Busan Metropolitan City Fortifies Smart City Vision with Genians EDR

Background: Securing a Green Smart City Vision

Busan Metropolitan City is aggressively pursuing digital transformation to realize its “Green Smart City” vision. This includes fostering Asia’s top startup ecosystem and developing the Eco Delta City as a model for future urban living. Recognizing that digital innovation begins with robust security, Busan actively invests in advanced cybersecurity, continuously enhancing its defenses against evolving threats.

Team Leader, Ju-hwan Kim of Busan Metropolitan City’s Cybersecurity Team emphasizes: “The recent cyber threat landscape allows not only highly trained professional organizations but also individuals without specialized expertise to easily participate in hacking, utilizing ransomware-as-a-service or phishing services. Cyberattacks incur significant time and cost for recovery. Especially for public services, a single strike can cause immense public inconvenience and severe damage, necessitating thorough security preparedness.”

Proactive Defense for Critical Public Services

Busan’s core security principle is to prevent compromises before they occur, and to minimize damage by immediately blocking malicious sites and restoring services if an attack happens. While direct hacking via the internet is relatively low due to existing perimeter defenses, sophisticated threats like social engineering-based phishing emails and malware infections remain a significant concern. Such threats can turn an employee’s work PC into an internal attacker if a malicious email is opened on the work network. To protect these critical work PCs and prevent internal threat proliferation, the city recognized the imperative to adopt an Endpoint Detection & Response (EDR) solution.

Solution: Genian EDR – The Strategic Choice for Advanced Endpoint Protection

Busan Metropolitan City initiated its EDR evaluation in 2021, driven by the need to protect its work network from evolving threats. Key evaluation criteria included:

• Detecting Advanced Threats: The ability to detect sophisticated threats missed by existing antivirus solutions.
• No Functional Overlap: Avoiding redundant features to optimize PC resources, productivity, and budget.
• Accuracy: Precise detection of real threats without excessive false positives, to avoid overwhelming security analysts.
• SIEM Integration: Seamless integration with their Security Operations Center (SOC) and SIEM for comprehensive security visibility.
• Stability: Ensuring stable operation without excessive PC resource consumption, conflicts, or failures, crucial for critical work PCs.
• Market Share & References: Preference for solutions with proven success in diverse environments, minimizing operational risks.

Ju-hwan stated: “A security solution to counter advanced cyber threats must accurately detect and automatically respond to intelligent ransomware and persistent attacks that bypass existing defenses. It must also seamlessly integrate with the operating SOC system to visualize and control overall threats, and most importantly, it must not disrupt work.”

Why Genian EDR Stood Out: Unmatched Integration, Performance, and Trust

Genian EDR emerged as the preferred solution after comprehensive benchmarking. Its functionality was comparable to, or even surpassed, global competitors, offering more features than initially expected. The decision was further solidified by:

• Long-Standing Trust: Busan Metropolitan City has been a Genian NAC customer since 2009, establishing over a decade of trust in Genians’ solutions.
• Single-Agent Deployment & Operational Ease: Genian EDR, as the first EDR solution launched in Korea and a market leader, offered a unique advantage: it deploys as a plugin to the existing Genian NAC agent. This meant one lightweight agent provides comprehensive NAC and EDR capabilities, ensuring system stability and performance across thousands of endpoints (installed on approximately 4,500 PCs in the main office and business sites). This significantly minimized operational overhead and agent deployment efforts.
• Superior Threat Detection & Autonomous Response: Genian EDR uses multi-layered detection engines (including behavior-based analytics) to detect and respond to ransomware and APTs at all stages (infiltration, activity, proliferation). It supports incident response (IR), threat hunting, compliance, and SIEM integration.
• Customization & Support: Genians’ commitment to ongoing customization and development based on the city’s operational requirements fostered immense confidence.

The city primarily uses EDR for:

• Real-time Monitoring: Actively observing malicious activities via logs and customizable dashboard widgets for maximum endpoint visibility.
• Investigation & Analysis: Cross-referencing EDR events with other security products (firewalls, IPS) for deeper threat analysis, leveraging MITRE ATT&CK information for fileless threats, and enabling immediate responses (process termination, memory dumps).
• Malware Assessment: Group-wide checks for malware infection, assessing potential spread using user, department, and location information.

Summary: Proactive Defense, Enhanced Trust, and a Secure Smart City Future

Busan Metropolitan City has significantly enhanced its cybersecurity posture. With Genian NAC successfully deployed since 2009 and Genian EDR added in 2021, the city has leveraged Genians’ integrated security solutions for over 12 years of continuous partnership, establishing a robust, proactive defense framework.

Real-World Impact and Future Vision

Since EDR deployment, the city has successfully identified and blocked anomalous activities missed by antivirus solutions. Ju-hwan noted: “After EDR adoption, we found abnormal activities missed by antivirus, confirming and blocking actual threats. We are satisfied that EDR allows us to quickly recognize and respond to threats before they cause damage.” The solution has operated without disruption to work or SOC systems, demonstrating high performance.

Busan is now actively considering leveraging Genian EDR’s behavior-based detection and blocking technology for all diverse IoT devices within its Smart City initiatives, including the Eco Delta City project. This aims to strengthen the Smart City’s cyber immunity against zero-day attacks and ensure the safety of public services that directly impact citizens’ lives. Genians’ long-term partnership and proven ability to provide comprehensive, integrated, and stable security solutions make it a trusted partner for Busan’s digital future.