STEALTHbits’ products provide a multitude of ways to detect and mitigate Password Spraying.
Detection of Password Spraying is possible by looking for patterns that indicate password guessing is taking place across numerous accounts.
Bad User ID Attacks
Monitor for attempts to authenticate using non-existent user accounts. Many times, password spraying tools will attempt to guess account names rather than attacking a list of known accounts.
User Account Attacks
Monitor for attempts to authenticate against a large number of user accounts from a single source machine.
Mitigation of password spraying is possible by enforcing strong password standards and reducing password sharing across accounts.
Enforce Strong Passwords
The best way to mitigate Kerberoasting is to enforce long, complex and regularly changing passwords for service accounts. Also, reduce sharing of passwords across accounts and using easily guessed passwords that may appear in hacker dictionaries.
Reduce Password Sharing
Identify when multiple user accounts are sharing the same password and force them to change their password.