Are your Endpoints Affected by the SolarWinds Sunburst Attack?

By Oleg Mogilevsky, Product Marketing Manager, Threat Prevention

The SolarWinds Sunburst attack outburst has already affected 18,000 companies and government offices worldwide.  To help quickly determine whether your organization is affected, Check Point has immediately provided updates to its endpoint security solution, SandBlast Agent, enabling it to pinpoint the presence of Sunburst indicators associated with endpoint activity across your organization.

To help you rapidly investigate and mitigate the current attack and ensure your organization is protected from future endpoint cyber threats, Check Point offers a free license of its SandBlast Agent for 3 months.

The world is facing what seems to be a Generation V cyberattack – a sophisticated, multi-vector with high operational security awareness, and presumably carried-out by nation-state actors. Named by researchers Sunburst, it is believed to be one of the most sophisticated and severe attacks ever seen in the wild. The tactics employed by the threat actor successfully bypassed the security precautions of highly skilled security teams.

As the news broke, Check Point Research started its investigation into the nature of the attack and confirmed SolarWinds was exploited to craft a sophisticated supply-chain attack. Our researchers provided valuable insights combined with guidance on the best practices for identifying and mitigating the impact of the hack.  One of the most challenging aspects in assessing the attack is that a significant number of organizations worldwide are still unaware if they are affected by the Sunburst attack.


Sign up now to get your complimentary SandBlast Agent free trial for 3 months to check your endpoints for Sunburst attack compromise


How SandBlast Agent helps you determine whether you are at risk?

To help you rapidly determine whether your organization is affected, Check Point made updates ensuring SandBlast Agent can pinpoint the presence of Sunburst indicators associated with endpoint activity across the environment.

One of the SandBlast Agent’s key components is the unique threat hunting capability that provides detailed visibility into infected assets and correlates such activity with the MITRE ATT&CK™ Framework. It enables SandBlast Agent to provide all the support required to hunt for Sunburst indicators associated with the endpoint activity.

As shown in the screenshot below, since the Sunburst attack’s initial announcement, Check Point has updated the pre-defined queries of the threat hunting solution to look for Sunburst indicators automatically. This is intended to simplify the search for indicators of Sunburst activity and to enable organizations to rapidly determine risk levels and define remediation plans.

Activating Threat Hunting within SandBlast Agent is a simple process. An administrator would open the user interface, access either the “Threat Prevention” or “Forensics” tabs of the “Policy” section, and toggle the “Threat Hunting” switch to “On”. From there the only additional step is to save the policy change and install it on the management server.

Once these changes are made, SandBlast Agent will populate data into the Threat Hunting interface, enabling administrators to hunt for related events.

Getting started is as simple a 1-2-3

To help get started quickly so you can keep your organization’s endpoints secure and corporate data safe, Check Point is offering a special promotion to start using SandBlast Agent today.

To get started, click here to sign up for the free trial and connect to our SandBlast Agent cloud-based portal.

  • Follow the instructions to download SandBlast Agent with threat hunting solution included and perform the steps outlined in the blog.
  • Additionally, you may always reach out to our endpoint security expert, who will be able to assist throughout the onboarding process and/or demo these capabilities in advance

Sign up now to get your complimentary SandBlast Agent free trial for 3 months and check your endpoints for Sunburst attack compromise


SandBlast Agent prevents the most imminent threats to the endpoint such as ransomware, phishing, or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.

Use this free trial to perform endpoint checkups for the Sunburst attack compromise, protect and prevent any potential damage to the organization’s endpoints.