Sundt Construction Cuts Investigation Time by 75% and Gains 24×7 Coverage with SentinelOne
Endless Alerts & Manual Threat-Hunting
When Dan Howard joined Sundt Construction as VP of Information Technology, he inherited a high-performing but lean security team and a fragmented legacy security stack that buried them in noise and left true threats dangerously obscured.
As he assessed the global construction leader’s cybersecurity infrastructure, he uncovered a brittle threat-detection foundation:
- Tens of thousands of alerts per day with no automated triage or prioritization
- No unified correlation layer to validate attacks or map activity across systems
- A small team operating without 24×7 SOC coverage
- No measurable MTTD or SLA-driven detection benchmarks
- Slow, manual incident recovery workflows
- Threat hunting limited to manual log-chasing across disparate tools
With Microsoft security tools, Sundt lacked the automation, depth, and operational scale required to protect a rapidly expanding enterprise. Risk grew exponentially every evening when the team logged off. “The one thing that kept me up most nights was the fact that we just didn’t have visibility into our operations after hours,” Howard explained.
Unified Protection Across Endpoint, Identity, and Cloud
From the historic headquarters of the Manhattan Project to the Moscow American Embassy, from the London Bridge relocation to major U.S. infrastructure projects, Sundt Construction has delivered some of the world’s most iconic builds. As the company scaled, Howard sought cybersecurity defenses as resilient and future-proof as the structures his company creates.
After evaluating multiple solutions, Sundt selected SentinelOne’s Singularity Platform to unify endpoint security, identity protection, and cloud workload coverage under a single, autonomous solution.
“SentinelOne was the clear winner across all our requirements,” Howard said. “It’s part of an overall strategy to help us mature our security practice.”
A major differentiator: managed detection and response. With Wayfinder MDR, Sundt gained a fully staffed, 24×7 SOC, delivering continuous monitoring, threat validation, and rapid response without the financial burden of building equivalent in-house capacity.
In just one week, the Wayfinder pilot delivered clear value. SentinelOne identified and remediated more suspicious issues than previous tools, enabling the Sundt team to begin each morning with sharper focus.
Centralized Security Oversight and 24×7 SOC Coverage
Today, Sundt operates with a real-time view of their entire environment, spanning anomalies, suspicious behavior, endpoint compromises, and malware or ransomware indicators, and enabling rapid triage and precise investigation. They maintain continuous endpoint visibility and can instantly roll back ransomware or malicious modifications to a known-good state, eliminating downtime and removing the need for time-consuming manual recovery.
The shift has been transformative, from “alert hell” to actionable alert indicators.
Purple AI expedites investigations by consolidating telemetry and enabling analysts to query the environment via natural language, collapsing hours of manual correlation into minutes.
Previously, threat hunting required pivoting between tools, stitching events together, and manually validating what mattered. Now, Wayfinder MDR proactively searches for latent threats, including stealthy behaviors or weak signals that haven’t yet triggered alerts, dramatically reducing Sundt’s exposure window.
“The average dwell time for a threat actor is 276 days,” Shedd explained. “That’s why Wayfinder MDR has been so significant for us. It identifies potentially undetected threats in our network.”
With Wayfinder MDR serving as their 24×7 SOC, SentinelOne escalates only priority issues and collaborates with Sundt during daily standups, functioning as a true extension of the internal team.
A Night and Day Security Shift
With SentinelOne, Sundt quickly gained measurable speed, resilience, and operational
Confidence:
- 90% SLA attainment across detection and response
- 72-hour acceleration in ransomware recovery, powered by rollback
- ~75% reduction in investigation and analysis time using Purple AI
- $1.6M saved by not building an in-house SOC
- Hours or days faster threat detection
- Zero alert overload
As Sundt doubled in size the past few years, SentinelOne scaled seamlessly with them, providing security readiness, compliance confidence for upcoming government projects, and a blueprint for continued maturity.
“SentineOne has been a partner and almost a division of our cybersecurity team,” Howard added. “The future is bright and we’re excited to see how SentinelOne’s technology can help us continue to mature our practices here at Sundt Construction.”
