BullWall Server Intrusion Protection (SIP) is a security product designed to protect servers from ransomware attacks that originate through Remote Desktop Protocol (RDP) sessions. RDP is cited as the initial attack vector in 50% of ransomware deployments. SIP addresses this by intercepting unauthorized RDP login attempts and enforcing multi-factor authentication (MFA) at the point of server access. When an RDP session is initiated with stolen credentials, SIP presents an MFA challenge. This challenge can be completed via a traditional MFA method or through a token grid that does not require a second device. If the MFA challenge fails, SIP blocks the intrusion and initiates a response protocol that includes: - Generating an alert - Blocking the stolen admin account - Blocking the compromised user account - Isolating the compromised device Beyond RDP protection, SIP also monitors scheduled tasks to prevent malware installation and maintains an immutable record of all server access attempts — both successful and unsuccessful — for forensic purposes. The product also supports cyber insurance compliance requirements, which often mandate MFA on every server login. If an attacker uses a different entry point beyond RDP, BullWall's ransomware containment capability can be used as a complementary layer of defense.