Global Media Leader Elevates Endpoint Defense with Genian EDR

Background: Securing a Dynamic Global Media Enterprise

A prominent South Korean broadcasting company operates as a content-centric global media group, aiming to lead the K-content market. The organization comprises 1 headquarters in Korea and more than 20 domestic and overseas offices, with nearly 2,000 employees and substantial annual revenue. Its information security team manages security policy, system operations, and incident response. Key operational challenges include balancing endpoint security with performance for diverse work tasks, and managing the risk of personal and content information leakage, crucial for maintaining 24/7 broadcasting service availability.

Long-Standing Partnership and Foundational NAC Capabilities

The organization first adopted Genian NAC in 2008, gaining high visibility for its network. This included efficient IP and Patch Management, effective policy application for non-compliant devices via a Captive Web Portal, and SMS notifications for new node registration. NAC also integrated with HR DB and LDAP to synchronize user information, streamlining policy application. Building on this established trust, the organization later evaluated various EDR solutions for enhanced endpoint security, ultimately selecting and operating Genian EDR in 2022.

Evolving Threats Demand Advanced Endpoint Defense

The company recognized endpoints as critical entry points for IT infrastructure and data. Facing sophisticated, impossible-to-block cyberattacks, the organization needed enhanced defenses.

• Growing Attack Volume: In a recent two-year period, the organization experienced hundreds of thousands of malicious traffic blocks and dozens of ransomware attacks, leading to a few infections on critical PCs and servers.
• Outdated Defense Gaps: Existing security solutions proved limited. Traditional Firewalls/IPS generated excessive logs with limited analysis. Antivirus solutions only detected known threats, lacking infection path tracing. APT response systems were limited by sandbox bypasses, and Ransomware solutions struggled with fileless attacks. Integrated Log Systems (SIEM) were constrained by missing logs.
• Visibility & Workload Issues: These limitations resulted in a lack of visibility into infected PCs, difficulty analyzing lateral spread, and increased workload for limited security personnel.

Consequently, the company adopted an EDR solution capable of rapid awareness, analysis, and response to minimize damage and prevent recurrence.

Solution: Genians EDR – The Strategic Choice for Enterprise Endpoint Resilience

The organization initiated its EDR evaluation in 2021, deploying it in 2022. They sought an EDR solution capable of detecting advanced threats missed by existing antivirus tools. Their rigorous selection criteria focused on:

• Advanced Threat Detection & Analysis: Ability to detect unknown threats beyond basic antivirus capabilities, analyze unknown malware, classify threat severity, and detect fileless attacks.
• Integrated Visibility & Response: Intuitive dashboards for attack types, supporting collection of suspicious files and comprehensive recovery.
• Agent Considerations: Low resource usage, support for diverse OS, host information, and compatibility with existing in-house security programs (e.g., DRM, NAC, EPP).
• Management & Integration: Management server access control and seamless threat intelligence integration with their Security Operations Center (SOC) systems.
• Market Leadership & Reliability: Preference for solutions with proven success across diverse environments and a strong market presence.

Genian EDR was selected based on function evaluation and competitive bidding. Its functionality was comparable to, or even surpassed, global competitors, offering more features than expected.

Why Genian EDR Stood Out: Unmatched Operational Fit and Proven Reliability

Genian EDR emerged as the clear choice due to its unique operational model and proven reliability:

• Single Agent Deployment & Operational Ease: Genian EDR’s “single agent deployment and installation” was a major advantage. This meant one lightweight agent provided comprehensive EDR functionality, ensuring system stability and performance across approximately 1,500 work PCs. It significantly minimized operational overhead and simplified deployment enterprise-wide.
• Superior Behavioral Analysis & Response: It demonstrated strong behavior analysis and response capabilities, effectively linking with antivirus engines. It detects unknown threats (IOC, ML, XBA, user-defined rules) and provides diverse responses (process termination, quarantine, network isolation, VSS management for ransomware recovery).
• Performance & Compatibility: Internal pilot tests confirmed no conflicts with other security programs (DRM, NAC, EPP) or business processes. Agent CPU usage averaged 1% and memory 15.8MB, confirming low resource consumption.
• Market Leadership & Trust: As the first EDR solution launched in Korea and a market leader, Genian EDR had accumulated extensive experience and trust. This includes continuous customization and development support based on the organization’s evolving needs.

The organization primarily uses Genian EDR for three critical purposes:

• Real-time Malicious Behavior Monitoring: Actively observing malicious activities on PCs via logs and customized dashboard widgets, maximizing endpoint visibility.
• Investigation & Analysis Tool: Serving as a crucial cross-investigation tool alongside other security products (e.g., firewalls, IPS) for detected malicious events. It provides detailed threat information, MITRE ATT&CK insights for fileless threats, and enables immediate responses (process termination, memory dumps).
• Overall PC Assessment: Conducting group-wide checks for malware infection across all PCs, assessing potential spread using user, department, and location information.

Summary: A Proactive Defense for a Global Media Leader

The broadcasting company has significantly enhanced its cybersecurity posture. With Genian NAC successfully deployed since 2008 and Genian EDR adopted in 2022, the organization benefits from over a decade of continuous partnership with Genians, establishing a robust, integrated security framework.

Proactive Defense & Uninterrupted Service Delivery

Genian EDR has enabled the organization to proactively detect, respond to, and report on threats in real-time. Key real-world successes include:

• Ransomware Defense & Recovery: Successfully detecting ransomware activity and managing VSS (Volume Shadow Copy Services) for recovery.
• Attack Storyline Analysis: Utilizing Genian’s “Attack Storyline” feature for rapid visualization of threat execution relationships, enabling quick control actions.

Future Operations and Strategic Vision: Leveraging NAC-EDR for Enhanced Resilience
The organization plans to further enhance its EDR operations by integrating it with existing and future security systems, strengthening ransomware defense, and improving visibility into media control.

• Multi-level Endpoint Response System: Leveraging the integrated NAC-EDR platform, they plan to build a multi-level endpoint response system, securing visibility of detection results and enabling step-by-step responses to malicious threats by coordinating EDR intelligence with network enforcement capabilities.
• Advanced Analysis System through SIEM/SOAR Integration: Future plans involve integrating EDR and network data (from NAC) with SIEM/SOAR. This aims to build a connected analysis, response, and monitoring system for correlation analysis between network anomalies and endpoint malicious activities, enhancing overall threat intelligence.
• Enhanced Ransomware Defense & Media Control: They also aim to enhance ransomware defense by integrating with more efficient anti-ransomware solutions than Windows VSS for real-time ransomware detection, backup, and restoration. Furthermore, they plan to gain comprehensive visibility into media control and malware propagation via external storage media.

This integrated solution provides enhanced monitoring and maintenance of all connected devices, ensuring the highest level of endpoint security and compliance. The solution has operated without disruption to work or SOC systems, demonstrating high performance. The nearly invisible EDR deployment resulted in minimal user discomfort. This robust partnership ensures its critical content and services remain secure 24/7.