American cybersecurity firm SentinelOne revealed over the weekend {that a} software program flaw triggered a seven-hour-long outage on Thursday.
This large outage affected a number of customer-facing providers in what SentinelOne described as a “international service disruption.”
SentinelOne acknowledged the outage in a submit revealed Thursday, reassuring clients that their programs have been nonetheless protected.
“Buyer endpoints are nonetheless protected at the moment, however managed response providers won’t have visibility. Menace knowledge reporting is delayed, not misplaced. Our preliminary RCA suggests this isn’t a safety incident,” SentinelOne stated.
In a root trigger evaluation issued two days later, the corporate confirmed the incident’s root trigger was not a cyberattack or a safety breach however a software program flaw in an infrastructure management system that deleted essential community routes and DNS resolver guidelines routinely, which precipitated most providers to go down in all areas.
Companies have been introduced down in any case required connecting infrastructure turned reachable after a flaw in an outgoing cloud administration operate led to the restoration of an empty backup of the AWS Transit Gateway route desk.
“SentinelOne is presently within the technique of transitioning our manufacturing programs to a brand new cloud structure constructed on Infrastructure-as-Code (IaC) rules. The deletion occurred after a soon-to-be-deprecated (i.e. outgoing) management system was triggered by the creation of a brand new account,” SentinelOne defined.
“A software program flaw within the management system’s configuration comparability operate misidentified discrepancies and utilized what it believed to be the suitable configuration state, overwriting beforehand established community settings. As this outgoing management system is not our supply of fact for community configurations, it restored an empty route desk.”
Because of this outage, programmatic entry to the corporate’s providers was additionally interrupted, whereas Unified Asset Administration/Stock and Id providers have been additionally introduced down, blocking clients from viewing vulnerabilities or accessing identification consoles.
The corporate added that the outage could have impacted knowledge ingestion from numerous third-party providers, in addition to Managed Detection and Response (MDR) alerts.
SentinelOne says the shoppers’ endpoints remained protected, regardless that their safety groups could not log into the SentinelOne administration console, entry SentinelOne knowledge, or handle SentinelOne providers.
Handbook patching is outdated. It is gradual, error-prone, and hard to scale.
Be part of Kandji + Tines on June 4 to see why previous strategies fall brief. See real-world examples of how fashionable groups use automation to patch sooner, minimize danger, keep compliant, and skip the advanced scripts.
