-

SentinelOne Releases Free SUNBURST Attack Identification Assessment Tool

Tool Enables Enterprises to Emulate SUNBURST and Identify Cybersecurity Readiness

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--SentinelOne, the autonomous cybersecurity platform company, today released a free SUNBURST identification tool to help enterprises determine attack readiness. The open-source assessment tool allows users to identify if the SUNBURST malware variant at the heart of the SolarWinds attack campaign would have infected their devices.

The SUNBURST attack highlights the risks and realities of a supply-chain attack. Multiple third-party researchers report the cybersecurity products deployed in impacted enterprises. SentinelOne’s free utility tool helps enterprises of all sizes determine their readiness with their existing product set and team by helping any SolarWinds Orion customer determine impact retroactively. The tool also helps non-SolarWinds Orion customers determine if their endpoint vendor would have stopped this high-impact nation-state attack.

The release of SentinelOne’s SUNBURST tool follows SentinelOne’s confirmation that all of its customers are protected from SUNBURST, without requiring any updates to the SentinelOne XDR platform. The free tool is designed to identify processes, services, and drivers that SUNBURST attempts to identify on the victim's machine and provide definitive evidence if a device would have been impacted.

“The sophistication and scale of the SolarWinds attack campaign presents a level of cyber risk that is rarely seen,” said Brian Hussey, VP of Cyber Threat Response, SentinelOne. “Many traditional antivirus and next-gen solutions lack native anti-tampering functionality and were disabled by SUNBURST prior to product updates being made, leaving thousands of organizations exposed. SentinelOne’s autonomous AI and robust anti-tampering capabilities have secured all of our customers against the attack. In addition to continually monitoring and testing the latest SUNBURST variants to ensure our customers remain protected, our SUNBURST tool allows the community at-large to easily measure their security tools' effectiveness against SUNBURST activity and mitigate subsequent risk."

The tool leverages the same logic that SUNBURST uses to obtain a list of running processes, services, and drivers. It then applies the same SUNBURST hashing algorithm, performs a blacklist check, and immediately provides check results on the user’s console.

In addition to the free assessment tool, SentinelOne has closely followed the campaign and provided regular in-depth analysis and technical guidance to customers and the cybersecurity community, including:

  • Analysis of the latest IOCs and threat artifacts
  • In-product hunting packs that enable customers to use SentinelOne’s Deep Visibility hunting module for one click retrospective hunts
  • Surge license authorization to assist customers and partners in need of solutions and assistance
  • Webinar briefings to help cybersecurity leaders communicate with executive and board audiences on today’s cybersecurity attack campaigns

To remediate SUNBURST, receive a threat briefing, or conduct a cybersecurity readiness assessment, please contact SentinelOne here.

For further reading, please reference the following materials:

About SentinelOne

SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit www.sentinelone.com or follow us at @SentinelOne, on LinkedIn or Facebook.

Contacts

Jake Schuster
fama PR for SentinelOne
E: S1@famapr.com

SentinelOne


Release Summary
Tool Enables Enterprises to Emulate SUNBURST and Identify Cybersecurity Readiness
Release Versions

Contacts

Jake Schuster
fama PR for SentinelOne
E: S1@famapr.com

More News From SentinelOne

LABScon 2023 | Empowering the Cybersecurity Community Through Advanced Research

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--SentinelOne (NYSE: S), a leading autonomous cybersecurity platform company, today announced the return of LABScon, the premier conference dedicated to advancing cybersecurity research for the benefit of global digital defense. The exclusive, invite-only event will take place at the Omni Scottsdale Resort & Spa at Montelucia in Scottsdale, AZ September 20-23, and researchers are encouraged to submit original findings via the conference website to secur...

SentinelOne® Achieves FedRAMP High In-Process Designation

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--SentinelOne announced today that the SentinelOne Singularity™ Platform has achieved the FedRAMP High In-Process designation from the FedRAMP PMO....

SentinelOne® Sets New Standard for Cloud Security

SAN FRANCISCO--(BUSINESS WIRE)--SentinelOne (NYSE: S) is taking cloud security to new levels. The autonomous security platform company today announced early access to the integration it is developing with Wiz, which will empower companies of all sizes to quickly and easily identify, prioritize, and fix cloud security threats more efficiently. The news comes during RSA Conference 2023, the premier cybersecurity event being held at the Moscone Center in San Francisco this week. “Successfully tack...
Back to Newsroom