"The use of AI is rapidly evolving beyond threat detection and response and toward analysis. Strengthening AI-based analysis capabilities will create a virtuous cycle that lifts detection and response levels again."

Jeong Il-ok (정일옥), head of AI development at security operations and analytics platform company Igloo Corporation, summarised the technical changes AI is bringing to the security sector this way in an interview with a reporter. He said the environment is ripening for companies to advance their security capabilities with AI.

"Analysing logs and the like is sophisticated work, and AI is being used a lot recently," he said. "In the past, systems could not support it, so AI was used only for fragmentary analysis. Now there are areas of analysis that AI does well. If you analyse well, you can also boost the ability to respond to threats that you could not properly respond to because you could not properly detect them," he added.

Igloo Corporation has strengthened investment in AI-based security technology and operations since more than 10 years ago. It has also secured many patents, and last year expanded and reorganised by integrating its AI solutions and data science teams into an AI research lab led by Jeong.

According to Jeong, AI-based security is rapidly evolving as OpenAI, Anthropic and others release large language model (LLM) AI. He said that until LLMs became mainstream, the industry had to rely only on existing machine learning and deep learning technologies, which limited the ability to build AI that surpasses humans, but as LLMs improve, security AI capabilities are also gradually strengthening.

"We also develop our own models, but there are limits with that alone," Jeong said. "In certain areas, you can improve effectiveness through fine-tuning by incorporating your own data into an LLM. With a hybrid-based approach that uses LLMs alongside our own models, and by using AI as needed, we were able to overcome past limitations." He said companies need to combine LLMs, internally developed small language models and existing machine-learning models depending on job characteristics to cover a wider range of security tasks.

Igloo Corporation has judged that the timing has come when security is worth trying with AI, and it is moving into a more aggressive mode this year. The direction is an autonomous security operations centre (Autonomous SOC). An autonomous SOC focuses on automating security operations with AI, like a self-driving car that drives itself without human intervention. The company said it cannot do this immediately, but it is moving with this as the ultimate direction.

"Broadly, an autonomous SOC has 5 stages, and we are in the process of moving from stage 3, where certain tasks are partially automated using assistants, to stage 4, where partial autonomy is implemented," Jeong said. "AI takes on simple tasks or areas that AI sees accurately. We have set stage 4 as a realistic initial goal and are advancing development."

An autonomous SOC has limits with technology alone. To work in the real world, it must provide an environment in which each company can reflect its own situation.

With that in mind, Igloo Corporation has developed a platform that lets companies develop security AI agents suited to their own situations, rather than providing AI agents directly to companies, and will introduce it soon. It aims to provide an AI-agent-like experience by connecting with systems such as SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response).

According to the company, the Igloo Corporation AI agent platform will also make possible scenarios in which corporate users arrive at work and AI presents analysis results of intrusion incidents from the previous day and proposes response measures tailored to the company.

"The level and method of AI agents each customer needs are different," Jeong said. "An autonomous SOC has limits if it only provides AI models or systems, and a proper transition will be possible only if it can be applied to each situation." He added, "Through the AI agent platform, we will support companies so they can add internal and external information to individual users' knowledge and respond effectively to threats."

Platforms that let companies develop customised AI agents are an area already provided by leading tech companies at home and abroad. But Jeong said security needs a specialised platform suited to security.

"Even when robotic process automation (RPA) spread, SOAR emerged in the security sector," he said. "It is difficult to cover the entire security process with a general-purpose platform. You also need to build assistant tools, support natural-language search in SIEM, and automatically create various rules and SOAR playbooks," he added, making clear that a specialised platform is the solution.

Igloo Corporation will provide its security-specialised AI agent platform on an on-premises basis, in addition to cloud. It expects this to be a differentiator against overseas platforms focused on the cloud in the South Korean market, where on-premises demand is relatively high.

Jeong said the key point regarding AI is that it must cover the entire security process, not just certain unit tasks. "In the past, we built separate agents supporting detection, analysis and response, but now we also provide hybrid agents that combine them," he said. "It should not be individually fragmented, but should be connectable with each other to raise completeness," he added.