Skip to content

Perforce Strengthens Enterprise Java Support Offering With Spring LTS

MINNEAPOLIS, April 8, 2025 — Perforce Software, the DevOps company for global teams seeking AI innovation at scale, today announced the availability of Long-Term Support (LTS) for Spring Boot and Spring Framework through its OpenLogic division. The new offering tackles a critical challenge for enterprise Java teams: maintaining secure, stable Spring applications amid an accelerated six-month release cadence.

Following the release of Spring Framework 6.0 and Spring Boot 3.0, the Spring ecosystem shifted to a time-based release model aligned with OpenJDK’s cadence. While this accelerates access to new features, it reduces support windows—typically to 12 to 18 months—forcing organizations to continuously test, validate, and deploy updates to maintain compliance.

“DevOps teams are caught between the need to innovate and the operational reality of managing complex Java environments. Organizations shouldn’t have to choose between rushing upgrades and accepting security risks. With Spring LTS, they can stay on stable versions longer while planning migrations strategically — with ample time to test, validate, and ensure compliance requirements are being met.”

— Matthew Weier O’Phinney, Principal Product Manager at Perforce OpenLogic

Extending Stability and Security Coverage

OpenLogic’s Spring LTS solution extends critical support for several popular versions:

  • Extends support for Spring Boot 2.7 and Spring Framework 5.3 through October 2027.
  • Coverage for Spring Boot 3.2 and Spring Framework 6.1 is scheduled to follow soon.
The offering provides guaranteed security patches for critical CVEs within 14 days and high-severity CVEs within 30 days, along with flexible options including premium support with one-hour response times and production deployment assistance.

Enabling Strategic Upgrades and Risk Reduction

OpenLogic offers a comprehensive Java solutions portfolio, including support for Spring, OpenJDK, and Tomcat, alongside professional services like migrations and consulting. This flexibility allows organizations in regulated industries or those managing hundreds of microservices to:

  • Align Spring upgrades with business priorities rather than mandatory community support timelines.
  • Reduce technical debt accumulation.
  • Enable better feature testing before adoption.

Real-World Impact: Saving 5,500 Hours of Work

“This customer faced a decision between investing two full quarters to upgrade their Spring-based infrastructure or gambling with their platform’s security and compliance posture. By adopting Spring Long-Term Support, they avoided both scenarios, saving an estimated 5,500 to 6,000 hours of unplanned work while maintaining security coverage and delivering mission-critical features on schedule.”

— Jeff Michael, Senior Director of Product Management at Perforce Software

Availability and Next Steps

Spring LTS is available immediately. To learn more about how to strategically manage your enterprise Java infrastructure and align Spring upgrades with your business goals, visit OpenLogic.

About Perforce
The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ZTNA + VDI Security Checklist for MSPs: Future-Proof Small Business Access

As small businesses increasingly rely on remote and hybrid work, Managed Service Providers (MSPs) must deliver secure, scalable, and affordable access to applications and desktops. This checklist provides a framework for MSPs to build **Zero Trust-ready VDI environments**, ensuring every user, session, and device is verified.

1. Enforce Strong Data Access Controls & Protection Layers

Key Actions for MSPs:

  • Classify client data by sensitivity and define where it resides across VDI environments.
  • Apply least-privilege ZTNA rules, ensuring users only access the specific apps or desktops they absolutely require.
  • Enforce session-level restrictions (disable copy-paste, USB, and printing) for sensitive workloads.
  • Use micro-segmentation to isolate client tenants and prevent lateral movement between customer environments.
  • Validate device posture (anti-malware, OS updates, compliance) before granting access.
  • Provide data isolation for each customer inside your MSP-hosted cloud environment.
Goal: Create a Zero Trust perimeter around every VDI session to minimize the blast radius of potential breaches.

2. Strengthen Governance & Approval Workflows

Key Actions for MSPs:

  • Maintain a full inventory of hosted applications, virtual desktops, and user groups for each client.
  • Establish multi-tenant governance policies, strictly separating client data, credentials, and access rules.
  • Require approval workflows for new client accounts, application publishing, or access policy changes.
  • Use role-based access controls (RBAC) for both MSP admins and client teams.
  • Provide periodic security training and awareness for small-business clients and their teams.
Goal: Standardize operations across multiple customers while maintaining compliance and visibility in every tenant.

3. Map Regulatory & Compliance Requirements

Key Actions for MSPs:

  • Align hosted environments with SMB-relevant regulations (GDPR, HIPAA, SOC 2, ISO 27001, PCI-DSS).
  • Provide audit logging and reporting per tenant, covering logins, session durations, and data access.
  • Implement data-sovereignty controls by hosting European clients in EU regions and US clients in US regions.
  • Retain activity logs according to customer or regional compliance mandates.
  • Verify that your underlying infrastructure (IONOS Cloud) meets recognized compliance standards.
Goal: Help SMBs meet enterprise-grade compliance without requiring enterprise budgets.

4. Establish Identity, Access, and Monitoring Systems

Key Actions for MSPs:

  • Integrate SSO and MFA across all client tenants to unify identity management.
  • Continuously monitor session behavior and flag anomalies (new device, foreign IP, large data transfer).
  • Enforce device posture validation at the gateway level before granting access.
  • Use centralized dashboards to visualize all tenant activity from the MSP console.
  • Schedule regular access reviews to revoke dormant accounts and stale privileges.
  • Integrate endpoint detection and response (EDR) tools for deeper visibility into client desktops.
Goal: Enable continuous verification and behavioral monitoring at scale — the heart of Zero Trust.

5. Build Incident Response & Recovery Plans for Each Tenant

Key Actions for MSPs:

  • Develop ZTNA/VDI-specific response playbooks for client environments (credential theft, compromised session, or ransomware event).
  • Automate detection and isolation: quarantine compromised desktops or revoke access tokens instantly.
  • Implement clean-image recovery to restore services rapidly without spreading infections.
  • Conduct tabletop exercises with your clients to validate their business-continuity posture.
Goal: Guarantee that small businesses can recover quickly, maintain trust, and avoid downtime during security incidents.

Summary Table of Key Actions

Focus AreaKey MSP Actions
Data Access & ProtectionLeast-privilege rules, encryption, micro-segmentation, device posture enforcement.
Governance & ApprovalTenant inventory, RBAC, approval workflows, multi-tenant segregation, security training.
ComplianceMap SMB regulations, audit logs, data sovereignty, certified cloud infrastructure.
Identity & MonitoringSSO + MFA, continuous monitoring, dashboards, EDR integration, access reviews.
Incident ResponsePlaybooks, automation, rapid clean-image recovery, communication, regular testing.

Conclusion — Why Thinfinity on IONOS Cloud Is the Best MSP Platform

For MSPs serving small businesses, managing multiple point solutions for secure access and desktop delivery is costly and complex. **Thinfinity Workspace on IONOS Cloud** solves this by combining **Zero Trust Network Access (ZTNA)** and **Virtual Desktop Infrastructure (VDI)** in a single, multi-tenant, cloud-native platform.

Why MSPs Choose Thinfinity + IONOS Cloud:

  • All-in-One Platform: ZTNA and VDI unified under one management console — no VPNs, no separate brokers.
  • MSP-Ready Multi-Tenancy: Host multiple SMB clients in isolated environments with per-tenant controls and billing.
  • Zero Trust by Design: Identity-centric access, MFA, and device posture checks natively integrated.
  • Cloud-Native on IONOS: High-performance European datacenters with predictable costs and strong compliance (ISO 27001, GDPR).
  • Optimized for SMB Economics: Efficient resource pooling and flexible pricing models let MSPs deliver enterprise-grade services affordably.

Thinfinity Workspace on IONOS Cloud empowers MSPs to **future-proof their managed services portfolio**, offering small clients enterprise-grade access control, virtualization, and compliance within a single, modern platform.

About Cybele Software Inc.
We help organizations extend the life and value of their software. Whether they are looking to improve and empower remote work or turn their business-critical legacy apps into modern SaaS, our software enables customers to focus on what’s most important: expanding and evolving their business.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Why Backup Is No Longer Optional: The Real Cost of Inaction

A business is hit by ransomware every 11 seconds. For many organizations, the question isn’t if they’ll face a data incident—it’s when. As digital infrastructure becomes the backbone of operations, more companies are investing in backup and recovery. However, a significant number still delay implementation due to concerns over cost, technical challenges, or competing priorities.

In today’s landscape, where cyberattacks can cripple entire operations within minutes, backup and recovery is a fundamental safeguard for business continuity and customer trust. Postponing data protection can lead to irreversible damage when disaster strikes.

What’s Holding Businesses Back?

“The average cost of a ransomware attack on a business in 2024 was $5.3 million, including recovery and reputational damage.” — IBM Cost of a Data Breach Report

Several common blockers often prevent organizations from adopting or upgrading their backup solutions:

  • 1. High Licensing Costs: Many businesses hesitate due to the perceived high costs of enterprise-grade solutions. However, the cost of recovering from an attack, including downtime and lost revenue, can be up to 10 times higher than the investment in a comprehensive backup system.
  • 2. Limited Team Knowledge and Onboarding Time: The time and training required for new systems can be daunting. Without confidence in vendor support or guidance during emergencies, decision-makers often delay adoption.
  • 3. Compatibility with Existing Infrastructure: Integrating new backup tools with outdated systems or tailored internal processes remains a significant technical challenge.
  • 4. Performance Bottlenecks: Backup operations can strain system resources during business hours, leading to hesitancy to implement frequent backups due to reduced application responsiveness.
  • 5. Bandwidth Limitations: Limited internet bandwidth, especially across remote or international locations, often results in slow or incomplete backups, increasing the risk of data loss.
  • 6. Unsupported Systems Requiring Custom Scripts: Older or specialized systems may demand the development and maintenance of custom scripts, adding complexity and risk to the backup process.

Why It Matters: The True Cost of Inaction

Ransomware attacks are an expected part of the modern threat landscape. The impact of a single incident can be devastating, even if your organization hasn’t been targeted yet:

  • Costly and Time-Consuming Recovery: Recovery involves more than just restoring data. Companies must manage stakeholder communication, legal obligations, and customer service issues, often taking weeks with difficult-to-predict final costs.
  • Loss of Sensitive Customer Data: A breach shatters client trust, especially in finance, healthcare, or e-commerce, where data security is paramount.
  • Exposure of Confidential Business Information: Trade secrets, strategic plans, and market research may be exposed to competitors or leaked publicly, causing long-term damage.
  • Reputational Damage: The loss of goodwill can be more damaging than the financial hit itself, leading to a long and costly path to rebuild relationships.

Backup Isn’t a Luxury — It’s a Business Lifeline

In the face of growing threats, backup and recovery is your digital safety net. It protects your business, your customers, your reputation, and your future. The cost of inaction is far greater than the cost of preparation.

Key Questions to Ask When Evaluating Backup Solutions

At Storware, we recommend asking yourself the following questions when evaluating a backup and recovery solution:

  • Solution Fit: Is there enough flexibility to choose a solution that integrates seamlessly with your existing infrastructure?
  • Performance Optimization: Does the solution offer the technical capabilities needed to enhance performance and speed up recovery, ensuring business continuity?
  • “White-Gloves” Support: Will you be supported by an experienced team that offers fast, clear guidance, especially during critical incidents?
  • Risk Management Investment: Does the licensing model align with your IT budget and broader risk management strategy?
  • Data Security: Are there multiple layers of protection, such as encryption, access control, and anomaly detection to secure your data throughout its lifecycle?
  • Proven and Trusted Choice: Is the solution trusted, with a long-standing reputation in the market for reliability and ongoing support?

If you are evaluating backup solutions or need help designing a data protection strategy tailored to your business, the Storware team will be happy to assist you in finding the right path to secure data protection.

About Storware
Storware is a backup software producer with over 10 years of experience in the backup world. Storware Backup and Recovery is an enterprise-grade, agent-less solution that caters to various data environments. It supports virtual machines, containers, storage providers, Microsoft 365, and applications running on-premises or in the cloud. Thanks to its small footprint, seamless integration into your existing IT infrastructure, storage, or enterprise backup providers is effortless.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Inside the 2025 Gartner® Magic Quadrant™ for PAM: What Security Leaders Should Know

 

Privileged Access Management (PAM) remains one of the most critical pillars of cybersecurity. As enterprises expand into hybrid, cloud, and IoT environments, privileged accounts are the most valuable targets for attackers. The 2025 Unit 42 Global Incident Response Report found that 66% of social-engineering attacks targeted privileged accounts.

Security leaders face immense pressure to protect access, ensure compliance, and mitigate operational risk. Choosing the right PAM solution is therefore paramount. This year, Segura® was recognized as a Challenger in the 2025 Gartner® Magic Quadrant™ for PAM, highlighting strengths in account discovery, credential management, and lifecycle governance.

Understanding the Gartner® Magic Quadrant™

The Magic Quadrant™ is a respected framework assessing technology vendors based on two dimensions:

  • Ability to Execute: How well a vendor delivers on its commitments and achieves positive customer outcomes.
  • Completeness of Vision: How well a vendor understands market direction and innovates to meet future needs.

Vendors are grouped into four quadrants: Leaders, Challengers, Visionaries, or Niche Players. This provides CISOs with a clear, independently-researched view of the market landscape to guide strategic investment decisions.

The Role of the Gartner® Critical Capabilities Report

The Gartner® Critical Capabilities™ for PAM report provides a detailed, technical evaluation of product capabilities, evaluating performance across core PAM functions essential to IT and security leaders:

  • Core Functions: Privileged Account Life Cycle, Credential Management, and Session Management.
  • Modern Capabilities: Privileged Remote Access, Workload ID and Secrets Management, Just-in-Time (JIT) PAM, and Cloud Infrastructure Entitlement Management (CIEM).
  • Operations: Auditing, Threat Detection, Deployment, Maintenance, and Integration capabilities.

Segura®’s Recognition and Strengths

Segura® was named a Challenger in the 2025 Gartner® Magic Quadrant™ for Privileged Access Management, recognized for strong execution and technical excellence.

“Segura® is one of the top performers for account discovery and onboarding, privileged credential management and privileged life cycle management capabilities.”

— Gartner® Magic Quadrant™ 2025 for PAM

Segura Highlights Noted by Gartner®:

  • One of the highest customer growth rates among evaluated vendors.
  • AI-driven auditing and session analysis features that enhance visibility and control.
  • Quantum Connector innovation, connecting cloud, OT, IoT, and on-prem environments.

MQ vs. Critical Capabilities: Know the Difference

These two reports serve complementary purposes for decision-making:

ReportPurposeAudience
Magic Quadrant™Strategic overview of vendor positioning (Vision vs. Execution).Executives, CISOs, and high-level Decision-Makers.
Critical Capabilities™Technical evaluation of specific product features and real-world use cases.IT Leaders, Security Analysts, and Implementation Teams.

Together, they provide both the strategic view for executives and the technical detail for day-to-day teams, ensuring evidence-based decisions.

Conclusion: Turning Recognition Into Results

“This recognition as a Challenger in the Gartner Magic Quadrant highlights the dedication of our teams and our relentless focus on delivering world-class cybersecurity solutions. It’s a strong validation of Segura’s journey of innovation and growth.”

— Igor Iuki, CFO, Segura®

Segura®’s positioning as a Challenger confirms it delivers a comprehensive, scalable, and efficient PAM platform built for today’s complex identity challenges.

Next Steps

1. Download the 2025 Gartner® Magic Quadrant™ Report

2. Request a Personalized Demo

3. Explore the Segura® PAM Platform Overview

 

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

10 best practices to improve security posture

A weak security posture invites attacks, but with continuous diligence and strategic adoption of modern tools, you can build a resilient defense. We’ve compiled ten essential security best practices to help organizations close vulnerabilities and strengthen their cybersecurity position.

Foundational Pillars of Resilience

1. Conduct Continuous Security Posture Assessments

Security is not a one-time setup; it’s an ongoing process. Threats, technology, and your attack surface constantly change. Schedule regular, in-depth assessments (at least annually, quarterly for high-risk environments) to ensure your defense strategy remains effective and resilient.

2. Implement the Principle of Least Privilege (PoLP)

Access control must be the cornerstone of your security. PoLP dictates that users receive only the absolute minimum access required for their job. Employing Role-Based Access Control (RBAC) significantly limits an attacker’s ability to move laterally within your network if an account is compromised.

3. Strengthen Endpoint and Device Security

Every device—from laptops to servers—is a potential entry point. Your strategy must include strong Endpoint Detection and Response (EDR), antivirus, and firewalls on all corporate devices. Crucially, enforce Device Posture Security checks to ensure only healthy, compliant devices gain network access.

4. Prioritize Continuous Employee Security Training

Your employees are your first line of defense. Establish a continuous security awareness program that trains staff to recognize and report sophisticated phishing emails, social engineering, and common threats. Regular training is one of the most cost-effective ways to foster a security-conscious culture.

5. Develop a Comprehensive Incident Response Plan (IR)

It is a matter of when, not if, an incident occurs. A practiced IR plan is vital for minimizing damage. Define clear roles and responsibilities and outline specific steps for Containment (isolating systems), Eradication (removing the threat), and Recovery (restoring normal operations safely).

Advanced Network and Data Strategies

6. Maintain Rigorous Patch Management

Unpatched software is the most common vulnerability exploited by attackers. Implement a formal process to promptly test and deploy security patches, especially for critical systems. Automating patch management where possible significantly reduces your window of exposure.

7. Secure Your Network with a Zero Trust Approach

The traditional perimeter model is obsolete. A Zero Trust framework shifts the mindset to “never trust, always verify.” Every access request is authenticated, authorized, and encrypted before being granted, regardless of whether it originates inside or outside the network boundary. [Image of Zero Trust Network Access architecture] This is the gold standard for robust security.

8. Implement Cloud Firewall as a Service (FWaaS)

Extend network perimeter security to your cloud environment and remote users. FWaaS filters and inspects traffic at the network edge, providing consistent enforcement of security policies across all locations, enhancing protection against malware and unauthorized access.

9. Utilize Continuous Data Loss Prevention (DLP)

DLP tools actively monitor and inspect data streams to prevent sensitive information from leaving your network unintentionally via uploads, email, or unapproved applications. This is critical for maintaining data privacy and achieving regulatory compliance (e.g., HIPAA, GDPR).

10. Deploy Multi-Factor Authentication (MFA) Everywhere

While basic, MFA remains the single most effective barrier against account takeover. Enforce MFA across all user accounts, especially those with privileged access, to ensure that stolen passwords cannot be used to breach your systems.

Achieving Security Resilience with NordLayer

NordLayer is designed to help organizations implement these best practices with a single, toggle-ready platform:

  • Enforce a Zero Trust Network Access (ZTNA) model for application-level access.
  • Utilize Device Posture Security to ensure only compliant devices connect.
  • Replace fragmented security tools with a unified, cloud-native solution that cuts maintenance costs and simplifies management.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

The Most Frequent DNS Management Errors and How to Fix Them

Want to be sure your DNS setup isn’t weakening your security or network performance? GREYCORTEX experts highlight the most frequent mistakes from countless network audits. This guide breaks them down with practical examples and clear steps for remediation. 

DNS plays a far greater role than simply resolving names to IP addresses. It shapes where users are redirected and reveals which servers devices connect to. DNS traffic is powerful: whoever controls or intercepts it can redirect users, map internal services, or extract sensitive data. That is why DNS remains one of the most overlooked but impactful parts of network security.

Unrestricted DNS Port 53 as a Security Risk

In many networks, outbound port 53 is left completely open, meaning any internal device can connect to any device on the Internet. This critical vulnerability allows attackers to create a DNS tunnel to send arbitrary data through, often hidden within DNS queries. For example, using software like Iodine, they can establish a reverse SSH tunnel from the Internet to the internal network, creating permanent, undetected access.

From an analyst’s perspective, this looks like normal communication with a legitimate DNS server, but a closer look at data patterns—such as constantly changing third-order domain names (e.g., `freemovies.tk`) or the use of unusual record types (like NULL in the `rrtype` attribute)—betrays the presence of tunneling attempts.

Remediation Tips from GREYCORTEX Experts:

  • Block outbound port 53 for all but your authorized DNS servers.
  • Monitor DNS logs for anomalies such as unusual third-level domain patterns or unexpected record types.
  • Treat repeated NULL or other rare `rrtype` values as strong indicators of tunneling attempts.

When Port 53 Is Legally Needed: If port 53 must remain open for corporate resolvers or authorized external providers, restrict it only to those trusted resolvers. Additionally, audit devices that attempt direct resolution against Internet DNS servers, as this often signals malware activity.

Uncontrolled Encrypted DNS (DoH and DoT)

Encrypted DNS protocols like DNS over HTTPS (DoH) on port 443 and DNS over TLS (DoT) on port 853 are designed for user privacy but create significant blind spots in corporate networks. They hide DNS traffic inside encrypted sessions, preventing inspection and policy enforcement. Attackers can leverage these methods to tunnel data, bypass corporate resolvers, or maintain persistence.

While DoT (port 853) is generally easier to block, DoH (port 443) is much harder because it masquerades as normal HTTPS traffic.

Remediation Tips from GREYCORTEX Experts:

  • Block outbound port 853 unless explicitly required by policy.
  • Monitor TLS traffic for signatures and patterns of DoH usage inside port 443, and block those specific DNS domains if they pose an unwanted security risk.

Using Unregistered or External Domains

During audits, experts found cases where companies created secondary domains (e.g., `company2v.com`) but failed to register or control them. When administrators set up proxy servers via Windows Group Policy (GPO), workstations attempted to reach a non-existent, externally owned domain (e.g., `wpad.company2v.com`) to fetch settings.

Since the external party controlled the domain, they could redirect internal corporate devices to any server on the Internet, opening the door for man-in-the-middle attacks—delivering malware under the guise of legitimate updates. A minor oversight in domain registration became a direct attack path.

Remediation Tips from GREYCORTEX Experts:

  • Always register and control all domains that resemble your internal naming scheme.
  • Audit which domains are in active use on your network and confirm ownership.
  • Pay close attention to automatically generated names such as `wpad.domain.com`, which attackers often abuse.

Misspellings in DNS Server IP Addresses

Not all DNS errors stem from complex attacks; sometimes, they are simple human mistakes. Typos in DNS server configurations—like mistyping Google’s resolvers or private IP ranges—are frequently encountered.

While user systems catch these quickly, errors on manually configured devices (like IoT equipment) can persist unnoticed, preventing critical updates or causing hidden communication failures. In the worst case, a typo may resolve to a legitimate Internet DNS server, causing internal queries to leak outside the company network.

Remediation Tips from GREYCORTEX Experts:

  • Use centralized configuration management (like GPO or RMM tools) to reduce manual DNS entry errors.
  • Continuously monitor DNS traffic for failed query destinations or unusual external communications.

Why DNS Hygiene Demands Constant Attention

Modern attackers do not need to break firewalls if DNS gives them a way in. Unrestricted queries on port 53, tunneling hidden inside DoT/DoH, unregistered domains, or misconfigured servers all provide silent channels for persistence or data exfiltration. Continuous auditing and long-term monitoring are the only ways to uncover these errors before they escalate into outages or breaches.

GREYCORTEX Mendel provides you with visibility into your DNS traffic, alerts on unauthorized resolvers, and detects tunneling patterns.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.