SentinelOne has released a free SUNBURST identification tool to help enterprises determine attack readiness. The open-source assessment tool allows users to identify if the SUNBURST malware variant at the heart of the SolarWinds attack campaign would have infected their devices.
The SUNBURST attack highlights the risks and realities of a supply-chain attack. Multiple third-party researchers report the cybersecurity products deployed in impacted enterprises. SentinelOne’s free utility tool helps enterprises of all sizes determine their readiness with their existing product set and team by helping any SolarWinds Orion customer determine impact retroactively. The tool also helps non-SolarWinds Orion customers determine if their endpoint vendor would have stopped this high-impact nation-state attack.
The release of SentinelOne’s SUNBURST tool follows SentinelOne’s confirmation that all of its customers are protected from SUNBURST, without requiring any updates to the SentinelOne XDR platform. The free tool is designed to identify processes, services, and drivers that SUNBURST attempts to identify on the victim’s machine and provide definitive evidence if a device would have been impacted.
“The sophistication and scale of the SolarWinds attack campaign present a level of cyber risk that is rarely seen,” said Brian Hussey, VP of Cyber Threat Response, SentinelOne. “Many traditional antivirus and next-gen solutions lack native anti-tampering functionality and were disabled by SUNBURST prior to product updates being made, leaving thousands of organizations exposed. SentinelOne’s autonomous AI and robust anti-tampering capabilities have secured all of our customers against the attack. In addition to continually monitoring and testing the latest SUNBURST variants to ensure our customers remain protected, our SUNBURST tool allows the community-at-large to easily measure their security tools’ effectiveness against SUNBURST activity and mitigate subsequent risk.”
The tool leverages the same logic that SUNBURST uses to obtain a list of running processes, services, and drivers. It then applies the same SUNBURST hashing algorithm, performs a blacklist check, and immediately provides check results on the user’s console. In addition to the free assessment tool, SentinelOne has closely followed the campaign and provided regular in-depth analysis and technical guidance to customers and the cybersecurity community, including:
- Analysis of the latest IOCs and threat artifacts
- In-product hunting packs that enable customers to use SentinelOne’s Deep Visibility hunting module for one-click retrospective hunts
- Surge license authorization to assist customers and partners in need of solutions and assistance
- Webinar briefings to help cybersecurity leaders communicate with executive and board audiences on today’s cybersecurity attack campaigns