Password Spraying

How to detect and mitigate Password Spraying

Password Spraying is a technique that attackers leverage to guess the password of an account. By trying a small number of highly common passwords against large numbers of accounts while also staying below an organization’s defined lockout threshold, the attacker can compromise accounts without any elevated privileges and likely without detection.

Request a Free Trial

Powered by ChronoForms - ChronoEngine.com

STEALTHbits’ Password Spraying Solution

STEALTHbits’ products provide a multitude of ways to detect and mitigate Password Spraying.

Detect Password Spraying Attack

Detection of Password Spraying is possible by looking for patterns that indicate password guessing is taking place across numerous accounts.

APPROACH #1

Bad User ID Attacks

DESCRIPTION

Monitor for attempts to authenticate using non-existent user accounts. Many times, password spraying tools will attempt to guess account names rather than attacking a list of known accounts.

PRODUCT: StealthDEFEND

APPROACH #2

User Account Attacks

DESCRIPTION

Monitor for attempts to authenticate against a large number of user accounts from a single source machine.

PRODUCT: StealthDEFEND

DOWNLOAD OUR COMPLETE ATTACK-TO-PRODUCT MAPPING GUIDE

Download

Mitigate Password Spraying Attack

Mitigation of password spraying is possible by enforcing strong password standards and reducing password sharing across accounts.

APPROACH #1

Enforce Strong Passwords

DESCRIPTION

The best way to mitigate Kerberoasting is to enforce long, complex and regularly changing passwords for service accounts. Also, reduce sharing of passwords across accounts and using easily guessed passwords that may appear in hacker dictionaries.

PRODUCT: StealthINTERCEPT Enterprise Password Enforcer

APPROACH #2

Reduce Password Sharing

DESCRIPTION

Identify when multiple user accounts are sharing the same password and force them to change their password.

PRODUCT: StealthAUDIT

Seeing is believing.

Request a Demo

Resources

StealthAUDIT for Active Directory

Data Sheet

Learn More

StealthDEFEND for Active Directory

Data Sheet

Learn More

StealthINTERCEPT Enterprise Password Enforcer

Data Sheet

Learn More

Free Risk Analysis STEALTHbits' Credentials and Data Security Assessment is your Business-Justification-in-a-Box!x