Background: Securing a Vast, Sensitive Global Network
A prominent South Korean government agency, responsible for the nation’s global operations, operates a complex and highly sensitive network supporting numerous branches and overseas government offices worldwide. Protecting this vast infrastructure from cyber threats is paramount for maintaining national security and international relations. Since 2014, this agency has partnered with Genians, successfully deploying Genian NAC across its global network, including its international posts. NAC initially provided foundational visibility and IP management, even integrating with UTM devices as sensors, establishing a strong foundation of trust and an integrated security model.
Evolving Threats Demand Proactive Endpoint Defense Across Global Branches
Despite robust perimeter defenses, the agency faced a growing challenge from persistent APT (Advanced Persistent Threat) campaigns and other intelligent attacks. A more proactive defense strategy was required. Strengthening information security for internet-connected PCs across its numerous global branches became a key priority. The agency needed to enhance its ability to respond to cyber threats at the endpoint level, especially those that bypassed traditional security tools.
Solution: Genians EDR – A Strategic Choice for Integrated Threat Response
In 2020, to elevate its cybersecurity capabilities, the agency initiated a rigorous evaluation process for Endpoint Detection & Response (EDR) solutions. They meticulously reviewed seven EDR solutions (two global, five Korean), driven by specific criteria:
- Remote Investigation: Crucially, the solution needed to enable PC investigations and security checks remotely, without requiring direct user interaction—a critical feature given user concerns about inconvenience.
- Integrated Search: Support for unified searches across all PCs for similar events based on a single detected incident, supporting diverse search methods.
- Performance: Assurance of minimal impact on daily operations, fast search speeds, and low resource consumption (CPU, MEM).
- Beyond Antivirus: The primary goal was active threat response, not just signature-based malware detection (as they already used separate antivirus solutions).
Why Genian EDR Stood Out: Unmatched Functionality & Operational Fit
Genian EDR emerged as the clear choice. Its functionality was comparable to, or even surpassed, global competitors, providing more features than initially expected. What truly solidified the decision was its revolutionary single-agent architecture, enabling a unique operational model and Genians’ commitment to support:
- NAC Agent Plug-in (Single Agent Advantage): A major appeal was Genian EDR’s ability to operate as a lightweight plugin to the existing Genian NAC agent. This meant one lightweight agent with EDR plugin capabilities now provides comprehensive NAC and EDR functionality, ensuring exceptional system stability and performance across thousands of endpoints, even at scale.
- Leveraged existing NAC deployment for seamless, simplified rollout, operating quietly with low memory usage (as low as 9–12MB) even in low-bandwidth branches.
- This plugin-based integration significantly minimized operational overhead and agent deployment efforts.
- Post-Deployment Customization & Support: Genians’ willingness to consistently engage in customization and ongoing development based on the agency’s specific requirements fostered immense confidence and solidified their decision.
The agency primarily uses Genian EDR for three critical purposes:
- Real-time Malicious Behavior Monitoring: The primary use involves actively observing malicious activities on PCs via logs and customized dashboard widgets, maximizing endpoint visibility.
- Investigation & Analysis Tool: For detected malicious events, it serves as a crucial tool for in-depth investigation. It cross-references events from other security products (e.g., firewalls, IPS) to uncover meaningful insights, significantly enhancing analysis and response capabilities. This includes leveraging MITRE ATT&CK information for Fileless threats and enabling immediate responses like process termination or memory dumps.
- Group-Wide Malware Assessment: Used to check for malware infection across all PCs, leveraging user, department, and location information to assess potential spread—a capability previously unavailable across their distributed environment.
Summary: A Decade of Trust, Forging a Proactive Governance Defense Posture
The agency has significantly enhanced its cybersecurity posture. With Genian NAC successfully deployed since 2014 and Genian EDR added in 2020, the agency now benefits from over a decade of continuous partnership with Genians, establishing a robust, integrated security framework tailored to its unique global operations. This was further enhanced by Device Platform Intelligence (DPI) for advanced visibility and precise device classification.
Real-World Threat Response & Operational Excellence
Genian EDR has enabled the agency to effectively detect, respond to, and report on threats in real-time. Key real-world successes include:
- Long-Dormant Malware Detection: Detecting and mitigating a PC at a branch periodically uploading documents to the internet, revealing malware active since 2019.
- C&C Server Blocking: Identifying and blocking PCs connecting to C&C (Command & Control) servers, even when firewalls/IPS couldn’t investigate due to non-IP based malicious URLs.
- Attack Storyline Analysis: Utilizing Genian’s “Attack Storyline” feature for rapid visualization of threat execution relationships, enabling quick control actions like process termination and file collection.
This integrated solution provides enhanced monitoring, evaluation, and maintenance of all connected devices, ensuring the highest level of endpoint security and compliance. Leveraging the strong foundation of Genian NAC for network enforcement, Genian EDR’s intelligence empowers the security team to identify threats and enable rapid, informed intervention. Despite some technical challenges (like tracing initial infection paths or broader ML application), Genians’ responsiveness ensures continuous improvement. The seamless, nearly invisible EDR deployment resulted in minimal user discomfort, making it a pragmatic choice for a large, distributed government environment. The agency emphasizes defining clear objectives for EDR adoption, confirming their satisfaction with Genian’s solution for investigation and cross-analysis.
