logs of an account protected by Proton Sentinel from three suspicious login attempts.

How to enable the Proton Sentinel program

The Proton Sentinel program is not for everyone — it likely surpasses most people’s threat model. Additionally, if you share your account with other people and haven’t enabled two-factor authentication, you may not want to join the Sentinel program, as it will increase your chance of being challenged during logins.

Due to the expensive resources required to operate advanced account protection and support, the Proton Sentinel program is limited to the bundled plans with premium access to the whole Proton ecosystem: Proton Unlimited, Family, and Business, along with legacy Lifetime and Visionary accounts. We also offer it with our Proton Pass Plus plan so you can use it to protect your password manager account and, by extension, your passwords, which are some of your most sensitive data.

If you are a high-profile public figure, deal with sensitive data, or might be a target for cyberattacks, you can go to account.proton.me and enable Proton Sentinel in Settings → All settings → Account → Security and Privacy.

You can also learn more about Proton Sentinel in our Support section.

If you have more questions about Proton Sentinel or account security in general, please contact our Support team.

If your team or organization needs the highest level of privacy and security and would like to migrate to Proton, please contact our Sales team.

Protect your privacy with Proton
Create a free account

Related articles

Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr
what is a brute force attack
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage