How Organizations Can Detect and Stop Kerberoasting
Illusive’s deception-based Attack Detection System is the most effective and efficient platform for quickly detecting and stopping malicious lateral movement before attackers reach business-critical assets. We recommend the following actions to detect Kerberoasting attempts, reduce their chances of success, and minimize the impact of damaging attacks:
-
TRACK SPN's
Create a list of users with a Service Principle Name (SPN) that are potential targets of Kerberoasting
-
MONITOR EVENTS
Monitor the relevant Windows Event ID in your SIEM
-
UTILIZE COMPLEX PASSWORDS
Ensure that service accounts have long, complex passwords and configure them to expire frequently
-
DECOY ACCOUNTS
Create “decoy” service accounts with fake SPNs
Request a Demo
Register here to get a personalized demonstration of Attack Surface Manager from one of our cyber hygiene experts. Please provide your details and we will contact you shortly.