Switzerland

Back to Search

International Partner Search

Innovation & Technology Offer

A Korean IT company specialized in cyber security solution against APT (Advanced Persistent Threat) and ransomware attack and it’s looking for an overseas partner for manufacturing and commercial agreement with technical assistance

Country of Origin: South Korea
Reference Number: TOKR20171220002
Publication Date: 20 December 2017

Summary

A Korean IT company develops cyber security solution. The solution provides dual defense on network and Endpoint (PC, personal computer/server) against APT and ransomware attack. The company wishes to offer its technology and product to the European market under a commercial agreement with technical assistance and manufacturing agreement.

Description

The company was established in 2008 to develop specialized malware detection/response solutions in the anti-virus centric security market. Eventually the company developed a product and provides the products to governments, universities, financial institutions, and enterprises. The company established a limited liability company and branch office in US and Vietnam in 2014 and has distributors in Japan, Indonesia, Taiwan, Malaysia, Thailand, Dubai. The company has achieved an export to Japan, US and Vietnam since 2015. Based on such achievement, the company aims to become a global security professional company that represents Korea in the future.

This company has 8 products and the 7 products can be largely divided into an APT solution for network security and EDR (Endpoint Detection & Response) solution for endpoint security.

1) The APT solution is a hardware type and installed on network level. It has a built-in virtual machine, Sandbox. There are APT solutions for network security, email security and transferred file security in separate network environments.

The APT solutions for the network security is installed between firewall and network switch (Computer networking device that connects devices together on a computer network by using packet switching to receive, process, and forward data to the destination device) in mirroring way. The solution has built-in Sandbox (virtual machine), so it executes the downloaded file virtually in the Sandbox and monitors the happened behavior and determines if it is malicious, so it can defend against an unknown malware in advance.

3 steps analysis is proceeded in the product. First, it analyzes based on the signature of the malware. Next step is a static analysis based on behavior. The last step is a dynamic analysis based on behavior.

2) The second group is EDR solution which has been developed recently. This one is a software type and installed on the user’s PC or server. There are 4 types of products in the EDR group: an EDR product defending against APT on PC, EDR product defending against APT on server, EDR product defending against ransomware on PC, and SECaaS (Security as a Service), cloud type service of EDR product.

The main product in this group is EDR product defending against APT on PC. It is a software type and installed on PC to defend malware bypassing Sandbox (virtual machine) or attacking through encrypted communications such as SSL (Secure Sockets Layer).

If a user of a PC where the product is installed downloads a file, and if the file is registered on the Whitelist, the file is executed normally. If the file is not registered on Whitelist, the file’s execution is stopped and the file is sent to Inspector to be analyzed in the Sandbox. If the result is normal, the file is executed in the PC normally and added on Whitelist. If the result is malicious, the file is quarantined and blacklisted. This entire process is called ‘Execution Holding function based on Whitelist’. The EDR product allows only the file registered on the Whitelist, so the Whitelist is more powerful at security than a Blacklist.

3) The company also provides a manager product, and it contains a web-based device and interface for central management and policy deployment and update of the company’s products.

In future, the company wants to offer its technology to the IT firms developing security software. OEM distribution under manufacturing contract and commercial agreement with technical assistance will be discussed. The company would also like to provide the technician training in the set-up stage.
Image

Image

Image

Advantages and Innovations

1) Behavior-based security solution saves PC and server from unknown malware

Existing security solutions such as anti-virus use signature-based technology; they can detect only known malware, so if unknown malwares attack the PC, Zero Day, a damaged period before generating vaccine, always occurs. A Sandbox (virtual machine), on the other hand, uses behavior-based technology, so it can respond against new and variant malware in advance without any damaged period.

But the traditional Sandbox (virtual machine) technology such as no.1 market share product is vulnerable to malware bypassing virtual machine and attacking through encrypted communication such as SSL (Secure Sockets Layer). To overcome these limitations, the company released EDR (Endpoint Detection & Response) products recently. The endpoint is a PC or server and the EDR product provides endpoint security based on behaviors. (EDR is a term coined by a no.1 IT research company in the early of this year.)

2) Competitive price compared to other competitor products

The no. 1 market share product has their own Sandbox technology, so they’re strong at the network security, but week at endpoint security. However, this company’s product is strong at the network security as well as the endpoint security. In addition, this company’s product price is cheaper than global vendors such as no.1 market share product about 30%.

Stage Of Development

Already on the market

Requested partner

• Partner sought: IT company, System Integrator (SI), governments and educational institutions

• Specific area of activity of the partner: IT

• Task to be performed: contract or manufacture of the software

Contact Profile Owner