A Korean IT company specialized in cyber security solution against APT (Advanced Persistent Threat) and ransomware attack and it's looking for an overseas partner for manufacturing and commercial agreement with technical assistance

The company was established in 2008 to develop specialized malware detection/response solutions in the anti-virus centric security market. Eventually the company developed a product and provides the products to governments, universities, financial institutions, and enterprises. The company established a limited liability company and branch office in US and Vietnam in 2014 and has distributors in Japan, Indonesia, Taiwan, Malaysia, Thailand, Dubai. The company has achieved an export to Japan, US and Vietnam since 2015. Based on such achievement, the company aims to become a global security professional company that represents Korea in the future. This company has 8 products and the 7 products can be largely divided into an APT solution for network security and EDR (Endpoint Detection & Response) solution for endpoint security. 1) The APT solution is a hardware type and installed on network level. It has a built-in virtual machine, Sandbox. There are APT solutions for network security, email security and transferred file security in separate network environments. The APT solutions for the network security is installed between firewall and network switch (Computer networking device that connects devices together on a computer network by using packet switching to receive, process, and forward data to the destination device) in mirroring way. The solution has built-in Sandbox (virtual machine), so it executes the downloaded file virtually in the Sandbox and monitors the happened behavior and determines if it is malicious, so it can defend against an unknown malware in advance. 3 steps analysis is proceeded in the product. First, it analyzes based on the signature of the malware. Next step is a static analysis based on behavior. The last step is a dynamic analysis based on behavior. 2) The second group is EDR solution which has been developed recently. This one is a software type and installed on the user’s PC or server. There are 4 types of products in the EDR group: an EDR product defending against APT on PC, EDR product defending against APT on server, EDR product defending against ransomware on PC, and SECaaS (Security as a Service), cloud type service of EDR product. The main product in this group is EDR product defending against APT on PC. It is a software type and installed on PC to defend malware bypassing Sandbox (virtual machine) or attacking through encrypted communications such as SSL (Secure Sockets Layer). If a user of a PC where the product is installed downloads a file, and if the file is registered on the Whitelist, the file is executed normally. If the file is not registered on Whitelist, the file’s execution is stopped and the file is sent to Inspector to be analyzed in the Sandbox. If the result is normal, the file is executed in the PC normally and added on Whitelist. If the result is malicious, the file is quarantined and blacklisted. This entire process is called ‘Execution Holding function based on Whitelist’. The EDR product allows only the file registered on the Whitelist, so the Whitelist is more powerful at security than a Blacklist. 3) The company also provides a manager product, and it contains a web-based device and interface for central management and policy deployment and update of the company’s products. In future, the company wants to offer its technology to the IT firms developing security software. OEM distribution under manufacturing contract and commercial agreement with technical assistance will be discussed. The company would also like to provide the technician training in the set-up stage.