Daily Security met with Pago Networks (CEO Kwon Young-mok) and Ban Leong Ang director at RSAC 2024 to hear about Pago Networks’ differentiated technology and overseas business strategies.

Pago Networks currently has more than 400 customers from large, medium, and small businesses in various fields such as domestic energy, semiconductors, chemicals, food and beverage, retail, healthcare, and IT infrastructure suppliers.

In particular, most customers are introducing and utilizing the Pago premium MDR service "PAGO DeepACT" along with the introduction of EDR, NDR, and XDR products.Meanwhile, it established a corporation in Singapore on August 8, 2023, with confidence that the MDR platform business has a chance of winning overseas through overseas business feasibility studies from 2022, and has completed the establishment of a white labeling service partner system that can collaborate with five countries, including Singapore, Indonesia, Malaysia, the Philippines, and Vietnam.

Pago Networks is planning to expand its power around the Southeast Asian market by recently recruiting Ban Ryong, who has been engaged in global business activities for more than 20 years in the cyber security field.The following is an interview with Ban Ryong Director at the RSAC 2024 site.

■ How did you join Pago Networks?

"We believe that it is the best methodology for responding to customer security issues and the approach of Pago Networks to provide MR services."

As an MDR service company, Pago Networks plays a very positive role in the cybersecurity market. Whenever CEO Kwon Young-mok visited Singapore and other countries for the launch of the PAGO MDR ASEAN (Association of Southeast Asian Nations) business over about two years from the first half of 2021, just after COVID-19, we always met to share and discuss numerous opinions.

Excluding other IT experiences personally, I have been working in the cyber security sector for more than 20 years and have experienced numerous partner companies and customer companies. 

One of the ASEAN customers once said this. 

"Why are security incidents constantly happening at customers when security companies are growing and solutions are increasing?" 

I once thought this part very carefully and came to think that Pago Networks' approach to providing MDR services could be the best methodology to respond to customer issues together. 

It is also true that government agencies in ASEAN countries are also concerned about the cybersecurity systems faced by companies that do not have sufficient budgets, resources, products, or technologies.

The PAGO MDR strategy does not only detect and respond to malicious codes using products, but also tracks the fundamental penetration process of malicious codes or malicious behaviors and suggests additional security countermeasures. 

Of course, all threat investigation processes, and threat hunting processes are included.

Despite the recent introduction of AI-based security solutions by numerous customers, it is difficult to find examples of successful and good use of the product. 

However, PAGO MDR's expert-based capabilities combine to help the AI-based security solutions introduced by customers work perfectly, and they see this part working quite positively in the market.

After understanding the PAGO MDR service's approach for about two years, they joined to help pioneer the ASEAN market together and solve practical security issues for customers.

■ How are you settling your PAGO MDR business in the ASEAN market?

"Expand the establishment of a suitable partner for each ASEAN country"

There are several countries with different cultures in the ASEAN market, and each country has a distinctly different market approach and different ways of forming business relationships. 

I have been pioneering the ASEAN cybersecurity market from the perspective of various global vendor companies over the past 20 years, but I think it is a market that is difficult to access globally. 

In this situation, there was a part that needed to be recognized first to pioneer the ASEAN market.

It had to be pointed out that △ PAGO Networks is not a product reseller, but a service company. As a service company, expanding a new business to ASEAN is markedly different from the concept of general product export.

△No one in the ASEAN market was aware of the existence of PAGO Networks.

It was also important to keep in mind that the size of the △ PAGO Networks company was not a global business company from the beginning, but a small company.

Despite being such a small and unknown company, I had to think about what to start with without any relationships with various customers in ASEAN countries and without corporate branding or service branding.

Accordingly, PAGO Networks' top mission was to establish a suitable partner for each ASEAN country. 

Fortunately, I was able to meet a partner who was accurately aware of the understanding and necessity of MDR services. We have entered a very strategic partnership and are working closely with partners who have moved away from the existing sales method of providing only product reselling and maintenance and have embraced a change to providing clear and high-quality MDR services.

■ What are the differentiating points of PAGO MDR services?

 "Differentiate PAGO MDR, AI Brain + Human Expert Brain at the same time"

 The MDR market is already causing a lot of confusion to customers. If you look around, all cybersecurity vendors provide MDR services. 

It is a phenomenon similar to when concepts such as UTM, next-generation firewall, and XDR came out in the past. As such, it seems that it is a service that anyone can provide, but it is never easy to provide satisfactory services, and it is not easy to receive recognition from customers for proper services.

In RSAC 2024, many security companies promoted that they would provide MDR together, and it was confirmed that there were many independent MDR vendor booths.

 Compared to several global security companies, PAGO MDR presents a strategy to simultaneously provide "AI Brain + Human Expert Brain" as a clear market position. 

Although many MDR vendors have adopted a method of providing services while using existing security solutions, PAGO MDR is the beginning of a differentiation point by providing services such as threat analysis, validation, threat hunting, TI extraction/sharing, and threat communities by expert groups while providing optimal AI-based security solutions, EDR, NDR, and XDR.

■ What is the direction PAGO MDR will change in the future?

"Transforming process-based service execution perspective to 'integrated MDR platform perspective'"

PAGO MDR has been presenting intelligent threat detection and response methodologies for the past seven years, and has consistently established a joint threat response collaboration process with customers.

However, it is also true that various threat response processes and MDR security modules, including how to communicate with customers, have been added as distributed unit modules rather than a single integrated MDR platform, and provide services semi-manual and semi-automatic. 

In addition, services are often expressed as intangible assets, and it is not easy to present clear service standards and activities, which is what PAGO MDR is currently solving.

Accordingly, starting in the second half of 2023, PAGO MDR service's Intellectual Property (IP) is being discussed and integrated into a single MDR platform.

The goal of the PAGO MDR platform is to "transform a process-based service execution perspective into an integrated MDR platform perspective" to make it easier and more proactive for customers to identify the value of PAGO MDR services and jointly respond to advanced threats.

For example, let's look at subscribing to a global TI service. This can be interpreted as the same content as subscribing to all magazines/newspapers in the past. 

In other words, you can refer to external TIs, but you have to think about the perspective of whether you can directly create and respond to the threats currently occurring in our company. 

If you compare these magazines/newspapers to Global Threat View, the PAGO MDR platform will focus more on Customer Local Threat View, while providing real-time PAGO MDR Community Threat View to all PAGO customers and providing visibility and collaboration processes for real threat detection response activities.

 ■ Is there any additional purpose of use of the 'PAGO MDR Platform' you are currently preparing?

 "All ASEAN partners serve as partners for PAGO MDR white labelling services"

I think the value of MDR service depends on "how to express the results of the service well to the customer." In other words, the PAGO MDR platform will clearly express all service activities and threat detection and response processes provided by the Fargo Threat Analysis Team, and act as a core module of the actual SOC-Security Operation Center.

Another purpose of using the PAGO MDR platform is to provide a platform for another MDR service provider with a close partnership to provide proper service to customers. In other words, by simultaneously providing the MDR platform along with the service methodology owned by Fargo Networks, we intend to establish a PAGO MDR white labelling service partner system. All ASEAN partners are already starting as PAGO MDR white labelling service partners and will be used as a platform to provide them with the same level of service.

 ■ Are there any expectations for how much PAGO MDR will grow and move forward in the ASEAN market?

"ASEAN Market Confidently Grows More Than 3X the Size of PAGO's Korean Business in 3 Years"

ASEAN countries are rapidly stabilizing in terms of economic growth.

Not only Singapore and Malaysia, but also Indonesia, the Philippines, and Vietnam are making positive changes to a level that can be easily felt. 

It should be recognized in the same context that in April 2024, global company Microsoft announced that it would invest heavily in cloud and AI for major ASEAN countries such as Indonesia, Malaysia, Thailand, and Vietnam. 

In addition, we are directly experiencing a significant change in the perception of MDR services as well as overall cyber security.

In response, he participated in PAGO SKO (Sales Kick-Off) in January 2024, and announced to all executives and employees, "If PAGO Networks properly executes the strategy it has established for ASEAN business, I am confident that it will grow much larger than Fargo's current Korean business scale."

In terms of numbers, I am sure that the PAGO MDR ASEAN business will grow three times larger than the Korean business within three years.

 ■ RSAC 2024 also has a lot of MDR vendor booths, what did you look at?

"Rather than focusing on the security solution technology itself, I was able to experience a change of perception of how well I should use it."

The presence of many MDR vendor booths at global security conferences over the past two to three years is considered to be one of the pillars of a major change in the cybersecurity service sector. 

Rather than focusing on the security solution technology itself, it was a site where you could experience a change in perception of how better to use it. Leading MDR Vendors are including Expel, eSentire, Kroll, Red Canary, ReliaQuest, CriticalStart, ArticWolf.

 However, the common understanding is that it operates the platform like NG-SIEM, and focuses on what the actual threat events were among the numerous events collected, and how quickly the detection response activities are performed. In other words, the common part was "to collect all events arising from existing customer-introduced solutions without changing all IT/security solutions currently in use, and then provide threat detection response activities.

" In particular, it focuses a lot on Mean-Time-To-Detect (MTTD) and Mean-Time-To-Response (MTTR), which verifies the actual threat effectiveness for events that have occurred based on various solutions, and then feels more focused on case closing for each alarm event.

One thing to point out here is that "the question should be raised as to whether the customer's existing security solution system is optimized for detecting and responding to advanced intelligent threats.

" In other words, it is important to think that expanding the scope of solutions that are unconditionally linked, collecting events from all solutions into one place, and performing detection response activities based on them may not show proper results.

The PAGO MDR service maintains the view that if necessary for the customer environment, endpoints, networks, and other sectors should also provide optimized and intelligent AI-based security solutions, as well as a threat detection response process. 

In other words, we are approaching the MDR market in terms of why EDR, NDR, and XDR have been dealt with in the market for so long in recent years.

■ Compared to global MDR vendors, what do you think is the differentiating point of PAGO MDR services?

"Drawing more threat insights from detected and responded threats...Share it with customers to help them develop additional security response strategies"

It is also important to close the alarm event case that occurred in the security solution, but the biggest feature of PAGO MDR is to provide "how this threat reached the customer infrastructure, what was the purpose of the threat, and what would have happened if it failed to prevent it.

" This part is referred to as Threat Insights. In other words, it aims to derive more insights from detected and responded threats and share them with customers to help them establish additional security response strategies.

 In addition, even if there is no threat in the security solution, the role of applying an active threat hunting process to proactively cut off the possibility of potential security incidents is also a very important differentiating point.

 ■ If MDR services are expanding globally, we expect large existing MSSP or security SI companies to also expand directly into the MDR market, so what is PAGO MDR's response strategy?

"Recognize existing large MSSP or security SI companies as partners who can work together without seeing them as competitors"

It's an interesting question. 

In this regard, I had the opportunity to hold several PAGO MDR introduction sessions for large MSSPs and large security SI companies that already provide MDR services in the ASEAN market. 

Remarkably, common feedback is "PAGO MDR service methodology is directly implementing what we have so far failed to address. Let's find a way to collaborate."

In other words, PAGO MDR has been trying to differentiate from the beginning, and has been trying to establish a service process that is essential but difficult to implement due to various circumstances. 

Therefore, recognizing existing large MSSP or security SI companies as partners that can cooperate with each other and approaching the market is another response strategy. Practical collaboration cases are already emerging in the ASEAN market with large MSSP partners, and more positive collaboration models are expected to be created.

 ■ How does PAGO MDR service secure expert manpower such as threat analysts in each country in order to expand in the ASEAN region?

"Automate Threat Detection and Response Processes…"Enhance MDR Service Partner Training Program"

First, PAGO MDR has invested heavily in automating internal threat detection and response processes over the past seven years. In other words, not all tasks depend solely on threat analysts. 

This is evidenced by the fact that the PAGO MDR service is well maintained despite the fact that the number of Pago Networks threat analysts is significantly smaller compared to the actual increase in the number of customers. 

In particular, scalability is very important in the service business, so there must be a way to respond flexibly even if the number of customers suddenly increases or the number of threats to deal with increases. This is the fundamental reason why PAGO MDR is investing in internal process automation to cope with this.

 Second, we have established a PAGO MDR white labeling service partner system for each ASEAN country, and from the second half of 2023, we are providing MDR service partner training programs, not just product technology training. It is an educational program that contains all the experience of the past 7 years, and it is being implemented step by step for ASEAN partners.

Third, since I already experienced that there will be more demand for MDR services from customers in ASEAN countries, I decided to establish the PAGO ASEAN SOC/MDR Center directly to provide smooth support and fast service support system using English. 

The location has been decided to be in the Philippines, where all personnel will also be hired in the Philippines and will play a pivotal role in the ASEAN PAGO MDR business.

★Information Security Representative Media Daily Security / Daily Secu, Korea's leading security media!★