Chasung Lim is the Founder and CEO of SecuLetter. SecuLetter Co., Ltd is an information security company that develops and provides products that detect, diagnose, analyze and block malicious code attacks that are difficult to diagnose by signature and behavior-based security solutions using proprietary automatized reverse engineering analysis technology.
SecuLetter’s products “SLE (Advanced Email Security)” and “SLF (Advanced File Security)” are actively being used in major national institutions, financial institutions and companies such as KEPCO E&C, Korea Post Information Center, KISA (Korea Internet & Security Agency), BNK Busan Bank, KAMCO (Korea Asset Management Corporation), KSD (Korea Securities Depository) and KTCU (Korean Teachers’ Credit Union).
In an exclusive interview, Founder Chasung Lim spoke to us about SecuLetter’s journey since its inception in 2015 and how building a unique cyber security product helped his company grab total funding of US$12 million to date. He also spoke to us about his companies’ plans to accelerate global expansion into the cyber security market from its existing footprint in the Middle East.
At the onset, would you please provide a brief profile of your company and its solution?
SecuLetter is a cyber-security solution provider using reverse engineering technology to detect, diagnose, analyze, and block malicious code attacks that are difficult to capture by signature or behavior-based security solutions.
Existing malware diagnosis solutions are focused on analyzing behavior-based vulnerabilities through executable files such as .exe files. Recently it has been observed that malicious code infection is being done through document files, which are non-executable files, and this trend is on the rise.
However, the SecuLetter solution protects users from malicious code threats by analyzing the security vulnerabilities of various electronic documents (MS Office, PDF, Image File) inflowing from external to internal network. Currently, SecuLetter is the only provider that provides non-executable based file analysis with automatized reverse engineering technology.
What motivated you to start on your own despite having a secured job?
Before starting SecuLetter, I was working as an analyst at AhnLab. In my job, incidences for which behavior-based diagnosis of non-executable files failed to detect the malicious code were passed on to the analysts. Hundreds of thousands of malicious codes are pouring out every day, and I thought there was a limit to how humans could catch so many malicious codes.
Hence, I decided to start a business because I felt that if I could collect and organize data, I could create a security solution that could act as an analyst. Moreover, we created a debugger at the assembly level to develop solutions that diagnose better than global one-top vendors. We developed a solution in terms of a new framework that can negate attempts to bypass behavior-based solutions by putting algorithms in it to create a malware diagnosis engine.
Would you please elaborate on SecuLetter’s solution to block malicious code?
Let me give you an example. As patients are at great risk of receiving incorrect prescriptions due to misdiagnosis that might lead to unfair treatment, a proper diagnosis of malicious codes is needed. Malicious codes have evolved into a technology that can bypass behavior-based solutions, and it has become difficult to detect sophisticated malicious code.
As a result, threats from malicious codes cannot be prevented entirely because unknown malicious codes or newly appearing malicious codes cannot be diagnosed using existing security solutions.
On the other hand, SecuLetter’s product identifies malicious code by analyzing it at the assembly level, which is the smallest unit of file. By providing solutions such as “SecuLetter Email Security (SLE),” “SecuLetter File Security (SLF),” and “SecuLetter Email Service (SLES),” which commercialize the expertise of malicious code analysis, it analyzes and blocks malicious code that current signature based or sandboxing APT solution can’t.
Would you please briefly inform us about SecuLetter’s solutions’ salient features compared to other security solutions?
SecuLetter does not tell customers that it can do everything. Rather, we have been focused on developing the best product for detecting malicious codes in the non-executable file. In other words, we have chosen the “choice and concentration strategy”.
SecuLetter’s automatized reverse engineering assembly level analysis process is five times faster than those of other solutions, and its great advantage is being able to diagnose malicious code more accurately and quickly.
Behavior-based solutions usually take about 5 minutes to diagnose threats, but SecuLetter’s technology takes 45 seconds to record the same. It is the only atypical threat detection product that can give results within a minute. The reason is that diagnosis is not behavior-based. It is efficient in a speed-sensitive network-linked environment because there is no need to wait for malicious code behavior.
Security-critical public institutions are increasingly adopting SecuLetter’s solutions; besides these, what other companies use your services?
Approximately 60 public institutions and general companies are using SecuLetter’s services. To name a few, we have Korea Post, one of the large-scale public institutions with more than 30,000 employees using our services.
Several financial institutions, such as Korea Securities Depository, Korea Asset Management Corporation KAMCO, and Korea Teachers’ Credit Union (KTCU), also use the SecuLetter service. Among financial companies, BNK Busan Bank uses our service. After Busan Bank adopted our services, other large financial holdings and banks pondered using our services.
Last year, SecuLetter received $8 million investment. And one of the investors is from Saudi Arabia venture capital firm. How did you succeed in attracting these investors?
Saudi Arabia is a country that is interested in information security. Saudi Arabia is sensitive to security and invests a lot because it faces many cyber-attacks. RVC the Saudi Arabian venture capital firm, one of the investors of SecuLetter series B funding round, has recognized SecuLetter technology specialty by dedicating cyber security expert to validate SecuLetter product.
SecuLetter succeeded in attracting US $2 million as Series A investment from Korea Investment Partners and UTC Investment in October 2016, followed by about 9.9 billion won ($8 million) worth of Series B investment from Korea Investment Partners, Korea Development Bank, and the Saudi government investment agency RVC in three years; as a result, the amount of the accumulative investment has reached US $12 million.
Would you please talk about the demand for cybersecurity and its market in the future?
The domestic information security market in Korea is currently undervalued. Since information security is a knowledge-based service, it can spread globally, and the added value is also high. Looking at foreign cases such as the US, the investment attracted by this market is itself enticing.
At present, there are not much Korean security companies that have grown globally. Still, it is expected that the Korean market environment will change a lot by actively attracting investment and increasing job creation effects if there are information security companies, valued trillions of won.
To this end, it is necessary to recognize that the information security market is influential at the national level and lays the groundwork for global growth. If it creates references such as investment and certification systems in the information security market. I think Korean domestic security companies will grow sufficiently with the current momentum.
What are your expansion plans and future goals?
SecuLetter is promoting its business based on its technology. To continuously strengthen our product competitiveness, research on new products and new technologies is prioritized.
In addition, we set our primary business goal on next-generation APT protection and plan to cover and reinforce the existing behavior-based APT security solution’s vulnerability.
Can you briefly share your global expansion plan?
We have already established our global footprint by introducing Cloud services in Saudi Arabia first. Based on the experience, we are expanding our business in the Middle East and currently on progress to support global active pipeline in South Africa, Thailand, Indonesia, Malaysia, and other S.E. Asia region.
We will continue our efforts to grow into a global brand. Malicious code detection is an area that can be applied in common anywhere globally, and I thought that if the diagnosis rate is guaranteed from the startup, it can move toward the global market. To enter the global market, you must eventually go to the US market. The reason for preparing for next year’s technology special listing is to eventually advance to the US market in earnest, and the goal will be to succeed in the US market.