KO
EN

Security Solutions No.1

Application Layer Logical
Intrusion Detection & Prevention System

SecuLogic is a logical security solution improving on the problems in the existing security systems
It is a Web-traffic security system that can act against the various intelligent cyberattacks
by application layer logical detection of intrusions and blocking

Security Industry Worry

Concerns in the Security Industry

SSL Encrypted Traffic Problem

- Utilization of the SSL encrypted traffic as attack routes
- As SSL encrypted traffic inspection is not possible, only IP blocking is possible

User Terminal Identification

- limitations in user terminal identification by IP

Storing and Utilization of Collected Data

- behavioral detection and defense not possible
- statistical detection, protection and machine learning utilization is not possible

Difficulty in blocking against logical cyberattacks

Application Layer Logical Intrusion Detection & Prevention System

Logical Security Solution Improving on the Problems in the Existing Security System

Complete Collection and Inspection of Web traffic without overloading

Accurate User IdentificationTechnology

Complete Storage of collected data and big data

User behavior and Statistical based Identification and blocking

Detection of abnormal DB Access and blocking

Automatic blocking by accurate detection

Responding against diverse intelligent cyber attacks possible

Differences from existing security schemes

Conventionally, existing security systems were physical security dependent on network packets which had limitations in detecting the diversified attackers due to problems in user identification, data collection, and statistical detection. SecuLogic does not depend on the network packets and solves the problems in the existing security systems by collecting, detecting, and blocking within WAS memory.

Main Function

Next generation Web traffic security solution that provides logical detection of intrusion and auto blocking function

Accuracy in User Identification

- IP
- Application Session ID
- Invariable Session ID
- User ID

Collection of Transactions without Loading

- Collection of Transaction Information already decrypted in WAS memory
- Exclusion of unnecessary collection of URL
  gif, css, jpg, gif, js and etc.
- Load reduction by collection dispersion
   Dispersion Effectiveness as much as the number of WAS

Complete Collection of Transaction

- Collection of all HTTP Request Header values
  HTTP Header, Attribute
  Query String, Cookie

- DML Data
   SQL Executions, Insert, Update

Accuracy in Detection Policy

- HTTP Header based Detection
- User Behavioral Detection
- User-specific Statistical Detection
- DML based Detection

Variety of Blocking Methods

- HTTP Header based Blocking
- User IP based Blocking
- Application Session ID Blocking
- User Session ID Blocking

Service-oriented Policy Management

- Application of Service/Domain based Policy
- Effective in Cloud System
- Ideal in Large Size Data Centers

Lightweight Detection

- Based on Lightweight HTTP Header.
  Accurate Identification of only
  the detection items

- User Identification and Statistic based
  Identification in SecuLogic Server
  No influence on service

Auto-block

- Auto-block by Accurate Detection
  Auto-block possible by accurate Detection

- Auto-block by setting blocking time
  Set block time by blocking criterion

Analysis of Big Data

- Management of Detection and Blocking History
- Analysis of Changes by Domain/Service
- Analysis of Dispersion in Transactions
- Utilization of Elasticsearch Kibana

Architecture of Seculogic

3-Tire Architecture( Console-Collection Server-Agent), Data is Saved in Big Data(Elasticsearch)System

Benefit of Seculogic

Technical Progress which was difficult in existing products

Secure Web Traffic Visibility
- Web traffic information collection from non-encrypted sections
- 100% complete collection of Web traffic information
- Collection not affected by Web service
Detection and Auto blocking
- 100% Auto blocking based on accurate detection
- Manual analysis for blocking after detection not necessary
- Automatic management of detection and blocking status history
Accurate User Identification
- Accurate user identification about web traffic has become possible
- Various methods in user identification
- IP, AP session, User session, User ID
Statistical and Behavioral Detection
- Statistical detection by user
- User behavioral detection
- Abnormal behavior detection

Securing response system against web traffic intelligent cyberattack

Solution

The optimum security solution in large-scale data center and cloud environment

Product Comparison

Comparison Chart with Existing Products

Classification Detailed Function SIEM NG WAF SecuLogic Other
Product Definition Definition Big data-based security control system Next Generation Web Firewall Software Web Firewall + Big Data Based Web Traffic Security
Data Collection Data Collection Method
Data Collection Type
Data Classification
Collection of Encrypted Data(SSL)
Data Collection Overload
User Identification
Log
Log and Event Information
Unstructured Data
Need to work with SSL visibility solution
Almost None
Identification Not Possible
Network Packet
Web Traffic
Structured Data
Collection after Decryption
Frequent
Identification Not Possible
WAS memory
Web Traffic
Structured Data
Collection on non-encrypted segments
Almost None
Identification Possible





Identification not possible:only Identification by IP
Detection Overloading at Detection
IP Modulation Attack Detection
User ID tamper detection
Statistical based detection
User-specific statistical detection
User behavior based detection
Detection of excessive call users
Detection of Web Traffic DDos attack
DB Access based Detection
APT Attack Detection
Session hijacking detection
Account hijack detection
Web Shell Detection
Macro Call Detection
Almost None
Not Possible
Not Possible
Partially Possible
Not Possible
Not Possible
Not Possible
Not Possible
Not Possible
Partially Possible
Partially Possible
Partially Possible
Partially Possible
Partially Possible
Frequent
Not Possible
Not Possible
Not Possible
Not Possible
Not Possible
Not Possible
Not Possible
Not Possible
Not Possible
Not Possible
Not Possible
Possible
Not Possible
Almost None
Possible
Possible
Possible
Possible
Possible
Possible
Possible
Possible
Possible
Possible
Possible
Possible
Possible








Partially Possible: When Interlocked with other Product
Partially Possible: When Interlocked with other Product
Partially Possible: When Interlocked with other Product
Partially Possible: When Interlocked with other Product
Partially Possible: When Interlocked with other Product
Blocking Auto-block in case of Detection
Session ID based Blocking
User ID based Blocking
DB Access based Blocking
Partially Possible
Not Possible
Not Possible
Not Possible
Possible
Not Possible
Not Possible
Not Possible
Possible
Possible
Possible
Possible
Transaction Analysis Long-Term Transaction Analysis
User identification based Analysis
Possible
Not Possible
Not Possible
Not Possible
Possible
Possible

Contact Us

Got a question? We’d love to hear from you. Send us an e-mail and we’ll respond as soon as possible.