At Black Hat London, Zero Networks has announced the release of its RPC firewall – also known as the ‘ransomware kill switch’ – from open source. The tool provides granular control over the RPC, which is able to block the use of lateral hacker tools and stop almost all ransomware on its tracks.
Microsoft’s Remote Procedure Call (MS-RPCE) is at the heart of Windows. Effectively manages relationships between clients and servers – when a client requests a server, it passes through the RPC; this happens both locally and between remote devices.
The Windows Event Tracking (ETW) option will likely lead to millions of RPC client events / servers per hour, but it does not tell you where the call came from, and which user was concerned.
Read More: https://www.securityweek.com/rpc-firewall-dubbed-ransomware-kill-switch-released-open-source
For more such updates follow us on Google News ITsecuritywire News