Endpoint-assisted inspection of encrypted network traffic

What is claimed is: 1. A method, comprising: monitoring, by a monitoring agent executing on an endpoint device, a memory space of the endpoint device associated with an application or a dedicated process hosted by the endpoint device; detecting from the memory space, by the monitoring agent, a handshake initiated between an application hosted on the endpoint device and a remote entity, the handshake initiated to establish an encrypted traffic session between the application and the remote entity; capturing from the memory space of the endpoint device, by the monitoring agent, session key information for the encrypted traffic session between the endpoint device and the remote entity, wherein session keys are established during the handshake and are obtained after the encrypted traffic session is formed; transmitting the session key information to a traffic inspection service hosted on an intermediary device located between the endpoint device and the remote entity over a secure connection; using, by the traffic inspection service, the session key information to decrypt encrypted traffic from the encrypted traffic session, resulting in decrypted traffic; applying, by the traffic inspection service and based on the decrypted traffic comprising cleartext from the encrypted traffic session, a policy to the encrypted traffic session between the endpoint device and the remote entity to determine whether the decrypted traffic is malicious or against the policy; and performing, by the traffic inspection service, a mitigation action in response to a determination that the decrypted traffic is malicious or against the policy. 2. The method of claim 1 wherein the session key information is received by the traffic inspection service before first data packets of the encrypted traffic session are received at the traffic inspection service. 3. The method of claim 1 wherein the monitoring agent conditionally transmits the session key information to the traffic inspection service based on one or more conditions. 4. The method of claim 3 wherein the one or more conditions include a process involved in the encrypted traffic session being malicious. 5. The method of claim 3 wherein the one or more conditions include the encrypted traffic session potentially including personally identifiable information. 6. The method of claim 1 wherein the encrypted traffic session comprises a Transport Layer Security (TLS) session and the handshake comprises a TLS handshake. 7. The method of claim 1 wherein the traffic inspection service comprises a firewall. 8. The method of claim 1 wherein the traffic inspection service comprises an intrusion detection system. 9. The method of claim 1 further comprising receiving, by the monitoring agent from the traffic inspection service, a notification that acknowledges receipt of the session key information. 10. The method of claim 1 wherein the policy comprises a security policy or a data privacy policy. 11. A system, comprising: a monitoring agent installed on an endpoint device, the monitoring agent operative to: monitor a memory space of the endpoint device associated with an application or a dedicated process hosted by the endpoint device; detect from the memory space, by the monitoring agent, a handshake initiated between an application hosted on the endpoint device and a remote entity, the handshake initiated to establish an encrypted traffic session between the application and the remote entity; capture from the memory space of the endpoint device, by the monitoring agent, session key information for the encrypted traffic session between the endpoint device and the remote entity, wherein session keys are established during the handshake and are obtained after the encrypted traffic session is formed; and transmit the session key information to a traffic inspection service hosted on an intermediary device located between the endpoint device and the remote entity over a secure connection; the traffic inspection service operative to: use the session key information to decrypt encrypted traffic from the encrypted traffic session, resulting in decrypted traffic; apply, based on the decrypted traffic comprising cleartext from the encrypted traffic session, a policy to the encrypted traffic session between the endpoint device and the remote entity to determine whether the decrypted traffic is malicious or against the policy; and perform a mitigation action in response to a determination that the decrypted traffic is malicious or against the policy. 12. The system of claim 11 wherein the session key information is received by the traffic inspection service before first data packets of the encrypted traffic session are received at the traffic inspection service. 13. The system of claim 11 wherein the monitoring agent conditionally transmits the session key information to the traffic inspection service based on one or more conditions. 14. The system of claim 13 wherein the one or more conditions include a process involved in the encrypted traffic session being malicious. 15. The system of claim 13 wherein the one or more conditions include the encrypted traffic session potentially including personally identifiable information. 16. The system of claim 11 wherein the encrypted traffic session comprises a Transport Layer Security (TLS) session and the handshake comprises a TLS handshake. 17. The system of claim 11 wherein the traffic inspection service comprises a firewall. 18. The system of claim 11 wherein the traffic inspection service comprises an intrusion detection system. 19. The system of claim 11 wherein the monitoring agent is operative to receive from the traffic inspection service, a notification that acknowledges receipt of the session key information. 20. The system of claim 11 wherein the policy comprises a security policy or a data privacy policy.