Product Introduction
What is SHIELD Gate?
SHIELD Gate isZero Trust Based Integrated Security GatewayIt is. It fundamentally blocks security threats that occur when accessing external web and SaaS services, preventing data leakage and malware infection.
Core Concepts
Integrated Security Gateway
- Web isolation, access control, file security, and remote access integrated into a single platform.
- Each function is not independent but is organically linked.
- Forming a Consistent Security Framework with a Single Policy Engine
Zero Trust Architecture
- "Never trust absolutely, always verify"
- Verify all access attempts and grant only the minimum necessary permissions.
- Dynamic permission control based on user, location, time, and device conditions
agentless solution
- No separate program installation required
- Use all features with just a web browser
- Minimize management and deployment burden
Why is the SHIELD Gate necessary?
Changing Work Environment
Distributed Workforce
- Work from various locations such as office, home, cafe, and abroad.
- Increase in access to work systems through personal devices (BYOD)
- Increase in external access from partners and subcontractors
Scattered Data
- Data no longer exists only on the company server.
- Moving to cloud SaaS such as Microsoft 365, Google Workspace
- Increase in the use of public cloud (AWS, Azure)
New Threats
- Zero-day attacks, ransomware, and other advanced threats
- Phishing, targeted attacks through spear phishing
- Concerns about sensitive information leakage when using generative AI
Limitations of Existing Security Methods
Problems with VPN
1. Overall Network Trust
VPN connection → Full access to the internal network
└─ Issue: Lateral Movement Attack Risk
- After connecting to the VPN, users are always trusted.
- Devices infected with malware can access the internal network.
- If one system is breached, it spreads throughout the entire internal network.
2. Installation and Management Burden
- Installation of VPN client is required on all devices
- Version control, update distribution burden
- Frequent user configuration errors
3. Performance and Scalability Limitations
- Speed reduction due to encryption
- Concurrent User Limit
- Additional capacity expansion costs incurred
Limitations of Web Filtering/Firewall
1. Block only known threats
Blacklist method → Only blocks known malicious sites.
└─ Issue: Zero-Day Attack, Unable to Respond to New Threats
2. Inconvenience Due to False Positives
- False positives block normal sites
- Decreased Work Productivity
- Increase in exception handling requests
3. Policy Management Complexity
- Managing tens of thousands of URL lists
- Policy conflicts and omissions occur
- Continuous updates needed
Limitations of VDI
1. High construction cost
- Server Infrastructure Construction Cost
- License Cost
- Maintenance Cost
2. Performance Constraints
- Graphic Work Limitations
- Difficulty in use during network latency
- Degradation of User Experience
3. Management Complexity
- Virtual Desktop Image Management
- Resource Allocation and Optimization
- Need for specialized personnel
Differentiating Features of SHIELD Gate
1. Complete Web Isolation (RBI)
SHIELD Gate: Use After Isolation
Access the site → Execute on the isolated server → Transmit only the secure screen
└─ Effect: Block all threats at the source
Operating Principle
- Run all web content (HTML, JavaScript, images, etc.) on an isolated server.
- Only the rendered screen stream is sent to the user's PC.
- Malware, scripts do not reach the user's PC
Technical Features
- Perfect support for the latest web standards using the Chromium engine
- Same user experience as existing browsers with low latency
- Supports all advanced web features including JavaScript, WebGL, and Webjet protocols.
- WebJet™ Protocol: High-quality screen streaming developed by SOFTCAMP using standard HTTPS without a relay server (no separate firewall configuration required)
2. URL Unit Policy Control
SHIELD Gate: URL Unit Control
https://company.sharepoint.com→ Allow
https://personal-account.onedrive.com→ Block
└─ Effect: Selective Allowance for Company Tenant Only
Application Example
| URL pattern | Policy | Explanation |
|---|---|---|
company.sharepoint.com | Allow all features | Company SharePoint |
*.onedrive.com | Download Blocked | Blocking OneDrive Personal Account |
web.whatsapp.com | Complete Isolation | WhatsApp Web Usage Restrictions |
chatgpt.com | Keyboard Input Check | Safe Use of AI Services |
3. Zerotrust-based Conditional Dynamic Access Control
SHIELD Gate: Conditional Dynamic Permissions
Office (In-house IP) + Weekday Working Hours → Full Permissions
Remote Work (External IP) + Weekday Working Hours → Restricted Access + MFA
Cafe (Public WiFi) → View only + Download blocked
└─ Effect: Apply minimum permissions according to the situation
Combination of 5 Conditions
| condition | example |
|---|---|
| User(Who) | Employee, Partner, Administrator |
| Where | In-house, Remote, Overseas |
| Time(When) | Working hours, night, weekend |
| Device(What) | Company PC, Personal PC, Mobile |
| Target (Which) | General System, Sensitive Data |
Major Application Areas
VPN Alternative
Target Application: Organizations with many remote workers
- No separate client installation required
- After connecting to the VPN, resolve the security issue of unconditionally trusting the user.
- Fast access speed
SaaS Security Enhancement
Target Application: Microsoft 365, Google Workspace using organizations
- Fine-grained control at the URL level
- Blocking Personal Account
- Automatic File Download Neutralization
Access Management for Partner Companies
Target Application: An organization with a lot of collaboration with external partners
- Safe Access from Unmanaged PCs
- Automatic Permission Management Based on Project Duration
- Tracking All Work History
Safe Use of Generative AI
Target Application: Organizations that need to use AI tools like ChatGPT
- Allow access to AI services + Apply isolation
- Automatic Blocking of Sensitive Information Input
- Work Efficiency and Security Coexistence
Compliance Response
Target Application: Personal Information Protection Act, Organizations Required to Comply with Industry-Specific Regulations
- Detailed Record of All Access History
- Sensitive Information Access Tracking
- Automatic Generation of Audit Materials
Authentication and Reliability
GS Certification
- Software Quality and Reliability Verification Completed
- Nationally Certified Quality Certification
Security Function Verification Certificate
- Acquisition of Nationally Certified Security Function Certification
- Verification of Security Requirements
Copyright Registration
- Program Copyright Holder
- Possession of independent technological capabilities