2020-07-02T07:51:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
  • 6
  • 229

What is Mimikatz?

How can businesses protect themselves against Mimikatz malware?

6
PeerSpot user
6 Answers
SP
Managing Member at Pender & Associates
Real User
Top 5Leaderboard
2020-07-03T08:18:33Z
Jul 3, 2020

Mimikatz is a tool developed by Benjamin Delpy that is used to gather credential data from Windows systems. There are many ways in which an attacker can utilize it. Although some security products block it by its hash or name, this is highly ineffective since anyone can compile Mimikatz as new versions making its hash unknown to reputation services. The SentinelOne agent prevents this by identifying and blocking it from reading the device passwords. In addition to other built-in protections, SentinelOne have added a mechanism that does not allow the reading of passwords, regardless of the policy settings.  

Search for a product comparison in EDR (Endpoint Detection and Response)
AV
Editor at a tech company with 11-50 employees
Real User
Top 10
2021-04-24T08:48:24Z
Apr 24, 2021

Mimikatz is not the only one. Actually, there are for example also AzorULT and Cobalt Strike described here - The main methods of infection

MO
product manager at MCS
Reseller
2020-07-02T19:24:35Z
Jul 2, 2020

Mimiktaz is a post exploitation tool that dumps passwords from memory (credentials theft) and exploit phase generally is the 2nd stage in attack life cycle as mostly said attacker exploit a vulnerability The collected credentials can then be used to access unauthorized information or perform lateral movement attacks.


EDR most probably helps you in detection and protection as it is works in monitoring and collects events,memory dumps...etc


EDR works by providing IOCs which is already provided by EDR vendor and you can also create custom IOCs and also TTPs and front line threat intelligence all those gives you capabilities in early detection exploit phase and knowing who is targeting your organization.

BH
Vice President at a security firm with 10,001+ employees
Real User
2020-07-02T19:30:59Z
Jul 2, 2020

Besides having Microsoft Defender which detects this threat, also the newest versions of the Microsoft Operating Systems for endpoints and servers have new functionality to reduce the threat from Mimikatz. Making sure individual users do not have admin rights, implementing least privilege and multi-factor authentication also will help. Drop me a note here or on LinkedIn if additional discussion desired. 

BB
IT Expert at a government with 1,001-5,000 employees
Real User
2020-07-07T09:16:23Z
Jul 7, 2020

Um, this is Mimi's cat stealing the gold ticket.

PM
Director at a tech services company with 1-10 employees
Reseller
2020-07-03T07:25:33Z
Jul 3, 2020

Protection against ransomware requires a multi-layered approach, with both preventative measures and recoverability capabilities. Due to the variety of attack methods, there is no single silver bullet that will provide comprehensive protection. As no protection is 100% effective, organizations must ensure they have recoverability capabilities in place for when they are compromised. Mimikatz malware is mainly used for Password stealing from your device, First we talk about protection that can be happen with couple of tools and awareness .


Preventative Measures



1) End Point Protection -AV product which does not require signature updates or endpoint device scanning, but uses Machine Learning (ML) techniques to identify malware.


2) Perimeter Protection - Sits inline between your company and the Internet, protecting your enterprise from cyberthreats, stopping intellectual property leaks, and ensuring compliance with corporate content and access policies. Product security capabilities provide defence–in– depth, protecting you from a broad range of threats including malicious URL requests, viruses, Advanced Persistent Threats (APTs), zero–day malware, adware, spyware, botnets, cross–site scripting, and much more.


3) Implementation of Privilege Identity Management with 256bit encryption Password vault. Look Out for an Unnecessary Amount of Requested Permissions


4) Recoverability - Offline Backups - This protection essentially involves maintaining an inaccessible, offline backup of data. I believe this offline copy is best offered in the Cloud, so therefore recommend a Managed Backup service for backups.


5) Download Apps Only from Official App Marketplaces.





Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
670,400 professionals have used our research since 2012.
Related Questions
Fernando Elias Gonzalez Hernandez - PeerSpot reviewer
Cyber Security Manager at Maxitransfers LLC
Nov 9, 2022
Hi, I'm looking for an EDR with low resource consumption and very robust for 270 computers. Any suggestions? Thank you--- <Original question> Estoy buscando un EDR con bajo consumo de recursos y muy robusto para 270 equipos de computo Sugerencias? Gracias
2 out of 12 answers
Hi Fernando, Nice to meet you! From Sofistic we can help you with SOC and Crowdstrike EDR!
Pieter Plas - PeerSpot reviewer
Owner at Beerepoot Automatisering B.V.
Jul 26, 2022
Hi Fernando, I’m very happy with Kaspersky. Good value  for your money. Good support when you need it. The console gives you more than only antivirus, but also patch management for 3th party software and so many more. And i believe the best anti ransomware in the world. With kind regards,
EB
Director of Community at PeerSpot (formerly IT Central Station)
Sep 12, 2022
Hello community members, Could you please share 2-3 of the top pain points you've been experiencing during the Endpoint Detection and Response (EDR) solution purchase? Have you been able to overcome them? How? Thanks for sharing your experience with other peers.
2 out of 6 answers
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jul 6, 2022
Hi @Evgeny Belenky​, A few points that need emphasis when deciding on the EDR are as below:  1) Does the solution employ Foundational Techniques (traditional), modern techniques (next-gen), or even a combination of both? 2) How does the solution detect unknown threats. Does it have machine learning capabilities? 3) If the solution does claim to utilize machine learning, what type of machine learning is used? 4) What technology is deployed to prevent exploit-based and file-less attacks? 5) Is the solution specifically designed to stop ransomware? 6) Does the solution’s creator have third-party results that validate their approach? 7) Can the solution ask detailed threat hunting and IT security operations questions? 8) What visibility is provided into attacks and can the solution respond automatically.
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 7, 2022
Hi @Devanand PR, @Basil Dange, @Nadeem Syed, @Abbasi Poonawala ​and @Dalvarado, ​ ​ ​ ​ Can you please share your professional insights with your peers? Thanks and we appreciate your collaboration.
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight on topics that interest you! Trending Here are some topics that your peers are discussi...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and @reviewer1925439, Thank you for contributing your articles and sharing your professional knowledge with 618K PeerSpot community members around the globe as well as with a much bigger readers audience!
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 2, 2022
Hi peers, We're happy to share our new bi-weekly Community Spotlight with you. Here you'll find recent contributions by PeerSpot community members: questions, articles and trending discussions. Trending See what your peers are discussing at the moment! What to choose: an endpoint antivirus, an EDR solution, or both? What is your recommended IT Service Management (ITSM) tool in 2022? W...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Feb 4, 2022
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
Feb 4, 2022
Thank you, these community Spotlights are very handy!
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Download Free Report
Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
DOWNLOAD NOW
670,400 professionals have used our research since 2012.