※ Seoul National University of Science and Technology supports startups in the early-stage startup package in the deep tech (AI·big data) sector. Based on Seoul National University of Science and Technology’s customized growth support program, IT Donga examines promising deep tech startups that are achieving clear results in the market.


The nature of cyberattacks is changing rapidly. In the past, malicious code mainly took the form of executable files (EXE), but recently there has been a surge in sophisticated attacks that disguise themselves as business documents or script files to infect users’ PCs. Statistics indicate that 91% of recent cyberattacks start with email, and a significant portion of these use document-type malware.

The problem is that traditional antivirus solutions rely on lists of already known malware. It takes, on average, more than 200 days for new malware to be registered in antivirus databases. There are growing concerns that, in the face of new threats emerging daily, traditional antivirus software has inevitable limitations in responding effectively.

“Malware Catcher (AKDAN, CEO Jeon Sang-hyun)” is a deep tech startup that emerged to directly break through this blind spot of antivirus solutions. The company emphasizes that its solution lineup, the “AKDAN HALL” product family equipped with proprietary “Pre-Execution Detection (PED)” technology, determines whether a file is malicious just before it is executed and can capture even new threats overlooked by antivirus programs within one second. The reporter met with CEO Jeon Sang-hyun to hear in detail about Malware Catcher’s technology and vision, which challenge the conventional wisdom of cybersecurity.

- The company name is very strong and intuitive. What motivated the decision to start a business after leaving behind a stable career as a researcher?

: Since 2010, for more than 15 years, work has been carried out in the front lines of the security industry, including AhnLab, developing malware analysis engines. The biggest frustration in the field was “speed.” Malware evolves on a weekly basis, while defensive technologies struggle to catch up. Although excellent engines were developed at previous companies, there were structural limitations in existing analysis methods (such as sandboxing), making it difficult to perfectly block the latest malware. The thought emerged that “this will not work; the game needs to be changed.” There was a desire to break away from existing inertia and personally create a completely new analysis paradigm. The company name “Malware Catcher” is akin to a declaration of intent to track and apprehend new malware to the very end.

- The statement “traditional antivirus cannot catch new malware” may be unfamiliar to general users. What specifically is different?

: To use a simple analogy, traditional antivirus is like conducting inspections while holding a “wanted list.” It can only catch criminals if “a face (malware signature) is registered on the list as a criminal.” In other words, if a new criminal (unknown malware) appears after plastic surgery or in disguise, it can be missed right in front of one’s eyes. In contrast, this technology does not require a wanted list. Instead, it observes behavior. It is like creating a virtual environment that most closely resembles the crime scene and hypnotizing the attacker into triggering the prepared criminal actions. When a file attempts to execute, it can quickly identify suspicious actions such as attempting to destroy the system or exfiltrate information. This makes it possible to fundamentally block even unknown threats.


- Please introduce the core solution “AKDAN HALL PED.” What are its technological strengths?

: The product name “AKDAN HALL” combines “AKDAN,” an abbreviation of Malware Catcher, with “Hall,” as in City Hall, signifying the establishment of a monitoring authority within the PC that apprehends and manages malware. The core “PED (Pre-Execution Detection)” technology completes its analysis in less than one second (an average of 0.27 seconds) at the exact moment a user clicks to open an email attachment or similar file. While existing EDR (Endpoint Detection and Response) solutions track behavior after malware has already executed, in a kind of “too-late remedy,” this solution suspends execution and performs an inspection first, leaving no opportunity for damage to occur. This technological capability was recognized last year when it was designated as an outstanding information security technology by KISA (Korea Internet & Security Agency).


- It is understood that there is a lineup for enterprises as well as individuals.

: That is correct. Individuals and small businesses can easily use the solution by installing a cloud-based agent. However, there are institutions such as hospitals and public organizations that are extremely sensitive to internal data leakage or that operate in closed network environments cut off from external internet access. For these, a small physical server-type product called “AKDAN HALL mini” has been developed. By simply connecting this server, which is about the size of a fist, to a router, it is possible to safely analyze and protect files exchanged within an organization of around 100 people. Installation is very simple, and the introduction cost has been drastically reduced compared to existing equipment. Going forward, there are plans to expand into enterprise products for large corporations and an SDK (software development kit) business that supplies the analysis engine to other security vendors.

- For users already using antivirus software such as V3 or Alyac, is there any need to additionally use “AKDAN HALL”? Is there a risk of conflict?

: That is the biggest differentiator. Typically, if two or more antivirus programs are installed on a PC, they conflict with each other or significantly slow down the PC, so only one is used. However, “AKDAN HALL” does not “fight” existing antivirus solutions, but rather “cooperates” with them. Antivirus solutions first filter out malware that is on the wanted list, and then this solution conducts a secondary, detailed inspection for new malware that the antivirus missed, thereby completing a “dual-layer security” system. Under normal circumstances, it consumes almost no system resources and is activated only at the moment the user clicks a document (with CPU usage around 2.6%), so there is no need to worry about PC performance degradation.


- How did the early-stage startup package program of the Startup Support Group at Seoul National University of Science and Technology help?

: Decisive assistance was provided in commercializing the hardware product “AKDAN HALL mini.” In the process of turning a product that was at the idea stage into a prototype ready for actual sale, not only financial support but also mentoring provided substantial help. In addition, it was possible to expand networks related to marketing and investment attraction (IR), which had been lacking due to focusing solely on technology development. Practical support was received that is essential for a startup to move beyond technology and grow into a business.

- What are the future plans and goals?

: In the short term, the focus is on entering the Japanese market. Japanese localization of the product has already been completed, and based on participation in an exhibition in Japan at the end of last year, discussions are underway with local partners on establishing dealerships. In the long term, the aim is “coexistence,” not “competition.” The goal is not to compete and win against other security companies. The aspiration is to become a partner that supplies the powerful analysis engine to other security vendors and enhances the performance of their products. The company intends to prove that Korean security technology is at a global level and to become a “first mover” contributing to the creation of a safer digital world.

IT Donga reporter Kim Young-woo (pengo@itdonga.com)

Popular News