Penta Security

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Penta Security Systems Inc.
펜타시큐리티시스템
Private
Industry IT Security
Founded 1997
Headquarters Seoul, Republic of Korea
Area served
Australia, China, Indonesia, Japan, Malaysia, Philippine, Rwanda, Singapore, South Korea, Thailand, United States (Alphabetical Order)
Key people
Products
Number of employees
200+ (2016)
Website www.pentasecurity.com/en/

Penta Security Systems Inc. (Korean: 펜타시큐리티시스템㈜) is an information technology (IT) security firm headquartered in Seoul, South Korea. Penta Security offers web application security, database security, and single sign-on solutions.[1]

History[edit]

Establishment and growth[edit]

Founded in 1997 by Seokwoo Lee,[2] and headquartered in Seoul, South Korea, Penta Security Systems Inc. is a provider of web application security products and core technology, with more than 2,200 installed customers in government, large enterprise, small and medium business, education, and finance and medical institutions.

Vision[edit]

In 2012, Penta Security announced its slogan as “Trust for an Open Society.” CEO/Founder Seokwoo Lee explained “People can trust each other when they’re protected. With Penta Security’s technology, we want to help people communicate and exchange information with each other without any anxiety.”[3]

Subsidiaries and international expansion[edit]

Its Japanese Office, Penta Security Systems K.K., was incorporated in Akasaka, Tokyo, Japan in 2009, and Penta Security System Corporation was found in Texas, the United States in 2014. Together, Penta Security Systems, Inc., Penta Security Systems K.K and Penta Security Corp are focused on the goal of meeting the IT security needs and requirements of organizations from South Korea to Japan (2009), Thailand (2010), Malaysia (2011), Singapore (2010) Taiwan (2011), Australia (2011), Indonesia (2011), Rwanda (2013), the United States (2013)[4]

Security R&D center[edit]

Penta Security has its own R&D center, so that researchers can conduct independent technology studies for the company. The R&D center has over 70 research specialists out of a total 150 employees. Penta Security is also fostering future information security officers by hiring employees from vocational high schools and university collaboration programs for its R&D center.[5]

Industry recognition[edit]

  • In 2003, Penta Security was awarded by the South Korean government for completing the e-Government project
  • In 2006, D’Amo received the GS (Good Software) Certification from the Telecommunications Technology Association of Korea[6]
  • In 2007, WAPPLES received the GS (Good Software) Certification from the Telecommunications Technology Association of Korea[7][8]
  • In 2008, WAPPLES received CC (Common Criteria) Certification
  • In 2008, WAPPLES received Security Compatibility Certification from the South Korean National Intelligence Service
  • In 2008, WAPPLES received the Intelligent Product Award from South Korea’s Intelligent Information System Society[9]
  • In 2009, WAPPLES received the Grand Prize in New Software Product from the South Korean Ministry of Knowledge and Economy[10]
  • In 2009, WAPPLES acquired a Certificate of Compliance to PCI-DSS ver. 1.2 Requirement 6.6'[11]
  • In 2009, Penta Security received the "Prime Minister’s Award" in the New Technology Commercialization category from the Korean Ministry of Knowledge and Economy[12]
  • In 2010, WAPPLES received the Grand Prize at the 9th Korea Software Competitiveness Awards[13]
  • In 2010, Seokwoo Lee was honored in the Senior Information Security Professional category at the International Information System Security Certification Consortium (ISC)² Fourth Asia-Pacific Information Security Leadership Achievements Program.[14]
  • In 2010, WAPPLES earned the IPv6 Ready Silver Logo (IPv6)[15]
  • In 2011, Penta Security became a member of the Open Web Application Security Project (OWASP)[16]
  • Penta Security's database security solution, D’Amo 2.3, received SAP certification[17][18]
  • In 2012, WAPPLES V-Series became certified as a VMware Ready product.
  • In 2012, WAPPLES received international Common Criteria (CC) certification.
  • In 2012, Penta Security received the Venture-Startup 2012 Contributor Award.
  • In 2012, Penta Security won the "Minister of Knowledge and Economy's Award" for contribution to the information security industries.
  • In 2012, Penta Security received ISO 9001:2008, ISO 14001:2004 from ISO
  • In 2013, ISign+ received the GS (Good Software) Certification from the Telecommunications Technology Association of Korea
  • In 2013, WAPPLES received ‘Web Application Firewall of the Year’ from Frost & Sullivan
  • In 2013, Penta Security won the “Ministry of Science, ICT and Future Planning’ Award” in IT Innovation Award
  • In 2014, WAPPLES received the “Web Application Firewall of the Year” from Frost & Sullivan for the second year in a row[19]
  • In 2014, WAPPLES received recognition from the Telecommunication Technology Association
  • In 2015, WAPPLES received ICSA Labs WAF Certification[20]
  • In 2016, Penta Security was chosen as "2016 Asian Cyber Security Vendor of the Year" by Frost & Sullivan

Key People[edit]

  • Seokwoo Greg Lee (CEO/Founder)
  • Duk Soo Kim (Executive Director)
  • Gi Seung Kim (CFO)
  • Jaeson Yoo (SVP of Business Development)

Products and Services[edit]

Enterprise Solutions[edit]

Web Application Firewall (WAF): WAPPLES[edit]

WAPPLES, originally launched in 2005, is a web application firewall (Application layer firewall) that operates on a logic analysis based engine.[21] This web application firewall enables users to protect their web applications from the top ten most critical web application security risks of 2010, as outlined by OWASP.[22][23] WAPPLES received a Certificate of Compliance to PCI-DSS ver. 1.2 Requirement 6.6[24] common criteria (CC) certification, and is IPv6 ready.[25] WAPPLES has obtained patents in Korea for ‘Method for Detecting a Web Application Attack’ (Patent No. 10-2010-0064363) and ‘Method for Detecting a Web Attack Based on a Security Rule’ (Patent No. 10-2009-0077410), and Penta Security has submitted applications for comparable patents in the US, China, and Japan. In January 2012, WAPPLES was granted a Japanese patent for its algorithm-based, application-layer attack detection engine (Patent No. 2012-014667).[26] Other WAPPLES family products include WAPPLES MS, a centralized management system allowing integrated management of groups of WAPPLES units, and WAPPLES V-Series, a virtual, cloud computing-based equivalent to WAPPLES.[27] Penta Security publishes Intelligent Customer Support (ICS) Report, a web attack trend analysis report based on statistical information gathered from the logs detected by installed WAPPLES customers. The report is issued every quarter through Penta Security website (www.pentasecurity.com). The report includes statistical information corresponding to the WAPPLES rules, top 10 OWASP vulnerabilities, source countries of web attacks, attack purposes etc.

Data Encryption: D’Amo[edit]

First released in 2004, D’Amo is data encryption software that enables database security via encryption, access control and audit. D’Amo enables high-speed encryption by column, and allows for the separation of database management from security management through two-tiered access control. Penta Security has patented D’Amo’s ‘Index Column Encryption Method.’[28] Additionally, this product has received the GS (Good Software) Certification from the Telecommunications Technology Association of Korea,[29] as well as several awards from the South Korean government.[30] D’Amo holds three patents, two in Korea and one in the United States. The patents held in Korea are Patent No. 10-0698834, ‘Index Column Encryption Method’ and Patent No. 10-0859162, ‘Query processing system and method for database with encrypted columns by query encryption transformation.’ D’Amo holds a patent for the latter in the US as well, under Patent No.2009/0100033.[31] In August 2011, D’Amo version 2.3 received certification for integration with SAP NetWeaver.[32][33]

Japanese patent for D'Amo. Obtained in April, 2012

Total user authentication solution : ISign+[edit]

ISign+ is a sensible SSO/WAM solution with fast implementation (up to 10 systems in one week) at an economic cost. One-step user authorization make possible for various applications such as groupware, multiple server environments, public web services and so on. And utilizes multiple authentication methods, including public-key infrastructure, biometrics, and mobile OTP. ISign+ are equipped with all the functions of hardware type then building period and the cost is low. In addition, ISign+ products holds Good Software certification from the Telecommunications Technology Association of Korea. With its token-method authentication system, ISign+ addresses the authentication and session management problem, which is the second biggest threat factor among the “Top 10 Web Application Vulnerabilities,” released by OWASP in 2013.

Small & medium business packages[edit]

Database security solution for MySQL: MyDiamo[edit]

MyDiamo was launched as a database security solution for MySQL in 2013. MyDiamo now also supports MariaDB with its DB encryption and comprehensive security features. The product applies world-class technology, including international standard algorithms such as AES, one-way encryption for password security, partial encryption for DB indexing, masking for credit cards, and more. MyDiamo’s engine-level encryption provides both a high level of security and performance. Drawing upon the technology and experience from Penta’ Security’s encryption solution D’Amo, MyDiamo has been developed as a software for open source databases, first supporting MySQL and then MariaDB. MyDiamo can be downloaded and installed from its website: www.mydiamo.com. The software is free for non-profit personal use. MyDiamo features include:

  • International standard encryption algorithms (AES, Triple DES, etc.)
  • Authority access controls
  • Column-level encryption privilege controls
  • Auditing functionality

Global cloud-based WAF: Cloudbric[edit]

Launched in November 2014, Cloudbric currently protects about 1,200 customers worldwide as a cloud-based WAF service. Cloudbric delivers the similar functionalities to WAPPLES, an appliance type WAF, providing web hacking protection, personal info leakage prevention, DDoS prevention and more. Cloudbric is easy to use, and the service charges based on the amount of traffic used, so start-ups and small/medium-sized business who may not have the budget for expensive web application firewall appliances can use WAF services without substantial enterprise-level costs. Also, people who are inexperienced in web security can install and apply the service by following the step-by-step instructions. Web administrators can monitor web security status intuitively with a graphic user interface that is available 24 hours a day, in order to respond to any threat in a timely manner.

Milestones[edit]

1997

  • Penta Security Systems was founded

1998

1999

2001

  • Penta Security introduced their ISign EAM solution[35]

2002

  • Penta Security established the PKI project with the South Korean government[36]

2004

  • D’Amo, Penta Security’s database security solution, was introduced[37]
  • Penta Security extended sales of D’Amo to Japan

2005

2006

2008

  • D’Amo for DB2 was introduced[39]

2009

  • The official Japanese subsidiary branch, Penta Security Systems K.K., was incorporated[40]

2010

2011

2012

  • Penta Security releases MyDiamo, an advanced encryption suite for open source database, MySQL.
  • Penta Security celebrated its 15th anniversary
  • WAPPLES was granted a Japanese patent for its algorithm-based, application-layer attack detection engine.[45]

2013

  • MyDiamo, engine–level encryption solutions, launched for MySQL and MariaDB
  • Real-time web application firewall inspection service WMP (WAPPLES Management Portal) start
  • Japan’s cloud-type web application firewall service WCSP (WAPPLES Cloud Service Platform) launch

2014

  • Korea’s first vehicle communication security technology acquisition (Full implementation of IEEE 1609.2 standard and apply the test best)
  • The official United States subsidiary, Penta Security Systems Corporation was incorporated.

2015

  • WAPPLES continues to lead in the Asia Pacific market for third consecutive year[46]
  • WAPPLES received ICSA Labs WAF Certification[20]

Marketing and corporate culture[edit]

Active marketing communication[edit]

Unlike other B2B companies, Penta Security conducts active marketing communication efforts. Penta Security hires college marketers and holds networking events for college students. The marketing communications focus on not only brand recognition but also popularization of careers in information security. Additionally, Penta Security regularly updates a security-education blog, so individuals who are not familiar with information security can gain meaningful insights for their own organizations.

Corporate culture[edit]

Penta Security emphasizes a horizontal organizational culture. Offering extracurricular clubs and programs for its employees, the company has been selected as one of the top “companies that people want to work for” from 2012 to 2013 in South Korea. Additionally, Penta Security practices social conscientiousness by holding an annual charity auction, and donating all the profit from the auction to “Ae Ran Won,” a single mothers’ shelter.

See also[edit]

References[edit]

  1. ^ Bloomberg Businessweek. "Penta Security Systems, Inc. Snapshot" Retrieved on 7 November 2011.
  2. ^ Bloomberg Businessweek. "Penta Security Systems Inc. Executive Profile: Seokwoo Lee" Retrieved on 7 November 2011
  3. ^ "Penta Security Systems, Inc." Retrieved on 7 November 2011
  4. ^ "Penta Security Systems, Inc." Retrieved on 07 November 2011
  5. ^ [1] Retrieved on 17 June 2014
  6. ^ TTA인증제품목록 "인증기업 및 제품 상세보기: D'Amo" Retrieved on 7 November 2011
  7. ^ TTA인증제품목록 "인증기업 및 제품 상세보기: WAPPLES" Retrieved on 7 November 2011
  8. ^ Korean Information Security Industry Portal "Penta Security, Web fire Wall WAPPLES received the GS certificate" Retrieved on 16 November 2011
  9. ^ Korea Intelligent Information System Society "학술논문상" Retrieved on 7 November 2011
  10. ^ etnews.com "신SW 상품대상 3월·4월 수상작 일반 및 임베디드 SW 부문" 30 April 2009, Retrieved 22 November 2011
  11. ^ JCN Newswire, "Penta Security’s Web Application Firewall, WAPPLES, Awarded PCI DSS Certification in Japan" Published 15 December 2009, Retrieved on 7 November 2011.
  12. ^ boannews.com "펜타시큐리티, 2009 신기술실용화 국무총리 표창 수상" by Jeongwon Kim, 7 November 2009, Retrieved 22 November 2011
  13. ^ etnews.com "대한민국 SW기업 경쟁력 대상 SW의 금메달리스트들, 세계 향해 날차기" by Insoon Kim, 24 February 2010, Retrieved 22 November 2011
  14. ^ (ISC)² "News for Immediate Release" by Kitty Chung, 15 July 2010, retrieved on 15 November 2011.
  15. ^ IPv6Ready.org "Details of Logo 01-000553" Retrieved on 23 November 2011.
  16. ^ OWASP The Open Web Application Security Project, "Membership", Retrieved on 17 November 2011
  17. ^ Digital Times "ERP DB암호화 펜타시큐리티시스템 디아모" 24 October 2011, Retrieved 22 November 2011
  18. ^ SAP "Partner Information Solution Details" 8 Aug 2011, Retrieved 5 December 2011
  19. ^ boannews.com "펜타시큐리티,'2014 올해의 웹방화벽'부문 수상 by 김태형, 2014년 6월 23일
  20. ^ a b "WAPPLES | ICSA Labs". www.icsalabs.com. Retrieved 2016-03-31. 
  21. ^ "Penta Security Systems, Inc.: WAPPLES" Retrieved on 7 November 2011.
  22. ^ OWASP The Open Web Application Security Project, "OWASP Top 10 for 2010" Last updated on 17 July 2011, retrieved on 15 November 2011.
  23. ^ OWASP The Open Web Application Security Project, "Web Application Firewall" Last modified on 8 November 2011, retrieved on 15 November 2011.
  24. ^ JCN Newswire, "Penta Security’s Web Application Firewall, WAPPLES, Awarded PCI DSS Certification in Japan" Published 15 December 2009, Retrieved on 7 November 2011.
  25. ^ IPv6Ready.org "Details of Logo 01-000553" Retrieved on 23 November 2011.
  26. ^ Asta Muse World Knowledge Agent [2] "ウェブアプリケーション攻撃の検知方法" Retrieved 22 February 2012
  27. ^ Quantiq International "Penta Security Launches WAPPLES V-Series, a virtual version of its market-leading Web Application Firewall for Cloud Computing" Published 31 October 2011, Retrieved 7 November 2011.
  28. ^ Y.P. Lee, Mock & Partners, Patents, Trademarks, Copyrights Since 1985. "Patent over index column encoding granted" Published 23 April 2007, Retrieved on 7 November 2011.
  29. ^ TTA인증제품목록 "인증기업 및 제품 상세보기: D’Amo " Retrieved on 15 November 2011.
  30. ^ "Penta Security Awards and Certifications" retrieved on 15 November 2011
  31. ^ D'Amo Patent [3] photograph taken 5 December 2011, Retrieved 6 December 2011
  32. ^ SAP "Partner Information Solution Details" 8 Aug 2011, Retrieved 5 December 2011
  33. ^ Boan News "펜타시큐리티, SAP DB보안 시장진출 본격 시동" by TaeHyeong Kim, 30 Aug 2011, Retrieved 5 December 2011
  34. ^ Korea Information Security Industry Portal "Penta Security Systems, Inc. Company Info" Retrieved on 15 November 2011.
  35. ^ Naver News "로그인 한번으로 수십개 전산시스템 접속..'싱글사이온' 선봬" by T.W. Kim, 23 May 2001, Retrieved 22 Nov 2011
  36. ^ Naver News "펜타시큐리티, 공무원 인증서 발급용 최상위 인증기관 (GPKI RootCA) 구축" by Hyeona Kim, 9 September 2002, Retrieved 22 November 2011
  37. ^ Naver News "펜타시큐리티시스템, DB 보안솔루션 출시" by Dongjun Jang, 29 March 2004, Retrieved 22 November 2011
  38. ^ Digital Daily "펜타시큐리티, SQL서버 DB정보 보안 솔루션 출시" by Yuji Lee, 30 October 2006, Retrieved 22 November 2011
  39. ^ Digital Times "펜타시큐리티, HW 일체형 DB보안 솔루션 출시" by Hongseok Lee, 9 June 2008, Retrieved 22 November 2011
  40. ^ Digital Times "펜타시큐리티, 일 지사 설립" by Jingyu Kang, 9 February 2009, Retrieved 22 November 2011
  41. ^ boannews.com "펜타시큐리티, 웹방화벽 ‘와플’ 4개 모델 CC인증 획득" by Jeongwon Kim, 21 June 2010, Retrieved 22 November 2011
  42. ^ Quantiq International "Penta Security Launches WAPPLES V-Series, a virtual version of its market-leading Web Application Firewall (web application security) for Cloud Computing" Published 31 October 2011, Retrieved 15 November 2011.
  43. ^ Digital Times "ERP DB암호화 펜타시큐리티시스템 디아모" 24 October 2011, Retrieved 22 November 2011
  44. ^ SAP "Partner Information Solution Details" 8 Aug 2011, Retrieved 5 December 2011
  45. ^ Asta Muse World Knowledge Agent [4] "ウェブアプリケーション攻撃の検知方法" Retrieved 22 February 2012
  46. ^ "Frost & Sullivan: Penta Security, Imperva, F5 Networks and NSFOCUS identified as champions in the Asia Pacific Web Application Firewall Frost IQ matrix". Frost & Sullivan. Retrieved 2016-03-31.