CyberSecurity news
FlagThis
Sergiu Gatlan@BleepingComputer
//
SentinelOne experienced a significant service disruption on May 29th that lasted approximately seven hours, impacting enterprise customers globally. According to a root-cause analysis released by the company, the outage was triggered by a software flaw within an infrastructure control system. This flaw led to the unintended removal of critical network routes and DNS resolver rules, resulting in widespread loss of network connectivity. SentinelOne has emphasized that the disruption was not the result of a cyberattack, but rather a software glitch in an automated process.
The company explained that the flaw occurred during the transition of its production system to a new cloud-based architecture using infrastructure as code principles. A control system slated for deprecation was triggered by the creation of a new account. A software flaw in the configuration comparison function misidentified discrepancies and incorrectly applied what it believed to be the correct configuration state, overwriting existing network settings. While customer endpoints remained protected, security teams were unable to access management consoles and other related services.
The incident primarily affected enterprise customers, hindering their ability to manage security operations and access important data. SentinelOne assured customers that their endpoints continued to operate without interruption and that no security data was lost. Federal customers, including those using GovCloud, were unaffected, though they were notified as a precaution. The company has provided a detailed timeline of the outage, which began at 9:37 a.m. ET and was resolved by 4:05 p.m. ET, and is taking steps to prevent future occurrences.
ImgSrc: www.bleepstatic
References :
The company explained that the flaw occurred during the transition of its production system to a new cloud-based architecture using infrastructure as code principles. A control system slated for deprecation was triggered by the creation of a new account. A software flaw in the configuration comparison function misidentified discrepancies and incorrectly applied what it believed to be the correct configuration state, overwriting existing network settings. While customer endpoints remained protected, security teams were unable to access management consoles and other related services.
The incident primarily affected enterprise customers, hindering their ability to manage security operations and access important data. SentinelOne assured customers that their endpoints continued to operate without interruption and that no security data was lost. Federal customers, including those using GovCloud, were unaffected, though they were notified as a precaution. The company has provided a detailed timeline of the outage, which began at 9:37 a.m. ET and was resolved by 4:05 p.m. ET, and is taking steps to prevent future occurrences.
ImgSrc: www.bleepstatic
Share:
References :
- bsky.app: Bsky post talking about the SentinelOne service disruption
- BleepingComputer: Bleapingcomputer articel on SentinelOne Outage.
- www.cybersecuritydive.com: Article about SentinelOne analysis linking service disruption to software flaw
- Techzine Global: Last week's SentinelOne outage was due to a software glitch.
Classification:
- HashTags: #SentinelOne #Outage #SoftwareBug
- Company: SentinelOne
- Target: SentinelOne Customers
- Product: SentinelOne
- Feature: Service Outage
- Type: ProductUpdate
- Severity: Medium