Blog
Detecting Brute Force Attacks with ExtraHop
See how many times people have tried incorrect passwords on your network, and break it out by username and IP address.
Patrick Kreuch
December 12, 2017
Attackers are growing smarter every day, coming up with new and inventive ways to infiltrate and exploit your environment. Well, some of them are anyways. Then there are lazy attackers who rely on brute force attacks. Brute force attacks involve a malicious program trying every password it can think of until it guesses the one you came up with on your first day at the office. (In retrospect, "GrumpyCat123" wasn't exactly you at your creative best either.) But luckily for you, you've got ExtraHop.
With the ExtraHop Active Directory bundle, you can see how many times people have tried incorrect passwords in your network and break out those attempts by username and IP address. You can also see transaction-level details about all Kerberos requests, so you can figure out whether the failed attempts are simply the result of a user forgetting their password or something more sinister.
Don't know much about bundles? Don't understand how they work? No problem. The new Active Directory Bundle Walkthrough will explain step-by-step how to download, install, and configure the bundle. And it'll also show you how to investigate Kerberos brute force attacks after you've got everything set up. Click here to get started!
Discover more