“WithNetworks successfully introduced i24A, an endpoint solution that applied the original malware blocking technology developed by WithNetworks, in Korea this year, and plans to achieve 10 billion won in sales next year only with its own products. We have already secured large customers in finance, travel, and manufacturing, and are pushing to enter overseas markets.”
WithNetworks is betting on the security market with self-developed products. WithNetworks, which launched the endpoint security solution 'i24A', will also introduce a ransomware prevention solution next year. It is an aspiration to raise 10 billion won in sales of both products alone out of total sales.
CEO In-goo Koh, who recently met with <Digital Daily> at the headquarters of WithNetworks located in Yongsan-gu, Seoul, said, “Technology that can cope with malicious code in an easy way that is differentiated from the existing content malicious code detoxification (CDR) and endpoint solutions. He said, “This is a product that was introduced by recruiting a former white hacker as the head of the research institute in 2016 and investing 1 billion won a year in development.”
'i24A' is an E-CDR (Endpoint Content Detection Response) solution. When a user executes malicious code according to the attacker's intention by bypassing the sandbox, it is installed on the endpoint and blocks the malicious code regardless of network connection or communication. to protect your PC.
This solution requires neither updates nor malware databases. Since it is not a disassembly/recombination method, the original file can be used as it is. This is possible because it is process-based. This is because if an abnormal operation is shown in addition to the normal process, the action is immediately blocked.
For example, you downloaded a document file infected with ransomware. Let's assume that this ransomware is designed to start its malicious behavior when the document window is closed. The i24A does not work when you open this document. because it behaves normally. Accordingly, the user can read the contents of the document. After that, when the document window is closed, if a malicious behavior process is executed, it is immediately blocked because an abnormal behavior is detected.
“A fileless attack can also be detected by deleting files after being infected with malicious code and making it appear as if the malicious code exists only in memory,” said CEO Koh. “This can also be detected by disabling macros.” .
“This is possible through the whitelist method that WithNetworks applied for a patent, but it does not mean that we will block everything and open only the allowed ones like the existing whitelist,” he said. There were many obstacles, but i24A stipulates that only behaviors that are determined to be abnormal can be blocked.”
i24A checks whether there is a content program, whether an executable file is created, and whether the digital signature has been forged or falsified, and then blocks execution in the case of an unsigned abnormal program. Accordingly, files with all extensions classified as content are detected, and no changes are made to the original files.
“i24A recently obtained GS certification and is currently registering for procurement, and ahead of entering the public market, we plan to hold a procurement launching seminar with customers and partners at Yuseong Hotel in Daejeon on the 18th,” said CEO Koh. It is effective, so it has already been introduced to Hana Tour, finance, manufacturing, and pharmaceuticals.”
Along with this, WithNetworks is also developing 'i24R', a ransomware prevention solution, with the goal of launching it next year. This solution fundamentally blocks the authority to change ransomware files through an untrusted process tracking engine, rather than a method of checking using signature patterns.
Through the two products, WithNetworks starts overseas markets such as Japan, Southeast Asia, and the United States. WithNetworks, which participated in the Singapore RSA conference, will also participate in the RSA conference held in San Francisco, USA next year.
CEO Koh said, “We are seeking to enter and activate the US and Japanese markets within the next year, and in the long term, we are considering even listing on the KOSDAQ.” Emphasized.
Meanwhile, WithNetworks, established in 2009, posted 18.1 billion won in sales last year. Representativesare both from HPE, and CEO Ahn focuses on the domestic market, while CEO Koh focuses on the overseas market. WithNetworks is KT's main security control service provider (MSSP) and distributes Fortinet's FortiGate and Ruckus Networks AP equipment in Korea.