An image of SK shieldus's security system. /Courtesy of SK shieldus

As the race in speed between cyberattacks and defense narrows to "hours," the paradigm of the security monitoring market is changing. SK shieldus said on the 3rd that, after building a system that connects threat detection directly to response with its artificial intelligence (AI)-based cyber defense monitoring center Secudium, it has begun building an "agentic SOC (autonomous security operations center)" in which security systems judge and act on their own.

◇ From 771 days to 1 hour from vulnerability disclosure to attack… the golden time has vanished

The spread of AI has first become a weapon for attackers. As automated attack tools and AI-based vulnerability analysis become commonplace, the barrier to launching attacks has fallen while sophistication and the speed of spread have risen sharply. With more attacks that are hard to distinguish from normal behavior, there are warnings that existing security monitoring, which relies on rule-based detection, has limits in responding.

According to the 2026 Global Threat Report by global security company CrowdStrike, the time from a vulnerability's disclosure to the emergence of exploit code dropped from an average of 771 days in 2018 to within 1 hour recently. The time corporations have to recognize and respond to threats has effectively disappeared. As a result, the role of security monitoring must now go beyond detecting anomalies, synthesizing data from multiple systems to read the flow of an attack and lead to actual response.

The pillar of SK shieldus' response is Secudium. It integrates and analyzes security data generated across networks, PCs, servers, and clouds with AI, and when a threat is confirmed, it automatically acts according to predefined procedures.

The differentiator is the unit of analysis. Instead of judging individual events separately, it interprets data as a single attack scenario by consolidation based on the time of occurrence and correlations. For example, it recognizes a series of actions—an external access attempt followed by a permission change and then access to internal systems—as one infiltration process. The company said it has boosted speed and accuracy by identifying complex attacks that are easy to miss with individual detections.

◇ Zeroing in on minimizing human involvement and shortening MTTR

The next step SK shieldus is preparing is an agentic SOC. Beyond simple task automation, it is a next-generation security operations model in which an AI agent perceives, reasons, acts, and then learns from the result. The goal is an autonomous security operations environment that enables swift, consistent responses while minimizing human involvement.

The company plans to gradually expand the scope of AI use and autonomous response capabilities based on its current AI-driven true/false positive adjudication and automated response systems. It intends to advance an autonomous operations system that connects attack flow analysis to response to reduce mean time to respond (MTTR) and use AI assistants to ease technology gaps among monitoring personnel.

Kim Byung-mu, head of the cyber security division (executive vice president) at SK shieldus, said, "As cyberattacks become more sophisticated, the role of security monitoring is evolving from swiftly responding after detecting threats to going further and making judgments on its own," and added, "We will continue to strengthen our AI-based security monitoring capabilities and build an autonomous security operations system based on an agentic SOC to implement a proactive security environment."

※ This article has been translated by AI. Share your feedback here.