Now offered as part of their network segmentation solution, Zero Networks RPC Firewall mitigates 95% of domain controller’s attack surface with no operational downtime
Zero Networks, a leading provider of zero trust security solutions, is now offering enhanced Remote Procedure Call (RPC) Firewall capabilities within the Zero Networks platform. Already trusted and validated by the open-source community since its initial release, Zero Networks has enhanced its integrated RPC Firewall offering with additional benefits including RPC protection in one click, integrated RPC auditing, and automated RPC rule creation.
Also Read: Akamai Completes Acquisition of API Security Company Noname
“Using the RPC protocol, we successfully deployed the RPC Firewall for our customers to minimize lateral movement in Windows networks”
As the underlying protocol used by Microsoft services for both local and remote communication, such as Active Directory, RPC exposes functionality related to authentication, user management, service management, and more. Unfortunately, it is also widely used by attackers to deploy ransomware for the same reasons. This is a challenge for sensitive servers, such as domain controllers, which must have RPC ports open for the domain to function and are often left unprotected and easy to hack.
While traditional firewalls work at the network and transport layers, the Zero Networks RPC Firewall functions at the application layer. This allows the RPC Firewall to examine the full context of RPC operations and to make granular decisions over which RPC operations to allow and which to block. The availability of RPC Firewall within the Zero Networks platform significantly reduces an organization’s attack surface and protects against a variety of attacks, including lateral movement, remote code execution, internal discovery, relay attacks, and more.
“RPC Firewall is one of the defenses that an attacker never expects – not only are they blocked from performing unprivileged operations, but attackers are also blocked if they gain privileged credentials,” said Sagie Dulce, VP Research, Zero Networks. “We are uniquely protecting domain controllers and other sensitive servers from lateral movement and remote code execution in ways that no other solution offers. Out of the box with no interruptions to operations, approximately 95% of the domain controller attack surface is mitigated by RPC Firewall. Zero Networks puts a firewall over the RPC so you can decide which RPC operations you’re allowing in your environment and which ones you’re locking down.”
Also Read: Kurt Petersen joins Camunda as Senior Vice President of Customer Success
“Using the RPC protocol, we successfully deployed the RPC Firewall for our customers to minimize lateral movement in Windows networks,” said Martien van Dijk, Cybersecurity Specialist for Avantage IT, “The Zero Networks RPC Firewall also makes spreading malware – such as ransomware – via the RPC protocol nearly impossible, and it can finally block DCSync attacks. Our pen tests have shown that the RPC Firewall is an enormously powerful tool for blocking lateral movement via RPC. The RPC Firewall is a real headache for pen testers and, therefore, for criminal hackers!”
The Zero Networks platform has three key pillars: Network Segmentation, Secure Remote Access, and Identity Segmentation. RPC Firewall is purpose-built into the platform’s network segmentation solution, which is agentless, automated, and MFA-powered. Zero Networks platform users can now rely on RPC Firewall to protect against unwarranted RPC operations while allowing legitimate and crucial RPC traffic to flow, enabling critical services such as domain controllers, certificate authorities, federation services, and others to function.
Also Read: SaaS Alerts Enables MSPs to Identify and Automatically Remediate Google Workspace Security Incidents
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]