American cybersecurity firm SentinelOne revealed over the weekend {that a} software program flaw triggered a seven-hour-long outage on Thursday.
This huge outage affected a number of customer-facing providers in what SentinelOne described as a “international service disruption.”
SentinelOne acknowledged the outage in a put up printed Thursday, reassuring prospects that their techniques have been nonetheless protected.
“Buyer endpoints are nonetheless protected at the moment, however managed response providers is not going to have visibility. Menace knowledge reporting is delayed, not misplaced. Our preliminary RCA suggests this isn’t a safety incident,” SentinelOne stated.
In a root trigger evaluation issued two days later, the corporate confirmed the incident’s root trigger was not a cyberattack or a safety breach however a software program flaw in an infrastructure management system that deleted crucial community routes and DNS resolver guidelines robotically, which brought on most providers to go down in all areas.
Companies have been introduced down in any case required connecting infrastructure turned reachable after a flaw in an outgoing cloud administration perform led to the restoration of an empty backup of the AWS Transit Gateway route desk.
“SentinelOne is at the moment within the means of transitioning our manufacturing techniques to a brand new cloud structure constructed on Infrastructure-as-Code (IaC) ideas. The deletion occurred after a soon-to-be-deprecated (i.e. outgoing) management system was triggered by the creation of a brand new account,” SentinelOne defined.
“A software program flaw within the management system’s configuration comparability perform misidentified discrepancies and utilized what it believed to be the suitable configuration state, overwriting beforehand established community settings. As this outgoing management system is now not our supply of reality for community configurations, it restored an empty route desk.”
Because of this outage, programmatic entry to the corporate’s providers was additionally interrupted, whereas Unified Asset Administration/Stock and Id providers have been additionally introduced down, blocking prospects from viewing vulnerabilities or accessing identification consoles.
The corporate added that the outage could have impacted knowledge ingestion from numerous third-party providers, in addition to Managed Detection and Response (MDR) alerts.
SentinelOne says the purchasers’ endpoints remained protected, regardless that their safety groups could not log into the SentinelOne administration console, entry SentinelOne knowledge, or handle SentinelOne providers.
Guide patching is outdated. It is gradual, error-prone, and difficult to scale.
Be a part of Kandji + Tines on June 4 to see why outdated strategies fall brief. See real-world examples of how trendy groups use automation to patch sooner, reduce threat, keep compliant, and skip the advanced scripts.
