SK shieldus said on the 25th that it will invest a total of 20 billion won by 2026 to advance its security operations platform "Secudium" into an artificial intelligence (AI)-based MXDR (managed extended detection and response) system.
Recent hacking is evolving beyond simple intrusions into sophisticated techniques, such as disguising as legitimate users to move laterally within internal networks or cleverly evading security device detection. In this process, it leads to account theft, data leaks, and ransomware distribution, threatening corporations' core asset and trust.
To respond to such threats, corporations introduce managed security service (MSS). Managed security service monitors and analyzes logs and events generated from a corporation's networks, servers, and PCs in real time, 24 hours a day, to quickly detect and block intrusion attempts. Traditional managed security service focuses on real-time detection and post-attack response, which can be relatively vulnerable to recently evolving attacks. As a result, a proactive and predictive response system has become necessary, and MXDR is attracting attention as the alternative.
The MXDR that SK shieldus is pursuing through this advancement is a service that is more evolved than existing managed security service. It expands the monitoring scope, which had been limited to networks and servers, to endpoints, and uses AI-based analysis to compare with normal work patterns to identify abnormal behavior early. In other words, MXDR does not look at a single event alone, but integrates and analyzes information collected from multiple security points to comprehensively identify signs of attack and respond proactively.
The first-phase advancement, completed in the first half of this year, involved an investment of 8 billion won. SK shieldus replaced the core security log processing engine to establish a foundation that can analyze millions of data points per second faster and more accurately, while reducing unnecessary alerts (false positives) so that real threats are not missed. At the same time, it strengthened the system (SOAR) that automatically responds to threats so that response processes such as blocking the attacker's IP, isolating systems infected with malware, and notifying administrators are automatically executed immediately upon detection.
SK shieldus also revamped its "ruleset" for determining hacking indicators to a global standard. For example, it set it up so that an alert automatically goes off if login failures are repeated in a short period of time or if an administrator account logs in from an overseas region different from usual. SK shieldus increased precision to detect even the latest attacks by reflecting various threat intelligence, including the tactics and techniques framework (MITRE ATT&CK), the list of common vulnerabilities (CVE), the vulnerability severity metric (CVSS), and a site for sharing new exploits (Exploit DB).
An additional 12 billion won will be invested in the second-phase advancement, which will continue through next year. SK shieldus plans to advance the system to one that integrates and analyzes data generated from networks and endpoints such as PCs and servers based on AI, and can detect attackers who move stealthily within internal networks at an early stage. If the first phase was work to strengthen the foundation of managed security service, the second phase is the process of developing it into monitoring that predicts and blocks threats in advance.
The service delivery method will also be improved to be customer-centric. Managed security service will be converted to a software as a service (SaaS) model so customers can use the service when needed without building separate equipment. This will make it easy to provide the same service not only to domestic small and midsize corporations but also to overseas corporations, which is expected to further strengthen export competitiveness. In addition, it will add a "threat impact assessment" to check in advance what actual impact an attack could have, and a "threat hunting" function to proactively find potential attacks.
Kim Byeong-mu, head of the cybersecurity division (executive vice president) at SK shieldus, said, "We are making one of the industry's largest investments to gradually advance next-generation MXDR monitoring services in response to evolving hacking threats," and added, "Through this investment, we will present the future standard of managed security service and establish ourselves as a leading corporation trusted in the global market."