To Our Customers, Prospects, Partners, and the Cybersecurity Community:
It’s not every day we see a fellow cybersecurity company, especially one with a significant presence serving the federal government, as the subject of a breach. On December 8, FireEye disclosed a sophisticated attack which led to the “unauthorized access of their pen-test tools.” The statement went on to say the company does not know whether the attacker intends to use the stolen tools themselves or publicly disclose them.
We are sad to hear the news; all cybersecurity vendors at some level share a unified purpose of making the world a more secure place. Our thoughts are with our colleagues at FireEye and with their customers. SentinelOne’s commitment to keep customers protected remains unwavering. We innovate to raise the cybersecurity bar to defend our digital way of life.
In this blog, we update on the actions SentinelOne has taken across our SentinelLabs security research team, Vigilance MDR team, and product team in response to the FireEye breach. Our platform is able to detect each and every malware sample associated with the FireEye breach.
Detection is Foundational to Visibility & Protection
We continue to monitor and hunt for relevant IOCs and artifacts related to the breach. We can also confirm that all assets that are seen so far in the wild are detected by the SentinelOne agents, with no upgrade needed. If there are parts of your network that are not protected with SentinelOne, we encourage you to close that gap, even if you need to exceed the number of licenses you have at the moment. We recommend the use of our Rogue system detection to identify the systems that should have an agent deployed. Below this blog, please find a list of hashes based on FireEye’s reporting and our own research that we confirm are covered.
Hunting Pack Released for Every SentinelOne Customer
We’ve already released a bespoke and ready-to-use hunting pack in every customer’s SentinelOne console for retrospective hunting missions. SentinelOne’s industry-leading data retention periods enable lengthy lookbacks for thorough investigations. This customized hunting package enables our customers to know if any of the artifacts related to this breach exist – or have existed – within your enterprise.
We’re Here to Help
SentinelOne is committed to doing the right thing – and we stand by ready to help at no cost. Here are several actionable steps our team suggests:
- SentinelOne Customers: if you’re a Core, Control, or Complete customer and desire custom hunting assistance, our Vigilance MDR team and our Customer Success organizations stand ready to assist. If you need additional agents, we’re ready to assist with rapid deployment. Our 24/7/365 team is ready to help via phone or console.
- Non-SentinelOne Customers: if you need assistance conducting a risk assessment as it relates to the FireEye breach or securing unprotected devices, SentinelOne is ready. We can deploy in minutes without business interruption or restarts. Our team of experts can help quickly determine if any traces of the FireEye beach are in your environment for compliance and executive briefing purposes.
We’re here to help. We’re here to protect. We’re in this together.
Latest FireEye Indicators of Compromise (IOCs)
Read more about Cyber Security
- Ransomware and The Perils of Paying
- What Happened to My Mac? Apple’s OCSP Apocalypse
- macOS Big Sur Has Landed | 10 Essential Security Tips You Should Know
- SentinelOne Guard Rails | Working Together to Secure Better
- Cloud Security | Understanding the Difference Between IaaS and PaaS
- Hiding in Plain Sight | The IoT Security Headache and How to Fix It
- Healthcare and Cybersecurity in the Times of Covid-19
- How to Catch a Spy | Detecting FinFisher Spyware on macOS
- APTs and Defending the Enterprise in an Age of Cyber Uncertainty