Sands Lab, the first in Korea to acquire new technology (NET) certification in the field of information security for two consecutive years
Sands Lab (CEO Kim Ki-hong), a subsidiary of K-Sine, which is about to be listed on a special technology list in early 2023, is a “non-executable malware profiling and detection technology based on multi-dimensional metadata extraction and analysis” researched by the K-Sine subsidiary, National Agency for Technology and Standards of the Ministry of Trade, Industry and Energy announced on the 20th that it has obtained New Technology (NET) certification for two consecutive years from
New technology (NET) certification is granted to excellent technologies developed for the first time in Korea or innovatively improved existing technologies to promote commercialization and technology transactions. About 300 to 400 applications are received every year, including large companies, in all industries, but only 60 to 70 technologies are finally certified, and in particular, only about 3 to 4 technologies are certified in the information and communication field. It is one of the most difficult certifications in Korea.
Sands Lab has been awarded the NET New Technology Certification for the second year in a row this year following last year.
The core of Sands Lab’s new technology is to analyze non-executable files (document-type malware), which are mainly used in recent APT attacks, to extract key metadata, build a vectorized dataset, and learn and profile it by attacker group and attack technique. that it can be done Since it is difficult to disassemble non-executable files directly, it is not easy to extract metadata. However, securing advanced analysis technology that can automate and profile this was evaluated as a technology different from existing technologies.
Using this technology, APT attacks that exploit various document-type files such as PDF, HWP, and XLS can be quickly identified in advance using artificial intelligence technology. In addition, it is possible to automate and secure important intelligence grounds as profiling information on attackers and attack techniques based on MITER ATT&CK can be provided as well as simply identifying whether the imported file is malicious. By using this, existing experts can reduce the task of analyzing for 3 to 5 days to around 10 minutes, enabling more analysis per unit time, enabling more active and efficient response to cyber security threats that are becoming more advanced and increasing day by day. It can be used as a core technology.
“Following the new technology for profiling executable files obtained in 2021, the new technology obtained this year in 2022 is profiling technology for non-executable files,” said Sands Lab CEO Ki-Hong Kim. “Recent attacks are social engineering techniques. Attacks that have been extended to non-executable file formats, such as spear phishing disguised as normal emails for business use, are increasing. In order to actively respond to the advanced APT attack, this technology is a core technology that is absolutely necessary, and a technology with high future use value that can profile attackers and attack techniques using artificial intelligence is certified as a new technology. It has more meaning.”
In particular, Sands Lab is also participating in the AI dataset construction project in the field of “threat profiling”, which is being conducted by the Korea Internet & Security Agency in 2022. Using this technology, metadata about various non-executable files used by about 130 attack groups active at home and abroad is extracted and turned into a dataset, and the data built through this is KISA Cyber Security Big Data The center will be open to the public.
Meanwhile, SandsLab collects and analyzes various threat information at home and abroad to provide information services through Malwares.com, which is owned by itself, and plans to commercialize new technologies certified this year for customers to use through its services and solutions.
