All SentinelOne Customers Protected from SolarWinds SUNBURST Attack

SentinelOne Devices are Protected from SUNBURST Backdoor Without Any Software Updates or Configuration Changes

Mountain View, Calif. – December 22, 2020 – SentinelOne, the autonomous cybersecurity platform company, today confirmed that all its customers are autonomously protected from SUNBURST, the malware variant at the heart of the SolarWinds attack campaign, without requiring any updates to the SentinelOne XDR platform. Specifically targeting the finance, government, healthcare, education, and infrastructure verticals, the SolarWinds SUNBURST attack has swept the globe since campaign activation in March.

SentinelLabs, the research division of SentinelOne, has confirmed that devices with SentinelOne agents deployed were excluded from the SUNBURST attack from an early stage, even before any communication with a malicious C2. Technical analysis confirmed that SUNBURST was unable to disable or bypass SentinelOne in any environment.

We’re continuously monitoring and testing the latest SUNBURST variants to ensure our customers remain protected,” said Raj Rajamani, Chief Product Officer, SentinelOne. “Unlike traditional antivirus and other next-gen products, SentinelOne’s autonomous AI and robust anti-tampering protected our customers at the point of attack – without requiring any reactive product updates. Our customers have confidence knowing SentinelOne has them secured.”

Since the news of FireEye’s breach which led to the SUNBURST discovery, SentinelOne has closely followed the campaign and provided regular in-depth analysis and technical guidance to customers and the community-at-large, including:

  • Analysis of the latest IOCs and threat artifacts
  • In-product hunting packs that enable customers to use SentinelOne’s Deep Visibility hunting module for one-click retrospective hunts
  • Surge license authorization to assist customers and partners in need of solutions and assistance
  • Webinar briefings to help cybersecurity leaders communicate with executive and board audiences on today’s cybersecurity attack campaigns

SentinelOne is committed to assisting all enterprises in navigating today’s uncertain cybersecurity climate. To remediate SUNBURST, receive a threat briefing, or conduct a cybersecurity readiness assessment, please contact SentinelOne here.

For further reading, please reference the following materials:

About SentinelOne

SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit or follow us at @SentinelOne, on LinkedIn or Facebook.


Will Clark
fama PR for SentinelOne
E: [email protected]