IT Central Station is now PeerSpot: Here's why

What is Mimikatz?

Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)

How can businesses protect themselves against Mimikatz malware?

PeerSpot user
66 Answers

Technicalconsult568 - PeerSpot reviewer

Mimiktaz is a post exploitation tool that dumps passwords from memory (credentials theft) and exploit phase generally is the 2nd stage in attack life cycle as mostly said attacker exploit a vulnerability The collected credentials can then be used to access unauthorized information or perform lateral movement attacks.

EDR most probably helps you in detection and protection as it is works in monitoring and collects events,memory dumps...etc

EDR works by providing IOCs which is already provided by EDR vendor and you can also create custom IOCs and also TTPs and front line threat intelligence all those gives you capabilities in early detection exploit phase and knowing who is targeting your organization.

Alex Vakulov - PeerSpot reviewer
Top 5Real User

Mimikatz is not the only one. Actually, there are for example also AzorULT and Cobalt Strike described here - The main methods of infection

Bryan Hurd - PeerSpot reviewer
Real User

Besides having Microsoft Defender which detects this threat, also the newest versions of the Microsoft Operating Systems for endpoints and servers have new functionality to reduce the threat from Mimikatz. Making sure individual users do not have admin rights, implementing least privilege and multi-factor authentication also will help. Drop me a note here or on LinkedIn if additional discussion desired. 

Bozhin Bozhinov - PeerSpot reviewer
Real User

Um, this is Mimi's cat stealing the gold ticket.

Paresh Makwana - PeerSpot reviewer
Top 5LeaderboardReseller

Protection against ransomware requires a multi-layered approach, with both preventative measures and recoverability capabilities. Due to the variety of attack methods, there is no single silver bullet that will provide comprehensive protection. As no protection is 100% effective, organizations must ensure they have recoverability capabilities in place for when they are compromised. Mimikatz malware is mainly used for Password stealing from your device, First we talk about protection that can be happen with couple of tools and awareness .

Preventative Measures

1) End Point Protection -AV product which does not require signature updates or endpoint device scanning, but uses Machine Learning (ML) techniques to identify malware.

2) Perimeter Protection - Sits inline between your company and the Internet, protecting your enterprise from cyberthreats, stopping intellectual property leaks, and ensuring compliance with corporate content and access policies. Product security capabilities provide defence–in– depth, protecting you from a broad range of threats including malicious URL requests, viruses, Advanced Persistent Threats (APTs), zero–day malware, adware, spyware, botnets, cross–site scripting, and much more.

3) Implementation of Privilege Identity Management with 256bit encryption Password vault. Look Out for an Unnecessary Amount of Requested Permissions

4) Recoverability - Offline Backups - This protection essentially involves maintaining an inaccessible, offline backup of data. I believe this offline copy is best offered in the Cloud, so therefore recommend a Managed Backup service for backups.

5) Download Apps Only from Official App Marketplaces.

Buyer's Guide
Endpoint Detection and Response (EDR)
June 2022
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR). Updated: June 2022.
607,127 professionals have used our research since 2012.