2025-06-18 Clientless multi-monitor VDI, like Thinfinity Workspace, empowers MSPs to boost revenue by offering high-productivity solutions. It simplifies access, enhances security, and meets demands for advanced multi-display setups in professional environments.
Continue reading
European data protection is undergoing a quiet but radical shift. Once centered on legal compliance and checkbox auditing, it is now a high-stakes game of cybersecurity resilience. The rise of sophisticated ransomware, targeted attacks on backup systems, and the rapid expansion of cloud and IoT infrastructure have left organizations vulnerable, even those that believe they are prepared.
Regulatory evolution, like the GDPR and the new Data Act, reflects this new reality: data must be protected, recoverable, reliable, and continuously available.
This post explores two critical technologies that have emerged as strategic defenses in this environment: immutability and air-gapping. For European businesses facing a growing cyber threat landscape, they are increasingly essential to both compliance and continuity.
The EU’s data protection framework continues to evolve in scope and complexity:
These regulations are not mutually exclusive. Together, they push organizations toward architectures that can retain data securely, enable user access and deletion, and maintain business continuity even in a crisis.
Backups have traditionally been a fallback option, essential but passive. Unfortunately, attackers have caught up. A 2024 report on cyberattacks and ransomware shows that over 2 million cases of breaches were recorded from 556 publicly disclosed breaches in the EU.
Modern ransomware now encrypts production data and actively seeks out and destroys backup files and infrastructure. For example, some ransomware strains include scripts designed to locate Veeam or Hyper-V backups and corrupt or delete them. Others exploit admin credentials to access and erase snapshots or backup volumes. Once this happens, even the most comprehensive backup strategy is rendered useless.
This is where immutability and air-gapping enter the equation.
Immutability is the ability to store data in a way that cannot be altered, deleted, or overwritten for a defined retention period. Data kept on immutable storage stays exactly as it is—tamper-proof and time-locked once written.
Key Benefits:
How It Works:
Air-gapping, particularly with relation to the internet, is the process of separating a system or network from unprotected networks. In data security, it refers to either physically (offline) or logically (network-segmented with rigorous access restrictions) storing backup copies in an environment totally separate from any production network.
Types of Air-Gapping:
Key Benefits:
| Feature | Traditional Backups | Immutability | Air-Gapping |
| Ransomware Protection | Low | High | Very High |
| Compliance Support | Basic | Strong (supports audit trails) | Strong (ensures data isolation) |
| Recovery Reliability | Uncertain (can be tampered with) | High (unalterable copies) | High (offline or isolated backups) |
| Network Exposure | Always online | Online but locked | Offline or segmented |
| Deployment Complexity | Low | Moderate | Moderate to High |
| Cost | Low to Moderate | Moderate | Moderate to High |
| Use Case Fit | General, low-risk environments | Healthcare, finance, and legal sectors | Critical infrastructure, manufacturing |
Together, they provide layered protection. Immutable backups protect against tampering, while air-gapping ensures backups remain unreachable by attackers.
SaaS Providers and Cloud Services
Companies hosting customer data under GDPR must ensure availability and recoverability. Combining immutable snapshots with logically air-gapped storage helps meet resilience and compliance requirements.
Manufacturing and IoT-Driven Sectors
With the Data Act mandating user access to IoT-generated data, manufacturers must store and protect vast volumes of telemetry. Immutability ensures these datasets remain accurate and auditable; air-gapping protects against targeted OT attacks.
Healthcare and Public Sector
These sectors are highly regulated and often targeted by ransomware. Immutability secures patient records against tampering, while air-gapping ensures continuity even during a breach.
Agriculture and Smart Infrastructure
Farmers using precision agriculture tools generate sensitive location and environmental data. Air-gapped storage can help protect this data from being exploited, while immutability ensures it remains accurate for subsidies, audits, or sustainability reports.
The Data Act is pushing organizations to open up their data, but doing so without compromising security will be the real challenge. With the EU emphasizing accessibility and user rights, businesses must find ways to share data without increasing exposure.
Immutability and air-gapping provide the foundational safeguards to enable this. They ensure that data is unaltered even if it is widely shared. And even in cases of network breaches, a secure, offline recovery path exists.
In this way, these technologies are not just about cyber defense. They are enablers of digital trust, the cornerstone of Europe’s data-driven future.
European data protection strategies are evolving toward a model that assumes breach readiness as much as it assumes legal compliance. Immutability and air-gapping are central to this paradigm. When implemented correctly, they help businesses meet their obligations under GDPR, ISO 27001, and the Data Act and ensure that data can survive the threats that regulations can’t predict.
Security now means continuity. In Europe’s digital future, continuity requires architecture built for the worst day, not just the best intentions.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Storware
Storware is a backup software producer with over 10 years of experience in the backup world. Storware Backup and Recovery is an enterprise-grade, agent-less solution that caters to various data environments. It supports virtual machines, containers, storage providers, Microsoft 365, and applications running on-premises or in the cloud. Thanks to its small footprint, seamless integration into your existing IT infrastructure, storage, or enterprise backup providers is effortless.
We continue our series of articles on DNS Tunneling, where in previous pieces we’ve covered the essence of DNS tunneling and data exfiltration, explaining why it’s dangerous, how it works, and how surprisingly easy it is to execute. In this third article, we turn our attention to a critical and often overlooked factor: the Performance Characteristics of DNS Tunneling. Many assume these tunnels are too slow to matter, but the reality paints a different picture.
One might assume that using DNS for data transfer is extremely slow, since DNS is not designed for bulk data, and indeed, many DNS tunnels operate at low bitrates. However, the performance of DNS tunneling can vary widely depending on how it’s implemented and the network conditions. In the worst case, DNS tunneling is quite sluggish, for example, a security study noted a typical bandwidth of around 110 KB/s (0.11 MB/s) for DNS tunnels, which is minor compared to normal network speeds. Many real-world malware samples using DNS tunnels send data sparingly to avoid detection. However, under optimal conditions, DNS tunneling can achieve surprisingly high throughput, even exceeding tens of megabits per second, or more.
Some of the open-source tools have modes or techniques to maximize DNS tunnel bandwidth. For instance, the tool Iodine can operate in what’s called “raw mode,” where it sends DNS packets directly to an authoritative server, bypassing the usual recursive resolver behavior. Before establishing the tunnel, Iodine checks which types of DNS packets are suitable for carrying payloads and automatically tests encoding options to find the most efficient one.
Once a working encoding is found, the tool tests the maximum possible payload size per packet by adjusting the downstream fragment size to ensure optimal throughput without fragmentation or packet loss.
In a controlled test environment, Iodine’s raw mode was shown to push over 50 Mbit/s through a DNS tunnel. In one benchmark, a 10MB file was transferred in just one second, demonstrating that DNS tunnels can achieve speeds rivaling legitimate network traffic under ideal conditions.
This was achieved by using large DNS packets and fast, direct query loops. If multiple parallel queries are used and the attacker controls the entire path, throughput can climb even higher. In theory, with extensions like EDNS0 allowing larger UDP payloads (~4KB per DNS message) and multiple queries in flight, a DNS tunnel could reach hundreds of megabits per second. In fact, security engineers have demonstrated that in ideal lab conditions (e.g., a local network with no DNS resolver in the middle), DNS tunneling can exceed 200 Mb/s of data transfer. That is comparable to or higher than many corporate internet connections, indicating that DNS tunneling is not just a trickle of data, it can be a firehose under the right circumstances.
On the other hand, the moment a DNS tunnel has to go through a typical recursive resolver, as in most real scenarios, performance drops dramatically. Even when all unknown outbound connections are completely blocked at the firewall level, the speed drops significantly, but the tunnel still remains operational.
This illustrates how persistent DNS tunnels can be even in tightly restricted network environments. Continuing the Iodine example, when the tunnel was forced to use a normal DNS server, which breaks data into many small queries and adds latency, the bandwidth plummeted from 50 Mbit/s to around 400 kbit/s (0.4 Mbit/s) . That’s a huge drop, illustrating that real-world tunnels often face overhead. Additionally, many public DNS resolvers and corporate DNS servers will cache responses and rate-limit similar queries, further capping throughput. Attackers must balance speed with stealth, aggressive high-volume DNS tunneling might be faster, but it’s also more likely to be noticed by intrusion detection systems due to unusual traffic patterns. Therefore, in practice, many malicious DNS tunnels operate in the realm of a few kilobits to a few hundred kilobits per second, slow enough to stay under the radar, but still fast enough to gradually siphon significant data, for example, even 100 kbit/s can exfiltrate ~1 MB of data in 80 seconds, which over hours or days can leak gigabytes).
In summary, DNS tunneling performance ranges from very slow to surprisingly fast. With careful optimization (direct authoritative queries, larger DNS messages, parallelism), tunnels can reach tens or even hundreds of Mbps. This means an attacker who isn’t worried about being noisy could transfer substantial data (e.g. streaming stolen data out). Conversely, stealthy attackers will accept lower speeds to avoid detection. From an organizational standpoint, this variability means you cannot assume a DNS tunnel is harmless because “it’s too slow to be useful”, it might not be slow at all. Even a slow tunnel is dangerous if it’s stealing your data, and a fast tunnel is outright alarming because of how much it can take in a short time.
DNS tunneling isn’t just a theoretical risk or an exotic attack seen only in advanced persistent threat scenarios. It’s a real, versatile, and increasingly accessible method used for data exfiltration and command-and-control operations. As we’ve shown, DNS tunnels can range from barely detectable low-bandwidth trickles to high-speed channels capable of transferring hundreds of megabits per second under the right conditions. This variability makes them dangerous: slow enough to slip under the radar, fast enough to cause real damage.
SafeDNS offers advanced Network-layer protection specifically designed to detect and block tunneling attempts in real time. Our DNS Security 2.0 module identifies abnormal query patterns, excessive subdomain usage, and suspicious data encoding behaviors common in tunneling. With automated threat intelligence, encrypted DNS support (DoH/DoT), and integration into SIEM platforms, SafeDNS helps organizations detect both stealthy and aggressive tunnels before damage is done. Whether attackers are dripping out data or opening the floodgates, SafeDNS ensures your DNS is no longer a blind spot, but a proactive defense line.
About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Windows monitoring with Sysmon requires custom XML configuration for effective security logging. Integrating Sysmon with a SIEM like Pandora SIEM enhances centralized analysis, threat detection, and correlation for robust security management and operational efficiency.
Continue reading
Penta Security 榮獲 Frost & Sullivan 2025 年度南韓網站應用程式防火牆產業「年度最佳公司」大獎
旗艦級 WAAP 解決方案 WAPPLES 以其技術創新、市場領導地位及卓越客戶價值而備受肯定。
全球網絡安全領導者 Penta Security 今日宣布,榮獲著名全球市場研究與顧問公司 Frost & Sullivan 的表彰。該公司憑藉其智慧型網站應用程式與 API 保護(Web Application and API Protection, WAAP)解決方案 WAPPLES,獲頒「2025 年度南韓網站應用程式防火牆產業最佳公司」(2025 Company of the Year Award)大獎。
Frost & Sullivan 的「年度最佳公司」大獎每年都會表彰在增長策略、執行力、技術創新及客戶價值方面表現卓越的企業。
在其獎項分析中,Frost & Sullivan 強調了 Penta Security 定義市場的卓越表現,並指出:「Penta Security 憑藉其在技術創新、策略執行和客戶價值創造方面的卓越表現而獲選。憑藉多年深厚的專業知識,Penta Security 的旗艦級 WAAP 解決方案 WAPPLES 已在南韓的網站安全領域樹立了標竿,提供出色的主動式防護能力。」
WAPPLES 是一款市場領先的解決方案,保護著全球 171 個國家、超過 70 萬個網絡業務和基礎設施。其成功橫跨公共部門、金融科技、電子商務和雲端領域。
Penta Security 企劃部總監 Taejoon Jung 表示:「WAPPLES 的成功反映了我們為維持市場領先地位而進行不懈的創新,同時也迅速回應客戶不斷變化的需求。這個獎項印證了客戶對我們的信任。未來,我們將繼續致力於推進研發工作,以保護全球更多企業的安全。」
Penta Security 採取全方位的策略來涵蓋資訊安全的每個面向。本公司持續努力,透過廣泛的 IT 安全產品,在幕後確保客戶的安全。因此,Penta Security 總部位於韓國,並已在全球擴展,成為亞太地區的市佔領導者。
作為韓國最早進入資訊安全領域的公司之一,Penta Security 已經開發出廣泛的基礎技術。我們將科學、工程與管理相結合,擴展自身的技術能力,並以此技術視角做出關鍵決策。
Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。
Click one of our contacts below to chat on WhatsApp
