“In an era when hacking using AI is spreading, security strategies to block lateral movement will become even more important.”
Kim Dong-il (김동일), CEO of AMC Lab, stressed that in the AI era, a zero-trust security strategy that focuses on preventing spread on the assumption that hackers have already infiltrated systems, particularly microsegmentation, will be a key word for sustainable security.
He cited an environment in which attackers can use AI to quickly find software vulnerabilities and break in, making it more important to block intruders from escalating attacks than to stop infiltration itself.
Kim said, “When asked to find program vulnerabilities, Claude Mythos developed by Anthropic even hacked and erased traces. If hackers use this, every company could be breached.” He said it will be important to prevent attacks from spreading through lateral movement. “Even if AI hacks, you just have to stop it from spreading internally,” he said.
AMC Lab last year unveiled HoneyBee, a microsegmentation product, and has targeted South Korea’s enterprise security market. Microsegmentation is a technology that divides an IT environment into very small units to control traffic in detail, focusing on blocking the spread of attacks as much as possible.
Microsegmentation solutions are broadly divided into network, server and application layers, and HoneyBee’s specialty is application-layer microsegmentation. Kim said a differentiator is that HoneyBee can be segmented at the process level.
He said segmentation at the process level can prevent attacks from spreading across applications. He said this differs from solutions that segment server IPs or ports to block access. Kim said even if a company adopts a microsegment solution, it cannot prevent an attack from growing if hackers obtain allowed root privileges, but HoneyBee can defend by blocking at the process level.
The microsegmentation-based security market already includes a number of overseas security companies that have entered South Korea, including Akamai and Illumio.
Kim said HoneyBee supports application-based microsegmentation at the process level rather than the server level, and that its strength is that companies can deploy it more easily and quickly. The company said microsegmentation solutions have tended to take a long time to deploy.
Testing alone takes 2 months, and including policy-setting, deployment can take 5 to 6 months. In the case of server-based microsegmentation, a labelling process is needed to establish relationships based on IP and port data, and security functions cannot be used during this period. Automatic blocking of any action not on the whitelist is also a burden for operators, it said.
By contrast, HoneyBee can be tested relatively quickly and also offers a detection mode in addition to blocking mode. Kim said hackers carry out actions such as scanning ports, altering host firewalls without authorisation and creating paths. He said HoneyBee can block only specific processes based on processes. If it detects tampering with a host firewall, it treats it as hacking and can block it through detection mode, he said.
AMC Lab said it is seeing results from HoneyBee deployments in the enterprise market. Many tests have been conducted across the finance and telecommunications industries, and some have completed tests and decided on full deployment, the company said.
Kim said as AI spreads, zero-trust-based internal defence is emerging as a core security strategy. He said the company will focus on product development and expand sales by working with channel partners.
Click Here For The Original Source
