Germany | Bayern

Zurück zur Suche

Internationale Partnersuche

Innovation & Technologie Angebot

A Korean IT company specialized in cyber security solution against APT (Advanced Persistent Threat) and ransomware attack and it's looking for an overseas partner for manufacturing and commercial agreement with technical assistance

Country of Origin: South Korea
Reference Number: TOKR20201027001
Publication Date: 27 October 2020

Summary

A Korean IT company develops cyber security solution. The solution provides dual defense on network and Endpoint (PC, personal computer/server) against APT and ransomware attack. The company wishes to offer its technology and product to the European market under a commercial agreement with technical assistance and manufacturing agreement.

Description

The company was established in 2008 to develop specialized malware detection/response solutions in the anti-virus
centric security market. Eventually the company developed a product and provides the products to governments, universities, financial institutions, and enterprises. The company established a limited liability company and branch office in US and Vietnam in 2014 and has distributors in Japan, Indonesia, Taiwan, Malaysia, Thailand, Dubai. The company has achieved an export to Japan, US and Vietnam since 2015. Based on such achievement, the
company aims to become a global security professional company that represents Korea in the future.

This company has 8 products and the 7 products can be largely divided into an APT solution for network security and
EDR (Endpoint Detection & Response) solution for endpoint security.

1) The APT solution is a hardware type and installed on network level. It has a built-in virtual machine, Sandbox. There are APT solutions for network security, email security and transferred file security in separate network environments.

The APT solutions for the network security is installed between firewall and network switch (Computer networking
device that connects devices together on a computer network by using packet switching to receive, process, and
forward data to the destination device) in mirroring way. The solution has built-in Sandbox (virtual machine), so it
executes the downloaded file virtually in the Sandbox and monitors the happened behavior and determines if it is
malicious, so it can defend against an unknown malware in advance.

3 steps analysis is proceeded in the product. First, it analyzes based on the signature of the malware. Next step is a
static analysis based on behavior. The last step is a dynamic analysis based on behavior.

2) The second group is EDR solution which has been developed recently. This one is a software type and installed on the user’s PC or server. There are 4 types of products in the EDR group: an EDR product defending against APT on PC, EDR product defending against APT on server, EDR product defending against ransomware on PC, and SECaaS (Security as a Service), cloud type service of EDR product.

The main product in this group is EDR product defending against APT on PC. It is a software type and installed on PC
to defend malware bypassing Sandbox (virtual machine) or attacking through encrypted communications such as SSL
(Secure Sockets Layer).

If a user of a PC where the product is installed downloads a file, and if the file is registered on the Whitelist, the file is
executed normally. If the file is not registered on Whitelist, the file’s execution is stopped and the file is sent to Inspector to be analyzed in the Sandbox. If the result is normal, the file is executed in the PC normally and added on Whitelist. If the result is malicious, the file is quarantined and blacklisted. This entire process is called ‘Execution Holding function based on Whitelist’. The EDR product allows only the file registered on the Whitelist, so the Whitelist is more powerful at security than a Blacklist.

3) The company also provides a manager product, and it contains a web-based device and interface for central management and policy deployment and update of the company’s products.

In future, the company wants to offer its technology to the IT firms developing security software. OEM distribution under manufacturing contract and commercial agreement with technical assistance will be discussed. The company would also like to provide the technician training in the set-up stage.

Advantages and Innovations

1) Behavior-based security solution saves PC and server from unknown malware Existing security solutions such as anti-virus use signature-based technology; they can detect only known malware, so if unknown malwares attack the PC, Zero Day, a damaged period before generating vaccine, always occurs. A Sandbox (virtual machine), on the other hand, uses behavior-based technology, so it can respond against new and variant malware in advance without any damaged period.

But the traditional Sandbox (virtual machine) technology such as no.1 market share product is vulnerable to malware
bypassing virtual machine and attacking through encrypted communication such as SSL (Secure Sockets Layer). To overcome these limitations, the company released EDR (Endpoint Detection & Response) products recently. The endpoint is a PC or server and the EDR product provides endpoint security based on behaviors. (EDR is a term coined by a no.1 IT research company in the early of this year.)

2) Competitive price compared to other competitor products
The no. 1 market share product has their own Sandbox technology, so they’re strong at the network security, but
week at endpoint security. However, this company’s product is strong at the network security as well as the endpoint security. In addition, this company’s product price is cheaper than global vendors such as no.1 market share product about 30%.

Stage Of Development

Already on the market

Requested partner

• Partner sought: IT company, System Integrator (SI), governments and educational institutions
• Specific area of activity of the partner: IT
• Task to be performed: contract or manufacture of the software

Kooperationsanfrage stellen