Companies Stunned by new threats detected through “Threat Detction & Cleaning Services”

“PAGO Networks, MDR platform, links with EPP, EDR, NDR, and OpenXDR to provide practical threat response to customers through automated processes”

▲ Paul Kwon, CEO of PAGO Networks, is presenting at K-CTI 2024.

On February 6, the "Korea's Largest Cyber Threat Intelligence Conference, K-CTI 2024" hosted by DailySECU was held.

Paul Kwon, CEO of PAGO Networks, drew attention by giving a lecture on "PAGO MDR Threat Insights Analysis Report 2023 (Actual Cyber Attack Analysis)".

PAGO Networks (CEO, Paul Kwon) is the best company in Korea that applies AI-based detection and response solutions and provides incident response and threat blocking MDR services.

Currently, it is providing MDR services along with AI-based security solutions such as Cyance, Star Cyber, and SentinelOne to more than 400 customer companies, contributing to the strengthening of practical customer information protection based on domestic-specific threat data accumulated for seven years.

CEO Paul Kwon said, "We supplied AI-based EPP, NDR, XDR, and EDR products, and we needed to validate whether the malicious files detected here were truly malicious and how dangerous they were, and customers demanded a lot, That's why we are providing an MDR service called DeepACT". And, “Customers can now receive more detailed threat information and response plan reports through the MDR threat hunting service along with AI-based solutions. PAGO Networks is recognized by customers as an MDR platform vendor that goes beyond providing simple solutions and can strengthen attack management services by developing its own SOC platform”

Meanwhile, the strength of PAGO Networks is that the introduction of NDR and Open-XDR products provides EPP, EDR, IOC, and IOA services at no additional cost, allowing customers to receive automated, active threat insights. In other words, it provides customers with managed services when direct operation is difficult along with product introduction.

To this end, PAGO Networks is building a threat intelligence system and systems and personnel that can automatically analyze threats, and is focusing on protecting customers' important assets and critical infrastructure.

▵ PAGO Networks’ Threat Response Platform

PAGO Networks has secured threat hunting technology to provide validation insights on malicious behavior, ultimately enabling threat detection and blocking to be practically achieved for customers.

CEO Paul Kwon said, “PAGO’s goals are clear. The goal is to maximize the customer protection ratio. If there is an ongoing threat, we respond as quickly as possible and provide realistic response plans. In particular, we want to not only stop at detection and prevention, but also inform you through which route the malicious attack came in. To this end, we are in the process of platformizing the MDR service,” he emphasized.

In particular, “No matter what security product the customer is using, we will provide threat response services in conjunction with Open-XDR Stellar Cyber. Customers can use EPP, EDR, NDR, and Open-XDR in conjunction with each other, and even integrate the technology of PAGO Networks' advanced experts. “PAGO will process this and provide platform-based services,” he added.

He then explained an example of a recent attack.

An in-house PC was infected with ransomware.

At this time, it does not simply detect and block one ransomware malicious code, but focuses on finding and removing threats used in "malicious files that searched for critical information," "Exploit," and "Account theft," which were not visible because numerous malicious codes and malicious activities were already linked.

In fact, it was an accident that occurred at a mid-sized company last year. PAGO successfully detected and prevented the accident and identified the attacker's intention to threaten.

This is an example of a detailed understanding of the six bottom principles of threats: who, when, where, what, how, and why of an attack, and conveyed this information to the customer.

In another case, after finding and blocking hackers' port scanning tools and malware with an EDR solution, all intelligence information was tracked and reported, including when the FTP tool was downloaded by the attacker and communicated with the C2 server. PAGO helps customers make the most of the solution and provides additional response information.

PAGO Networks' customer group is 78% manufacturing, 10% food and beverage, and 5% e-commerce and medical institutions. In addition, IT infrastructure suppliers and local security companies are also using products and services. Heavy equipment parts, automobile parts, air conditioning systems, dental medical devices, semiconductors, energy, and chemicals are particularly the manufacturing customers. Although most of the customers were using existing endpoint security solutions or network security solutions, hundreds of additional previously undetected threats were detected through MDR services linked to PAGO products. Customers are constantly increasing as they discover threats that were hiding well and attacking.

CEO Paul Kwon said, “For four of our representative customers, threats were significantly reduced through PAGO Threat Cleaning Service. Meanwhile, in the initial stage of critical threats, hacking tools were detected at 42%, Trojan at 26%, cryptominer at 19%, ransomware at 11%, and spear phishing at 1%. The most detected ransomware was Lockbit at 60%, BlackCat at 14%, Makop at 13%, and WannaCry at 13%. “The purpose of the detected threats was investigated in the following order: remote control, account takeover, information collection, privilege escalation, and internal spread,” he explained.

He continued, “If mid-sized companies and small and medium-sized companies receive attack management services, many new facts will be discovered. Many companies have remote access protocols open to the Internet. In addition, there are many cases where RDP, FTP, systems that can only be accessed internally, security equipment management console login pages, and DB access management sites are randomly connected to the outside. This is because there is a lack of internal management manpower. These are problems that arise from relying on external partners, providing them with public IPs, and opening ports. The reason why PAGO’s customers are steadily increasing is because ‘there are some threats but there is no organization or manpower to find them on their own.’ am. In this case, a request is made to PAGO, and we find and provide threat information through the Freemium Service. Meanwhile, the number of customers continued to increase. We hope you will actively utilize PAGO’s Freemium Threat Detection & Response / Threat Cleaning service,” he emphasized.

If you want more detailed information, please refer to the K-CTI 2024 lecture video by Paul Kwon (CEO of PAGO Networks), and the lecture materials can be downloaded from the DailySECU data room.

Link to the original article(Korean)- "권영목 파고네트웍스 대표 “위협탐지·클리닝 서비스로 기업들 새로운 위협 다수 발견하고 충격”(영상)"