Skip to content

The Most Frequent DNS Management Errors and How to Fix Them

Want to be sure your DNS setup isn’t weakening your security or network performance? GREYCORTEX experts highlight the most frequent mistakes from countless network audits. This guide breaks them down with practical examples and clear steps for remediation.

DNS plays a far greater role than simply resolving names to IP addresses. It shapes where users are redirected and reveals which servers devices connect to. DNS traffic is powerful: whoever controls or intercepts it can redirect users, map internal services, or extract sensitive data. That is why DNS remains one of the most overlooked but impactful parts of network security.

Unrestricted DNS Port 53 as a Security Risk

In many networks, outbound port 53 is left completely open, meaning any internal device can connect to any device on the Internet. This critical vulnerability allows attackers to create a DNS tunnel to send arbitrary data through, often hidden within DNS queries. For example, using software like Iodine, they can establish a reverse SSH tunnel from the Internet to the internal network, creating permanent, undetected access.

From an analyst’s perspective, this looks like normal communication with a legitimate DNS server, but a closer look at data patterns—such as constantly changing third-order domain names (e.g., `freemovies.tk`) or the use of unusual record types (like NULL in the `rrtype` attribute)—betrays the presence of tunneling attempts.

Remediation Tips from GREYCORTEX Experts:

  • Block outbound port 53 for all but your authorized DNS servers.
  • Monitor DNS logs for anomalies such as unusual third-level domain patterns or unexpected record types.
  • Treat repeated NULL or other rare `rrtype` values as strong indicators of tunneling attempts.

When Port 53 Is Legally Needed: If port 53 must remain open for corporate resolvers or authorized external providers, restrict it only to those trusted resolvers. Additionally, audit devices that attempt direct resolution against Internet DNS servers, as this often signals malware activity.

Uncontrolled Encrypted DNS (DoH and DoT)

Encrypted DNS protocols like DNS over HTTPS (DoH) on port 443 and DNS over TLS (DoT) on port 853 are designed for user privacy but create significant blind spots in corporate networks. They hide DNS traffic inside encrypted sessions, preventing inspection and policy enforcement. Attackers can leverage these methods to tunnel data, bypass corporate resolvers, or maintain persistence.

While DoT (port 853) is generally easier to block, DoH (port 443) is much harder because it masquerades as normal HTTPS traffic.

Remediation Tips from GREYCORTEX Experts:

  • Block outbound port 853 unless explicitly required by policy.
  • Monitor TLS traffic for signatures and patterns of DoH usage inside port 443, and block those specific DNS domains if they pose an unwanted security risk.

Using Unregistered or External Domains

During audits, experts found cases where companies created secondary domains (e.g., `company2v.com`) but failed to register or control them. When administrators set up proxy servers via Windows Group Policy (GPO), workstations attempted to reach a non-existent, externally owned domain (e.g., `wpad.company2v.com`) to fetch settings.

Since the external party controlled the domain, they could redirect internal corporate devices to any server on the Internet, opening the door for man-in-the-middle attacks—delivering malware under the guise of legitimate updates. A minor oversight in domain registration became a direct attack path.

Remediation Tips from GREYCORTEX Experts:

  • Always register and control all domains that resemble your internal naming scheme.
  • Audit which domains are in active use on your network and confirm ownership.
  • Pay close attention to automatically generated names such as `wpad.domain.com`, which attackers often abuse.

Misspellings in DNS Server IP Addresses

Not all DNS errors stem from complex attacks; sometimes, they are simple human mistakes. Typos in DNS server configurations—like mistyping Google’s resolvers or private IP ranges—are frequently encountered.

While user systems catch these quickly, errors on manually configured devices (like IoT equipment) can persist unnoticed, preventing critical updates or causing hidden communication failures. In the worst case, a typo may resolve to a legitimate Internet DNS server, causing internal queries to leak outside the company network.

Remediation Tips from GREYCORTEX Experts:

  • Use centralized configuration management (like GPO or RMM tools) to reduce manual DNS entry errors.
  • Continuously monitor DNS traffic for failed query destinations or unusual external communications.

Why DNS Hygiene Demands Constant Attention

Modern attackers do not need to break firewalls if DNS gives them a way in. Unrestricted queries on port 53, tunneling hidden inside DoT/DoH, unregistered domains, or misconfigured servers all provide silent channels for persistence or data exfiltration. Continuous auditing and long-term monitoring are the only ways to uncover these errors before they escalate into outages or breaches.

GREYCORTEX Mendel provides you with visibility into your DNS traffic, alerts on unauthorized resolvers, and detects tunneling patterns.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Detecting Ransomware Across the Entire Attack Lifecycle

The threat of ransomware is constantly evolving, and traditional security tools are struggling to keep up. This is largely because ransomware has become a sophisticated business model, fueled by the availability of “Ransomware-as-a-Service.” This model allows individuals with very little technical skill to launch professional-grade attacks. Traditional defenses like firewalls and endpoint protection platforms (EPPs) are no longer sufficient because they leave significant blind spots, especially with unmanaged devices such as printers, scanners, and IoT devices that cannot run an endpoint agent.

The Importance of Network Visibility

The core principle for effective ransomware detection is comprehensive network visibility. Every stage of a ransomware attack, from the initial compromise to data exfiltration, leaves a detectable trace in network traffic. By mapping the stages of an attack to the MITRE ATT&CK framework, we can see how network monitoring can reveal malicious activity:

  • Initial Access: Unauthorized user logins or connections to external systems.
  • Execution: The start of a new process or suspicious PowerShell command.
  • Persistence: The creation of new user accounts or scheduled tasks.
  • Privilege Escalation: Network access to administrator accounts or servers.
  • Lateral Movement: Communication between endpoints that normally don’t interact.
  • Command and Control: Connections to suspicious IP addresses or domains.
  • Exfiltration: Large data transfers to external, unknown servers.

How Network-Based Detection Works

A solution like GREYCORTEX Mendel is designed to provide this essential network visibility. Mendel monitors the behavior of the entire network infrastructure, using machine learning and behavioral analysis to detect malicious activity. This is effective even on devices where endpoint protection cannot be deployed.

Beyond active detection, a network-based approach also aids in post-attack compromise assessment. By continuously monitoring for hidden backdoors and “keep alive” connections, it helps ensure the network is truly clean after remediation, preventing attackers from returning later.

Strengthening Your Cybersecurity Ecosystem

A solution like Mendel is a crucial component of a modern cybersecurity ecosystem. By providing deep network visibility, it not only helps stop active attacks but also strengthens long-term network resilience. This holistic approach ensures that your defenses are prepared for a ransomware attack at every stage of its lifecycle.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Validating Internal Network Policies: Access Control and Encryption

With segmentation and core services covered, the focus now shifts to enforcing policies on usage, user behavior, and encryption to maintain visibility and ensure compliance across all layers of your network. These controls are critical for mitigating internal risks and upholding your secure communication standards.

GREYCORTEX Mendel supports this effort by providing you with clear insights, alerting you about violations, and helping your teams validate whether your policies are being followed in practice.

Missed the beginning? 
🔗 Read Part 1 to explore how Mendel helps you enforce segmentation and control your core network services.

 

User Access Policies and Behavioral Violations

Even trusted users and systems can introduce risk if policies are not clearly enforced. Monitoring what is allowed and what is not helps you uncover subtle violations that could otherwise go unnoticed.

Policy violation: Forbidden protocols or apps (RDP, TeamViewer, Dropbox, etc.)

Relevant for NIS2

Some organizations prohibit remote-access tools or file-sharing apps to reduce risk and maintain control over their IT environments. When unauthorized protocols are used, they may introduce new attack vectors or enable remote exploitation.

Validation with Mendel

Mendel directly detects the use of unauthorized applications. Your analysts can filter for specific protocols to confirm whether a session occurred and if it was successful, including details about session duration, data transfer volumes, and communication content. This helps you verify whether users violated your internal policies, and allows you to add legitimate usage to an exception list to avoid future alerts.

In our case, Mendel has identified and flagged multiple devices that have downloaded and used TeamViewer. Analysts can then investigate whether these hosts were authorized and, if appropriate, whitelist the IPs to prevent future alerts.

In another example, Mendel has captured a potential RDP (Remote Desktop Protocol) session. By drilling down into the event, analysts can identify the user involved and review the session duration.

Policy violation: Communication to forbidden destinations or services

Relevant for NIS2

Certain destinations, such as foreign countries, blacklisted IPs, or unauthorized services, are often restricted to reduce risks. Detecting such traffic reveals overlooked exceptions or malicious tools trying to evade controls.

Validation with Mendel

Mendel detects and alerts you about communication with blacklisted IPs. Your analysts can use predefined or custom filters to review connections by source and destination IPs, traffic volume, and packet counts. The Network Analysis tab provides you with extensive filtering and search options, enabling your teams to conduct deep investigations across the entire network.

As an example, Mendel detected a TeamViewer DNS request originating from host mx (192.168.2.42). By drilling down, analysts confirmed that a connection was successfully established, indicating a potential policy violation or unauthorized remote access.

Mendel allows your analysts to identify which user is behind suspicious traffic. This helps you verify whether access to forbidden destinations or tools was legitimate or a policy violation.

Policy violation: Excessive peer communication

Certain devices, like controllers in manufacturing or internal phone servers (PBXs), are expected to communicate with a limited set of peers. New or unusual connections may signal misconfiguration or unauthorized activity.

Validation with Mendel

Mendel enables your analysts to define peer count limits for individual hosts or entire subnets, helping you to enforce expected communication boundaries.

For example, if a PBX server communicates with more peers than its known SIP trunks and internal phones while inbound Internet traffic is restricted, Mendel will flag it for review.

Policy violation: Unauthorized communication with honeypots

Honeypots are intentionally exposed systems used to detect suspicious activity inside the network. Typically, only predefined systems such as admin tools or security scanners should communicate with them. Any other connection attempt may indicate lateral movement or internal scanning.

Validation with Mendel

Mendel allows your teams to define which systems are authorized to communicate with honeypots and alerts your analysts to any unauthorized attempts.

In the example below, only the management PC is allowed to communicate with the honeypot at 192.168.2.36. When another device (192.168.2.28) initiates a connection, Mendel triggers an alert.

The peer graph confirms and visualizes that the honeypot was accessed by both permitted and unauthorized devices.

Encryption Standards and TLS Usage

Cryptographic standards are a foundational layer of secure communication. Monitoring certificate validity and protocol versions helps you identify weak encryption before it becomes a vulnerability.

Policy violation: Expired TLS certificates in use

Relevant for NIS2

TLS certificates are a critical part of trusted communication. If a certificate has expired, systems may reject the connection, users may be exposed to spoofed services, or sensitive data may be transmitted without adequate encryption.

Validation with Mendel

Mendel alerts you when expired certificates are detected or when a certificate is approaching its expiration date.

For example, Mendel has found one internal system using a certificate that expired in May 2021.

In another case, Mendel has flagged an upcoming expiration several days in advance, giving administrators time to respond before any disruption occurs.

Policy violation: Outdated TLS versions and cipher suites

Relevant for NIS2

Obsolete TLS versions and weak cipher suites expose your encrypted traffic to known vulnerabilities. Regulatory frameworks like NIS2 urge organizations like yours to stop using TLS versions below 1.2 to reduce attack surfaces and ensure strong encryption standards.

Validation with Mendel

Mendel allows you to configure alerts when outdated TLS versions are used. To ensure secure communication, it is recommended to use TLS 1.2 or 1.3. Achieving this typically involves updating the operating system, browser, or other client software.

For example, an event has shown that one device was still communicating using TLSv1.0.

Strong Policies Require Strong Evidence

Security policies do more than reduce risk. They help you demonstrate accountability to regulators, customers, and internal stakeholders alike. As expectations rise under frameworks like NIS2, proving that internal rules are applied consistently becomes a core part of modern cybersecurity governance. It is no longer enough to assume policies are being followed. You need clarity and verifiable evidence.

Mendel helps organizations like yours move from assumption to evidence. It continuously validates how policies are enforced across the network, from encryption to identity controls, giving your team the visibility to act with clarity and confidence.

Need a second opinion on your enforcement? Request a security audit with Mendel.

 

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Validating Internal Network Policies with Mendel

Defining your internal network policies takes time, coordination, and effort. But once those policies are in place, the critical question still remains: are they actually being followed?

For many IT teams, verifying policy adherence and enforcing internal rules on a daily basis is a persistent challenge. Even small violations, such as unauthorized access, outdated encryption, or misused services, can lead to data exposure or non-compliance with frameworks like NIS2.

This is the first part of a two-part blog focused on the practical side of network security policy enforcement and explains how GREYCORTEX Mendel helps you detect violations of any size quickly and effectively. Part two will cover encryption, application use, and identity-based access control.

Network Segmentation & Perimeter Control

Segmentation and perimeter access policies are fundamental to limiting exposure and maintaining control over your critical systems.  Without a clear policy enforcement process, a single compromised device can lead to lateral movement across your network.

🔗 Watch our webinar to see how Mendel helps you detect and investigate lateral movement.

Policy violation: Unallowed east–west traffic between segments

Relevant for NIS2

East–west traffic refers to communication between devices within the internal network, such as between user devices and servers. When segmentation is not properly enforced, attackers can move laterally across segments and compromise your entire company network. Limiting this traffic is essential for helping you prevent access to critical systems.

Validation with Mendel

Mendel’s peer graph, as seen below, offers you a clear view of internal communication. Your analysts can then filter internal traffic and define specific subnets to quickly verify whether unauthorized flows occur between isolated segments.

Policy violation: Unauthorized Internet access from restricted segments

Relevant for NIS2

Devices in restricted segments, such as servers or backup networks, are often not intended to communicate with the public Internet directly. In many environments, internet access must go through a proxy or DMZ, with firewalls blocking all other outbound traffic. If these controls fail, systems may be exposed to malware, data leakage, or command-and-control activity.

Validation with Mendel

Mendel allows the filtering of your outbound traffic from specific hosts, making it easy to identify devices attempting to access the Internet.

If such traffic is detected, your analysts can verify whether it passed through an approved proxy by checking the flow records. They can also confirm whether direct connections (bypassing the proxy) were blocked at the firewall level by checking the TCP flags and destination status.

Mendel lets you set policies to monitor Internet traffic from specific segments or devices. When a violation occurs, it automatically sends an alert.

Policy violation: New & disappeared IPs or MACs in controlled network

Relevant for NIS2

Controlled network segments, such as server or infrastructure zones, are often designed with static IP and MAC configurations. When unrecognized devices appear, it may indicate unauthorized access, policy misconfiguration, or a potential threat. 

Validation with Mendel

Mendel allows you to assign policies to specific subnets or hosts to monitor new or missing IP and MAC addresses.  Policies can also include limits on traffic, packets, peers, ports, duration, and flows.

If a policy is violated, Mendel will trigger an alert immediately. For automated blocking, Mendel can be integrated with third-party systems like a NAC or Cisco ISE.

Policy violation: Improper traffic between management and user networks

Relevant for NIS2

Dedicated management segments are designed to limit who can interact with your infrastructure components like switches, routers, or servers. Unauthorized access from user networks increases the risk of misconfiguration, privilege abuse, or direct exploitation.

Validation with Mendel

Mendel’s peer graph provides you with a clear view of communication between your defined network segments. Your analysts can focus on management subnets to verify whether they are properly isolated from user networks, as required by internal policies.

For example, subnet 10.0.20.0/24 was assigned as a management zone, but Mendel revealed active connections to other internal networks.

After updating firewall rules, Mendel confirms isolation by showing no communication from 10.0.20.0/24.

Network Services Policy Enforcement

Core network services like DNS and DHCP are frequent targets for misuse or misconfiguration. Ensuring that only authorized services are active helps prevent spoofing, data leaks, and disruptions to your network stability.

Policy violation: Usage of unauthorized internal/​public DNS servers

Relevant for NIS2

This policy ensures that only approved DNS servers are used for resolving domain names inside the network. Unapproved or misconfigured servers can bypass security controls, hide malicious activity, or return forged responses.

Validation with Mendel

Internal DNS usage:  Mendel allows you to filter internal DNS servers using the host tag Role/​Server/​DNS. This provides you with a clear inventory of devices offering DNS or DNS-relay services. Your analysts can review this list and drill down into individual IPs to confirm whether each DNS server is expected and approved.

For example, a device at 192.168.178.1 was identified as providing DNS services. No other services were detected, indicating a possible relay or misconfigured gateway.

Public DNS usage: By filtering outbound DNS traffic, Mendel reveals which internal devices are using public DNS servers. This allows your analysts to identify whether DNS queries are leaving the network through unapproved resolvers.

In one case, two hosts were detected using Google DNS services: one being a default gateway, and another (192.168.40.215) a standard internal client. Such cases should be reviewed against DNS usage policies to ensure compliance.

Policy violation: Unauthorized DHCP Servers

Relevant for NIS2

This policy ensures that only approved DHCP servers operate in the network. Unauthorized DHCP servers can assign incorrect configurations, enable man-in-the-middle attacks, or disrupt connectivity.

Validation with Mendel

Mendel automatically detects new DHCP servers in your network and generates an event. In addition, it lists all DHCP servers by filtering hosts with the tag Role/​Server/​DHCP, helping your analysts verify whether each one is authorized or misconfigured. Drilling down on each IP reveals additional services and host behavior for deeper inspection.

For example, device 192.168.2.254 was found running multiple services, including DHCP, NTP, DNS, SSH, TELNET, and Mikrotik Winbox. This suggests it may be a router or a misconfigured network appliance.

From Visibility to Accountability

Enforcing internal rules only matters if those rules are visible and actionable. Without continuous policy monitoring, organizations like yours risk overlooking gaps that can lead to misconfigurations or downtime. Mendel helps you by aligning internal visibility with real-time behavior, enabling your teams to improve incident response, reduce alert fatigue, and maintain control over your environment.

In the next part, we’ll explore how Mendel validates encryption policies, user identity enforcement, and application-level restrictions, which are critical areas for maintaining compliance and reducing operational risk.

Want to evaluate your own network? Request a security audit with Mendel.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Securing the Internet of Things

IoT devices are transforming modern businesses and bringing greater efficiency, but they also deserve careful attention when it comes to security.

From medical monitors and factory sensors to smart cameras, IoT devices have become an essential part of today’s hospitals, factories, and office buildings. While they boost efficiency and enable automation, they also introduce new security risks. Many of these devices are difficult to update, lack even basic protection, and are hidden deep within the network without proper segmentation. A single compromised device can open the door to serious damage.

To help you secure your IoT environment, we’ve compiled a set of essential best practices, along with guidance on how GREYCORTEX Mendel can help you put them into action through enhanced visibility, monitoring, and detection.

Best Practices to Protect Your IoT Ecosystem with Mendel

With the right foundations in place, securing your IoT environment becomes manageable. Below, we break down key practices to strengthen visibility, control, and response, and show you how each one can be implemented and visualized using GREYCORTEX Mendel.

Map all IoT devices and assess their risks

Start by identifying every IoT device connected to your network—smart sensors, medical equipment, and other smart devices. Once you can see the full picture, assess which devices are critical, which are exposed, and what could happen if one of them gets compromised. Not all devices need the same level of protection, but all need to be accounted for.

Steps to take:

  • Scan your network to identify all connected devices
  • Document IPs, MAC addresses, models, locations, and owners
  • Classify devices based on criticality and exposure
  • Evaluate known vulnerabilities

Mendel in practice
In Mendel’s inventory tab, you get a real-time view of all active devices in your network, automatically mapped to their segments. For each device, you can see critical details like IP address, hostname, OS, and the severity of detected events. Mendel also tags hosts (e.g., AD server, printer), helping you quickly identify their role and assess their risk level.

Segment your network and control access

Use network segmentation to separate IoT devices from other networks and enforce access controls to limit unnecessary communication. A hospital X‑ray should reside in a protected clinical segment, while non-critical devices such as smart lighting must be isolated from sensitive systems like medical records or operational platforms.

Steps to take:

  • Group devices into segments by purpose, location, and risk
  • Define strict access policies among segments
  • Use firewalls, VLANs, or SDN to enforce segmentation
  • Regularly review and update access rules

Mendel in practice
Mendel provides a clear view of all internal communications, allowing you to ensure each IoT device communicates only with approved segments. This helps maintain proper isolation and enforces your segmentation strategy.

For critical network segments, Mendel lets you define custom rules to alert you immediately when an unknown device connects. This real-time visibility enables fast response and strengthens your access control.

Monitor and detect threats across your network

Even properly configured devices can become a risk. Continuous monitoring provides real-time visibility into IoT communication patterns, revealing who connects, when, and how often. With behavioral baselines in place, you can quickly detect anomalies, unauthorized access, or lateral movement attempts before they escalate.

Steps to take:

  • Monitor all traffic to and from IoT devices
  • Investigate anomalies like new destinations, large data transfers, or off-hours activity
  • Flag port scans or sudden traffic spikes from low-profile devices

Mendel in practice
Mendel automatically detects suspicious patterns like port scanning. If an IoT device suddenly starts reaching out to unusual services or systems, Mendel alerts you to possible malware activity or an attacker mapping your network.

Mendel monitors data flows and alerts you to anomalies. If a device suddenly begins transferring large volumes of data, especially to unfamiliar destinations, it could signal a compromise. Early detection helps you respond before any damage is done.

Prepare an incident response plan

When an unauthorized IoT device appears on your network, time matters. Having a clear response plan helps you react quickly by isolating the device, understanding its behavior, and preventing further damage without losing precious time to confusion.

Steps to take:

  • Establish automated alerts
  • Assign roles and responsibilities for investigation and containment
  • Log all actions for future analysis and compliance

Mendel in practice
When Mendel detects suspicious activity from an IoT device, you can respond immediately—either manually or through automated rules. Block malicious traffic via integrated firewalls or isolate compromised devices using your NAC system to prevent further impact.

Build a Resilient IoT Environment with Mendel

IoT devices do not have to be your weakest link. With a clear inventory, proper segmentation, and real-time monitoring, you can reduce exposure and respond to threats before they escalate.

GREYCORTEX Mendel helps you put described practices into action. It gives you a complete picture of device activity, lets you detect unusual behavior early, and supports quick, informed responses. As IoT continues to grow across industries, having this level of control makes a big difference in keeping your network stable, secure, and ready for what’s next.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×