The Rise of Active Cyber Defense

In an era defined by increasingly sophisticated and relentless cyber threats, traditional security measures are often outpaced. Firewalls, intrusion detection systems (IPS), and even endpoint detection and response (EDR) solutions frequently struggle to keep pace with attackers who can bypass these defenses. Sands Lab is pioneering a new approach: active deception.

Sands Lab Spearheads AI-Driven Deception Technology

Sands Lab,a leading information security firm,has secured a significant project under the ministry of Science and ICT and IITP’s ‘Information Security Human Nuclear Technology Advancement Project’. The core objective? To develop ‘Hyper Automation Deception Technology for Active Hunting’.This initiative aims to leverage artificial intelligence (AI) to proactively identify and neutralize advanced cyber threats.

How Active Deception Works

Unlike reactive security measures that analyze traces of an attack after a breach, active deception lures attackers into a fabricated habitat that mimics a real system.This “bait” system allows security teams to observe and analyze the attacker’s methods in real-time, enabling early detection and response. This approach marks a paradigm shift from post-incident analysis to preemptive threat management.

This task is expected to increase the utilization of analysis information of its cyber threat intelligence (CTI) service ‘CTX’. We will contribute to protecting the cyber assets of public institutions and private companies by developing the initial technology into the world’s best core technology.

Kim Ki-hong, CEO of Sands Lab

Collaboration and Development Goals

Sands Lab is collaborating with Unissoft, Monitor Lab, Korea University, and other consortium members to achieve aspiring development goals:

• Developing AI-driven automated generation of virtual terminals and network environments.
• Creating hyper-automation deception technology for proactive threat hunting.
• Developing real-time detection of attacker activity and attack pattern analysis technology.

Mitigating Economic Losses and Large-Scale Attacks

The commercialization of this technology promises to significantly reduce the economic impact of cyber attacks.Data breaches, system failures, and legal disputes resulting from hacking incidents can cost organizations millions, even billions. For example, the average cost of a data breach in 2024 reached $4.45 million,according to IBM’s Cost of a Data Breach Report. Active deception offers a proactive defense against such losses.

Furthermore, this technology is notably relevant in addressing large-scale attacks that can disrupt critical infrastructure and services, as seen with recent telecommunications hacking incidents.The ability to detect and respond early to such attacks is crucial for maintaining societal stability and economic continuity.

Investment and Future Plans

The project is backed by a considerable government investment of approximately 7 billion won over four years. Sands Lab intends to collaborate with carriers, incident response agencies, and Internet data centers (IDCs) to accelerate the demonstration and commercialization of this groundbreaking technology. This collaborative approach will ensure that the technology is rapidly deployed and effectively utilized across various sectors.