Skip to main content

Product Introduction

What is SHIELD Gate?

SHIELD Gate isZero Trust-Based Integrated Security GatewayIt is. It fundamentally blocks security threats that occur when accessing external websites and SaaS services, preventing data leaks and malware infections.

Core Concepts

Integrated Security Gateway

  • Integrated provision of web isolation, access control, file security, and remote access on a single platform.
  • Each function is not independent but is organically linked.
  • Forming a Consistent Security Framework with a Single Policy Engine

Zero Trust Architecture

  • "Do not trust absolutely, always verify."
  • Validate all access attempts and grant the minimum necessary permissions.
  • Dynamic permission control based on user, location, time, and device conditions

agentless solution

  • No separate program installation required
  • Use all features with just a web browser
  • Minimizing management and deployment burden

Why is the SHIELD Gate necessary?

Changing Work Environment

Distributed Workforce

  • Working in various locations such as office, home, cafe, and abroad.
  • Increase in Access to Work Systems via Personal Devices (BYOD)
  • Increase in external access from partners and vendors

Scattered Data

  • Data no longer exists only on the company server.
  • Moving to cloud SaaS such as Microsoft 365, Google Workspace
  • Increase in the use of public cloud (AWS, Azure)

New Threats

  • Advanced threats such as zero-day attacks and ransomware
  • Phishing, Targeted Attacks through Spear Phishing
  • Concerns about sensitive information leakage when using generative AI

Limitations of Existing Security Methods

Problems with VPN

1. Overall Network Trust

VPN 연결 → 내부망 전체 접근 가능
└─ 문제: 측면 이동(Lateral Movement) 공격 위험
  • After connecting to the VPN, users are to be trusted unconditionally.
  • Devices infected with malware can access the internal network.
  • If one system is breached, it spreads throughout the entire internal network.

2. Installation and Management Burden

  • Installation of VPN client required on all devices
  • Version control, update distribution burden
  • Frequent user configuration errors

3. Performance and Scalability Limits

  • Performance Degradation Due to Encryption
  • Concurrent User Limit
  • Additional capacity expansion costs incurred

Limitations of Web Filtering/Firewalls

1. Block only known threats

블랙리스트 방식 → 알려진 악성 사이트만 차단
└─ 문제: 제로데이 공격, 새로운 위협 대응 불가

2. Inconvenience Due to False Alarms

  • Normal sites are also blocked as false positives.
  • Decreased Work Productivity
  • Increase in Exception Handling Requests

3. Policy Management Complexity

  • Managing a list of tens of thousands of URLs
  • Policy Conflicts and Omissions
  • Need for Continuous Updates

Limitations of VDI

1. High construction costs

  • Server Infrastructure Setup Costs
  • License Cost
  • Maintenance Costs

2. Performance Constraints

  • Graphic Work Limitations
  • Difficulty in usage during network latency
  • Degradation of User Experience

3. Management Complexity

  • Virtual Desktop Image Management
  • Resource Allocation and Optimization
  • Need for specialized personnel

Differentiating Features of SHIELD Gate

1. Complete Web Isolation (RBI)

SHIELD Gate: Use After Isolation

사이트 접속 → 격리 서버에서 실행 → 안전한 화면만 전송
└─ 효과: 모든 위협을 원천 차단

Operating Principle

  • Run all web content (HTML, JavaScript, images, etc.) on an isolated server.
  • Only the rendered screen stream is transmitted to the user's PC.
  • Malware, scripts do not reach the user's PC

Technical Features

  • Full support for the latest web standards with the use of the Chromium engine
  • Same user experience as existing browsers with low latency.
  • Supports all advanced web features including JavaScript, WebGL, and Webjet protocols.
  • WebJet™ Protocol: High-quality screen streaming developed by SOFTCAMP using standard HTTPS without a relay server (no separate firewall configuration required)

2. URL-based Policy Control

SHIELD Gate: URL Level Control

https://company.sharepoint.com → 허용
https://personal-account.onedrive.com → 차단
└─ 효과: 회사 테넌트만 선택적 허용

Application Example

URL PatternPolicyDescription
company.sharepoint.comAllow all featuresCompany SharePoint
*.onedrive.comDownload BlockedBlocking OneDrive Personal Account
web.whatsapp.comComplete IsolationWhatsApp Web Usage Restrictions
chatgpt.comKeyboard Input CheckSafe Use of AI Services

3. Conditional Dynamic Access Control Based on Zerotrust

SHIELD Gate: Conditional Dynamic Permissions

사무실(사내 IP) + 평일 근무시간 → 전체 권한
재택(사외 IP) + 평일 근무시간 → 제한 권한 + MFA
카페(공용 WiFi) → 조회만 가능 + 다운로드 차단
└─ 효과: 상황에 맞는 최소 권한 적용

Combination of 5 Conditions

conditionexample
User(Who)Employee, Partner, Administrator
WhereIn-house, Remote, Overseas
Time (When)Working hours, night, weekend
Device (What)Company PC, Personal PC, Mobile
Target (Which)General Systems, Sensitive Data

Key Application Areas

VPN Alternatives

Target Application: Organizations with many remote workers

  • No separate client installation required
  • Resolving security issues that unconditionally trust users after VPN connection
  • Fast access speed

Enhancing SaaS Security

Target Application: Organizations using Microsoft 365, Google Workspace

  • Fine-grained control at the URL level
  • Blocking Personal Account
  • Automatic File Download Sanitization

Access Management for Partner Companies

Target Application: An organization with a lot of collaboration with external partners

  • Secure Access from Unmanaged PCs
  • Automatic Permission Management Based on Project Duration
  • Tracking All Work History

Safe Use of Generative AI

Target Application: Organizations that need to use AI tools like ChatGPT

  • Allow access to AI services + Apply isolation
  • Automatic Blocking of Sensitive Information Input
  • Balancing Work Efficiency and Security

Compliance Response

Target Application: Personal Information Protection Act, Organizations Required to Comply with Industry-Specific Regulations

  • Detailed Record of All Access History
  • Sensitive Information Access Tracking
  • Automatic Generation of Audit Materials

Authentication and Trustworthiness

GS Certification

  • Software Quality and Stability Verification Completed
  • Nationally Certified Quality Certification

Security Function Verification Certificate

  • Acquisition of Nationally Certified Security Function Certification
  • Verification of Security Requirements

Copyright Registration

  • Program Copyright Ownership
  • Possession of Independent Technology Competence