Anyone know anything about Check Point maybe working with JA3 yet, or plans around this?
A new method of TLS fingerprinting was recently put together called JA3. Rather than simply looking at the certificate used, JA3 parses multiple fields set in the TLS client hello packet sent over during the SSL handshake. The resulting fingerprint can then be used to identify, log, alert and/or block specific traffic.
JA3 looks at the client hello packet in the SSL handshake to in order to gather the SSL version and list of supported ciphers. If supported by the client, it will also use all supported SSL extensions, all supported Elliptic Curves, and finally the Elliptic Curve Point Format.