Detecting Brute Force Attacks with ExtraHop

See how many times people have tried incorrect passwords on your network, and break it out by username and IP address.

Attackers are growing smarter every day, coming up with new and inventive ways to infiltrate and exploit your environment. Well, some of them are anyways. Then there are lazy attackers who rely on brute force attacks. Brute force attacks involve a malicious program trying every password it can think of until it guesses the one you came up with on your first day at the office. (In retrospect, "GrumpyCat123" wasn't exactly you at your creative best either.) But luckily for you, you've got ExtraHop.

With the ExtraHop Active Directory bundle, you can see how many times people have tried incorrect passwords in your network and break out those attempts by username and IP address. You can also see transaction-level details about all Kerberos requests, so you can figure out whether the failed attempts are simply the result of a user forgetting their password or something more sinister.

Flash Gordon

Don't know much about bundles? Don't understand how they work? No problem. The new Active Directory Bundle Walkthrough will explain step-by-step how to download, install, and configure the bundle. And it'll also show you how to investigate Kerberos brute force attacks after you've got everything set up. Click here to get started!

Subscribe to our Newsletter

Get the latest from ExtraHop delivered straight to your inbox.