What is IIS NTLM Authentication Scheme
Authentication is the process of identifying whether a client is eligible to access a resource. The HTTP protocol supports authentication as a means of negotiating access to a secure resource.
NT LAN Manager (NTLM) authentication is a challenge-response scheme that is a securer variation of Digest authentication. NTLM uses Windows credentials to transform the challenge data instead of the unencoded user name and password. NTLM authentication requires multiple exchanges between the client and server. The server and any intervening proxies must support persistent connections to successfully complete the authentication.
Brut Force Issue
Brute force issue can occur when an attacker uses several passwords or phrases to try to gain entry into a network or application. With type of authentication there are no vendor supplied patches available.
The current workaround includes disabling the NTLM authentication for your Web server. This can be done by unchecking the Integrated Windows Authentication
An alternate solution is to ensure an account lockout policy is in place.
For other types of authentication you can click here