Zero Networks, a cybersecurity startup and leading provider of Zero Trust security solutions, has announced new Remote Procedure Call (RPC) Firewall capabilities now included in the company's security platform. The initial version of Zero Networks' RPC Firewall was already validated by the open-source community and earned their trust. The updated version now features expanded capabilities, including one-click RPC security, internal RPC auditing, and automatic RPC rule configuration.
Microsoft services commonly use the RPC protocol for both local and remote communication, such as with Active Directory. RPC exposes functionalities related to user authentication, user management, service management, and more. Unfortunately, this data traffic is exploited by attack groups executing ransomware attacks for similar reasons. Protecting sensitive servers like Domain Controllers, which must keep their ports open to function, presents a significant challenge as they often remain unprotected and easy to attack.
Traditional firewalls operate at the network and transport layers, whereas Zero Networks' RPC Firewall functions at the application layer. This approach allows the solution to assess the broader context of RPC operations and make precise decisions on which to permit and which to block. The availability of the RPC Firewall within Zero Networks’ platform significantly reduces the attack surface against an organization and provides protection from a variety of attack types, including network entry point attacks, remote code execution, preventing internal attacker scans, "Man-in-the-Middle" attacks, and more.
Sagie Dulce, VP of Research at Zero Networks, said, "RPC Firewall is one of the defense lines an attacker does not expect to encounter. It not only blocks their ability to perform unauthorized actions but also blocks them even if they have admin accounts. Our solution uniquely protects Domain Controllers and other sensitive servers against attack propagation from the entry point to the rest of the network and remote code execution in ways no other solution offers. The out-of-the-box capabilities block about 95% of attacks against Domain Controllers without any disruption to ongoing operations. Zero Networks places a firewall over RPC, allowing users to decide which actions to allow and which to block in their environment."