How Organizations Can Detect and Stop Kerberoasting
Illusive’s deception-based Attack Detection System is the most effective and efficient platform for quickly detecting and stopping malicious lateral movement before attackers reach business-critical assets. We recommend the following actions to detect Kerberoasting attempts, reduce their chances of success, and minimize the impact of damaging attacks:
-
TRACK SPN's
Create a list of users with a Service Principle Name (SPN) that are potential targets of Kerberoasting
-
MONITOR EVENTS
Monitor the relevant Windows Event ID in your SIEM
-
UTILIZE COMPLEX PASSWORDS
Ensure that service accounts have long, complex passwords and configure them to expire frequently
-
DECOY ACCOUNTS
Create “decoy” service accounts with fake SPNs
Eliminate Today's Top Attack Vector
Are ONE IN SIX of your endpoints leaving you vulnerable to attack? Discover and automatically remediate identity vulnerabilities throughout your environment by getting a demo today.