Automating cloud security control for Korea Credit Data

Founded in 2016, Korea Credit Data (KCD) is a business data portal for small and medium businesses (SMBs) in Korea. Since launching CashNote, a total business management service, KCD has secured more than 1.3 million businesses as customers. In 2022, KCD was valued at US$1 billion, attaining the status of unicorn (reaching a valuation of US$1 billion without being publicly listed on the stock market). This was no mean feat, given that this was achieved within seven years of inception.

Despite being a startup, KCD has grown to become one of the largest payment data-processing companies in Korea, and aims to “build a data and business ecosystem that small businesses can trust,” shares Peter Hae-seong Jeon, CISO at KCD.

Though small in size, KCD receives 500 GB to 1 TB of sales data daily from more than 1.3 million businesses. That is more than the sales data of Korea’s three largest credit card companies combined.

The reason for this high data throughput is its business management service, CashNote. CashNote is a superapp for Korean SMBs. It started as a bookkeeping application for SMBs, which has been well received in the market because it takes over complex sales and tax calculations and business management for SMBs that do not have sufficient manpower and expertise. Nowadays, it has evolved into a superapp that provides not only ledgers but also all services for small business owners, including finance, food and consumable material markets, and communities. As services evolved, the amount and types of data processed increased and the services have diversified. The importance of data security has grown as such for KCD.

The success of KCD hinges on whether SMBs are able to entrust their sales data to KCD or not. “With an increase in cybersecurity incidents globally, our customers are no doubt concerned, and want to ensure that CashNote prioritizes cybersecurity,” elaborates Peter, who leads KCD’s data security team. “The data from SMBs is integral to our business and growth. As such, we feel a strong sense of responsibility when it comes to data security.” As a private, fast-growing company, they needed to be nimble and have a security partner to help secure at the speed of their rapid rate of growth.

Compounding this challenge is the lean security team of eight, who were finding it difficult to keep up with the amount of data being handled, the number of alerts, and safeguarding against unauthorized access to customer data and proprietary information. Peter shares, “We had a solution in place, but it worked only for simple alerts, and it was extremely time-consuming and resource-intensive to manually enter threat information. Additionally, there was no way for us to make sense of the threat information intelligently.”

“As our business expands, we need a solution that could help our lean security team to better manage our overall security posture, which spans across the virtualized and cloud environments,” shares Peter.

KCD was on the lookout for a solution that could meet the following requirements:

• Enable security automation and have actionable threat intelligence.
• Reduce mean time to detect (MTTD) and mean time to react (MTTR).
• Ease of security compliance management, especially in the cloud.
• Compatibility of products with AWS.
• Natively integrated products to provide visibility and boost risk management.

With the varied requirements, KCD sought a comprehensive solution from an innovative company that could cater to their dynamic cloud needs as their business evolved. KCD had previously already deployed the VM-Series Virtual Next-Generation Firewall in AWS, which enabled them to gain confidence in Palo Alto Networks. “We knew that the majority of the financial services industry relied heavily on Palo Alto Networks hardware firewalls. A distinctive characteristic that set them apart from the competition was that their software firewalls performed equally well as the physical firewalls, on top of receiving the best rating amongst other platforms,” Peter affirms.

On top of VM-Series virtual firewalls, KCD deployed Prisma Cloud for Cloud Security Posture Management (CSPM) and Cortex XSOAR for automated security controls. As KCD deals with financial data, they wanted to ensure compliance with the Korean government’s security standards and regulations. KCD pursued ISO 27001 certification and wanted a tool that would facilitate compliance management standards. From inception, KCD has built its systems on AWS. As part of the certification, KCD needed to have an integrated environment that can respond to various security threats across the AWS environments. This is because authorization management, log management, access control, threat response, violation prevention, and secure coding checks must be implemented seamlessly in a complex cloud environment.

KCD conducted a rigorous evaluation of the available products in the market and found Prisma Cloud to be the best fit— from a product features standpoint and capabilities to help them adhere to the government’s compliance requirements. Overall, Prisma Cloud provides a single pane of glass for secure management of cloud environments, cloud workloads, and network security.

Many of the solutions under consideration offered authentication only so that the company could not set controlallow-block policies that matched AWS’s various features. Additional solutions were required for more granular security settings and the level of technical support left much to be desired. On the other hand, Prisma Cloud, the most complete cloud-native application protection platform (CNAPP), fulfilled these requirements with a single solution. Peter reiterates, “Prisma Cloud from Palo Alto Networks was the only solution that addressed our security needs and was compatible with the AWS capabilities that we were utilizing.”

KCD turned to Cortex XSOAR to enable greater security with automated controls. For KCD, one of the standout features of Cortex XSOAR was the ability to support various functions and services within their AWS environment, improving work efficiency in a separated network environment. “In terms of functionality, reliability, and completeness of coverage, Cortex XSOAR ticked all the boxes for security automation,” shares Peter.

VM-Series virtual firewalls ensure the robust security of KCD’s business by enforcing granular identity and security policies for daily customer sales transactions—from 500 GB to 1 TB—and user access to over 1.3 million businesses. This gives KCD the confidence and ability to scale their business, without compromising on their service offerings to their customers.

Ease of compliance management within AWS

Prisma Cloud helped KCD meet compliance for international ISO/IEC 27001 standard requirements and achieve ISO/ IEC 27001 certification. Prisma Cloud had a big impact here with highly granular configuration support across KCD’s cloud environment, including security features for resource management like data security, account-specific permission control, and shift-left application protection. Where some features in AWS are noncompliant, Prisma Cloud automatically triggers an alert, enabling KCD to make changes as necessary.

Operational efficiency and 30% less time spent on incident response

One of the most immediate benefits to KCD with Cortex XSOAR was the reduction in time spent on incident response, resulting from increased operational efficiency. For task management, this was typically managed by three individuals but has since gone down to two. Processes that once took 10 minutes have now been reduced to mere seconds, with the use of automated playbooks. Manual tasks involving analysis and blocking of threats, which used to take 30 minutes or longer, are now a thing of the past, as the duration has been reduced to 5 to 10 minutes without human intervention. Overall, this has resulted in 30% less time spent on incident response, enabling the team to focus on matters of higher criticality.

Timely threat detection and response

For KCD, one of the main priorities was to elevate their security posture. This is possible because an intelligent database can be built into XSOAR. “In the past, a separate database had to be established. However, XSOAR can create its own database and accumulate data from Palo Alto Networks solutions. When an event occurs, this database is compared to assess the threat level, resulting in enhanced detection accuracy and enabling security personnel to make quick decisions,” explains Peter.

End-to-end technical support

Throughout its journey with Palo Alto Networks, KCD feels reassured by the technical support provided by the local team. “The team is quick to respond and address any issues we have faced,” reiterates Peter.

As the company grows, KCD wants to further enhance data security and is looking to integrate Prisma Cloud and Cortex XSOAR at a higher level. Currently, the company is using Prisma Cloud primarily for CSPM, but is considering activating the Cloud Workload Protection (CWP) feature and connecting it with Cortex XSOAR. “With CWPP, we’ll be able to fully manage AWS in full, alongside Cortex XSOAR and have a more robust security environment,” shares Peter.

Looking to the future, KCD is also preparing to break new ground by establishing an online bank for small businesses. This will in turn require a more robust data security environment. Peter shares, “We look forward to our continued partnership with Palo Alto Networks to tackle new business and security challenges as we grow.”

“Palo Alto Networks has made it possible for us to safeguard our data in the cloud and adhere to the strict regulations imposed on FSIs. With a fully automated environment, we hope to be able to implement a greater standard of security without the need to expand our security team,” elaborates Peter.

Learn more about Palo Alto Networks virtual NGFWs here, Cortex XSOAR here, and Prisma Cloud here. For more information on Palo Alto Networks, visit our website or read more customer stories.