How to Use The MixMode Platform to Discover NTLM Authentication and Validate Windows SMB Signing Requirements

MixMode distinguished Sales Engineer, Josh Snow, dives into the topic of Windows deprecating NTLM in favor of SMB signing.

NTLM (New Technology LAN Manager) has been a protocol used for over 20 years, but it suffers from weak cryptography and vulnerabilities like NTLM relay attacks. In this video, I explore the implications of this change, the importance of identifying NTLM in your infrastructure, and how MixMode can help in this process.

Understanding the Need for Change

NTLM, despite its long-standing history, presents significant security concerns due to its outdated cryptography and susceptibility to NTLM relay attacks, particularly when it comes to privileged accounts. To ensure robust authentication and stronger security measures, Windows is deprecating NTLM in favor of SMB signing. This transition is similar to the process Windows went through with SMB1, where outdated protocols were phased out to mitigate risks such as WannaCry and ransomware attacks.

Identifying NTLM in Your Environment

To effectively manage the transition away from NTLM, it is crucial to identify its presence within your infrastructure. This knowledge enables you to assess the level of exposure and identify privileged accounts still utilizing NTLM. While it’s understandable that legacy and IoT devices may rely on NTLM, it is essential to evaluate the risk to your corporate infrastructure and devise a plan to migrate away from NTLM.

The Power of MixMode

The MixMode Platform, a dynamical threat detection and response platform, can assist in identifying and managing NTLM usage in your environment. With The MixMode Platform’s scheduled tasks feature, you can create customized queries that generate alerts and reports on NTLM usage. By running these tasks, you gain insights into the flow logs associated with NTLM authentication, including IP addresses and other relevant information.

Generating Reports and Alerts

In preparation for audits or executive reporting, The MixMode Platform’s scheduled tasks can be leveraged to obtain comprehensive reports on NTLM usage. By running a tailored query, you can extract the necessary information, such as IP addresses, and generate reports or send them directly via email. This enables you to provide your executives with a clear overview of the risks associated with NTLM usage and aids in decision-making regarding security measures.

Leveraging Business Intelligence Tools

In addition to email reports, The MixMode Platform data can be integrated with business intelligence tools or data lakes. This integration allows for deeper analysis by combining NTLM usage data with other relevant information. You can assess the percentage of transactions using NTLM and gain insights into the types of devices relying on this protocol. Such comprehensive data analysis empowers you to make informed decisions and take appropriate actions.

Strengthen Your Organization’s Security

As Windows deprecates NTLM, it becomes imperative to assess and mitigate the risks associated with its usage. By utilizing The MixMode Platform’s capabilities, you can effectively identify NTLM in your environment, understand the extent of exposure, and devise a plan to transition away from it. Deprecating NTLM is crucial for maintaining a robust and secure corporate infrastructure. Embrace the power of MixMode’s Dynamical AI and take proactive steps to strengthen your organization’s security.

The MixMode Platform

The MixMode platform stands apart from a field of cybersecurity vendors still relying on legacy approaches to network security, including first and second wave AI technology that use rules-based approaches. These outdated platforms are inherently limited to the manually created rules and self-selected training data and take up to two years to become effective. An endless cycle of training the data, updating rules, and manually reviewing mountains of false positive flags ensues.

As the first commercially available platform leveraging true Third Wave AI, (as defined by DARPA) MixMode is different and is the only cybersecurity platform that leverages a dynamical threat detection foundation model to predict known and novel attacks, including the ability to surface zero-day attacks in real time with 90%+ alert precision and reduction.

Learn more about the MixMode platform and set up a demo today.

Other MixMode Articles You Might Like

AI Offers Potential to Enhance The U.S. Department of Homeland Security

MixMode’s Key Takeaways from the 2023 Gartner® Emerging Tech: Security— Improve Threat Detection and Response With AI-Based Behavioral Indications Report

Evolving Role of the CISO: From IT Security to Business Resilience

Forbes Technology Council: The Cybersecurity Implications Of ChatGPT And Third Wave Generative AI Models

Channeltivity: Understanding Global Channel Management

Balancing Security Spend and Business Priorities