[Penta News] Data Encryption Solution D.AMO Has Operated Normally for Over 17 Years
“At Penta Security, our encryption solution D.AMO and WAAP platform WAPPLES have maintained the #1 position in the public sector market in Korea for over 17 years. Our authentication product iSIGN also ranks #1 in Korea appliance‑based SSO authentication field. All three flagship products lead their respective domains” said Tae Gyun Kim, CEO of Penta Security, during a recent interview with ZDNet Korea.
Founded on July 21, 1997, Penta Security is a cybersecurity technology company based in Seoul (Yeouido) with overseas offices in Tokyo (Japan), Hanoi (Vietnam), and Abu Dhabi (UAE). The company employs approximately 240 staff, including around 150 R&D and technical specialists.
Kim became CEO in August 2022, having previously served as a naval officer. After working at Daewoo Information Systems and KT Internet Technology, he joined Penta Security. At that time, annual revenue stood at approximately KRW 26 billion; by last year it had grown to KRW 37.8 billion, adding over KRW 10 billion in just three years under his leadership. This year they are targeting sales in the KRW 40 billion range.
Kim emphasized Penta Security’s proactive responses to IT changes. “We supply three major security solutions, iSIGN, D.AMO, and WAPPLES, all of which are market-leading products. We’ve also launched Korea’s first cloud‑based web security SaaS, Cloudbric, in 2015, and Autocrypt, the future car security product, began as a project within Penta Security and later spun off,” he stated. With Korea’s cybersecurity market rapidly evolving via AI, N2SF, and zero trust paradigms, he added, “We quickly address these shifts by enhancing our existing solutions.”
◆ Penta Security Q&A from CEO Kim
Q: Penta Security emphasizes a three-stage model of cybersecurity. What does this entail?
We categorize cybersecurity into three progressive stages: 1) Authentication, 2) Monitoring and Blocking, and 3) Data Protection.
- Authentication is the first and most vulnerable stage. Happens when a user initially connects to a system. It is critical to ensure strong, multifactor authentication at this point.
- Monitoring and blocking involves real-time surveillance of authenticated users’ network traffic. We detect abnormal behavior and instantly block potential threats.
- Data Protection secures the ultimate target of cyberattacks which is the data itself. Even if a breach occurs, with data encryption, it becomes useless to the attacker. This final stage represents Penta Security’s core strength.
Q: Are your cybersecurity products developed based on this three-stage model?
Absolutely. We embed this philosophy in all our solutions. We’ve released four flagship products built around it. Starting with iSIGN, our authentication security platform, we have D.AMO, the data encryption platform, WAPPLES, the intelligent WAAP (Web Application and API Protection) solution, and Cloudbric, the cloud-based security SaaS platform. Currently we have these four products.
Q: Seems like authentication itself includes many different technologies. Can you explain them?
Yes, authentication spans multiple domains such as SSO (Single Sign-On), Multi-Factor Authentication (MFA), PKI Authentication, Endpoint Authentication, Identity and Access Management (IAM), IoT Authentication and more.
Looking at each of these, SSO enables centralized login across systems and MFA combines OTP, biometrics, and simplified login. Also, PKI Authentication uses private certificates for device/service validation and segment encryption, and endpoint authentication verifies users at the OS login level. Adding on, IAM governs access control policies and IoT authentication secures device identity in connected ecosystems.
Our product iSIGN covers all authentication types except IAM, which requires extensive customization.
Q: Which of these four products was launched first?
iSIGN, our authentication security solution, released in 2001 is our first product. Following, Korea’s first commercial-grade data encryption solution D.AMO was introduced in 2004. After a year, in 2005, intelligent web application firewall WAPPLES was introduced. Like D.AMO, WAPPLES is the first in Korea to have an intelligent detection engine. In 2015, the first Korea SECaas solution, Cloudbric was released.
CEO Tae Gyun Kim smiling during the meeting with ZDNet Korea
Q: What are the unique strengths of each flagship product?
D.AMO is our cash cow. It applies encryption across all layers of IT from structured to unstructured data, legacy systems to databases, and cloud environments. It holds the most references in Korea and over 14,000 servers globally deploys D.AMO.
WAPPLES features the patented COCEP engine, offering advanced web and API protection, bot mitigation, DoS defense. It elaborates low false-positive detection, and machine learning-based diagnostics. It currently protects over 700,000 businesses worldwide and is recognized by Frost & Sullivan as a top Asia-Pacific product.
iSIGN is Korea’s #1 appliance-based authentication platform. It integrates FIDO-certified biometric authentication and uses encryption modules verified by the National Intelligence Service (NIS).
We are also proud of our product Cloudbric. It supports major cloud providers like AWS and Azure. Thanks to our Cloudbric Managed Rules on AWS Marketplace, we now serve over 1,100 global clients.
Q: What’s the market share of these solutions within Korea?
All three main products lead their respective markets. D.AMO and WAPPLES each hold over 50% public sector share for 17+ consecutive years. Adding on, iSIGN is the market leader in appliance-based SSO.
Firstly, our data encryption product, D.AMO, boastsw a 55% cumulative procurement share over 18 years. Within Korea, it has the most references. After its release, it is still the #1 product in Korea’s encryption market.
Secondly, WAPPLES, celebrating its 20th anniversary, has maintained the #1 spot in web security procurement for 17 years with an average share of 56%. It shows high security and a low false positive rate. WAPPLES protects 700,000 internet businesses worldwide, not just domestically.
Thirdly, Cloudbric, the first in Korea to implement the concept of ‘SECaas’, is now heading not only to APAC regions but also to further global markets starting from our Japan and Vietnam offices. It is our future growth engine.
Products of Penta Security
Q: Who are your main competitors?
In the global cybersecurity landscape, our key competitors by domain include: Tales in data encryption, F5 and Fortinet in WAFs, and Okta in identity and authentication security.
Q: How many customers does Penta Security currently serve?
As of the end of last year, we serve around 10,000 customers including Korea’s Ministry of Interior and Foreign Affairs, financial institutions, top-tier conglomerates, leading hospitals, and educational institutions. Globally, we operate in 171 countries, with over 1,100 international enterprise customers. Our growth stems from nearly 30 years of innovation in cybersecurity and a relentless focus on customer satisfaction. Penta Security delivers most of our global services in a SaaS subscription model.
Q: What new products or versions are planned for this year?
This September, we’ll release WAPPLES 7.0. It will feature enhanced performance and intelligent detection functions, strengthening our leadership in WAAP. Moreover, to combat password theft, we’ve also launched iSIGN Passwordless. It replaces passwords with OTP, biometrics, and simple authentication, providing single sign-on (SSO) access to critical enterprise systems. It combines high security with user convenience.
Also, another upcoming product is Cloudbric Mask, an AI-powered service that automatically detects and blurs personally identifiable information (e.g., faces, license plates) in images and videos. It encrypts masked data for secure handling. In light of public concern over excessive fees for video redaction, we will launch this as a free B2C service.
Q: What sets your products apart technologically?
I want to highlight D.AMO especially. Hacking incidents are currently rising everywhere. If data was encrypted, even with data exposure, it could be safely protected. The true difference in data encryption solution is the experience of implementing it in different environments.Key institutions and companies that process large amounts of data in Korea have already verified D.AMO’s technology and stability by applying it.
There are three core competitive advantages. First, it was Korea’s first commercial data encryption platform and now has the highest number of local references over the past 20 years. Second, It supports encryption across all IT layers such as legacy systems, databases, cloud, and SAP, easily adapting to customer infrastructure and business needs. Lastly, The GUI-based D.AMO Control Center enables real-time monitoring, automated recovery, and centralized administration, enhancing operational efficiency.
Q: What is Penta Security’s internal culture like?
We have a flat organizational culture. In other words, we aim to have minimal reporting layers for fast decision-making. Also, we host in-house tech events like developer conferences and AI competitions to share knowledge.
Penta Security has special employee reward systems. For example, we have invention incentives for patented ideas. Also, we have the Pentastic Award for high-growth-potential talent and the Best Communication award for collaborative efforts. We also support personal growth through book purchases, educational subsidies, and self-development allowances. Our GOT (Globalize Our Thinking) program provides travel grants for employees taking 3+ days off—to broaden their global perspective.
Q: What is your current export status and global expansion strategy?
About 10% of our revenue comes from exports, but unlike our competitors, not through appliances. Instead, we are exporting with service licenses and tech licenses.
To further expand our global reach, we have established local operators in Japan (Penta Security Systems K.K.), Vietnam (Penta Security VINA), and last year, in the UAE (Penta Security Branch Office ABU DHABI).
Our global customers total approximately 1,100 from 171 countries. Among these, Japan holds the biggest proportion with about 400. Numerous global customers within large IT companies, public firms, and more are utilizing our products. Indeed, we’re seeing especially strong traction in Japan, where Cloudbric WAF+ grew by 6,000% in just seven years since our 2017 entry. Japanese customers value our data-driven performance, localized language support, and user-friendly management tools.
Beyond Japan, we are also expanding our global market in Vietnam and the UAE. We tailor our core products, D.AMO, WAPPLES, and Cloudbric, to regional needs. Consequently, this year, we are expecting the overseas license price to surpass KRW 5 billion.
Q: We heard that Penta Security is gaining attention from Research Firms such as Gartner
Like Gartner, major global research firms have noticed the technology of Penta Security. For example, we are listed in Gartner Magic Quadrant for two consecutive years (2021-2022). Also, was featured in Gartner’s 202 key reports. Starting from 2023, for three straight years, we were named “Cybersecurity Company of the Year” by Frost & Sullivan. Other than that for 2019 and 2022, we were included in Forrester’s Now Tech reports.
Q: What has been your recent revenue growth?
In 2022, we had KRW 26.9 billion, 2023, surpassed KRW 33.5 billion. Last year, we recorded KRW 37.8 billion.
Q: The cybersecurity landscape is shifting rapidly with AI, cloud, N2SF, and zero trust. How are you adapting?
We’ve always taken a proactive stance. For example, Cloudbric, our SECaaS web security platform, was first launched in Korea in 2015. Autocrypt, Korea’s only future mobility security solution, also started here before spinning off. We’re enhancing all our existing products to adapt swiftly to AI, N2SF, and zero trust transitions.
Q: As a private company, do you have any plans to go public or raise external funding?
Currently, we have no plans for an IPO.
Q: What’s your long-term vision for Penta Security?
We aim to evolve from a Korean cybersecurity leader to a top global cybersecurity company. In 5 years, we want international revenue to equal domestic revenue (50:50). In 10 years, we want global sales to surpass Korean sales, confirming Penta Security as the global leading cybersecurity company. We want to build a company that passionate professionals aspire to join.
Q: Korea lacks global cybersecurity giants. What’s your advice for building one?
The domestic market is too limited; therefore, strategic international expansion is key. In this regard, we see Korea-Japan collaboration as vital. Despite historical tensions, both nations are aligned with global standards. Consequently, together we can compete with larger marketplaces and confirm our technology.
The Japanese market, in particular, is a key opportunity for us. Its firms must meet global security standards but lack domestic cybersecurity vendors. Considering this situation, Japanese firms are likely to choose Korean security solutions. Furthermore, we retain robust technology and price competitiveness. Indeed, Korea’s strategic advantages position it to become Japan’s preferred security partner. Ultimately, for Korean cybersecurity brands to grow globally, they must leverage this geopolitical opportunity wisely.
◆ Q&A from CEO Tae Gyun Kim
Q: Do you have a favorite quote or motto that inspires you?
I wouldn’t say I’ve lived by a specific quote. Recently, after my father passed away, I found a memoir he had written for us. In it, he wrote: “Money not earned through your own sweat isn’t truly yours, so don’t be greedy.” and “Eventually, we all pay the price and that’s just how life works.” Those words stayed with me, as they reflected how he raised us.
Q: How do you relieve stress?
I sleep. I try to physically exert myself during the day and sleep deeply. After waking up, I feel mentally refreshed, ready to work again.
Q: What are your hobbies and interests?
Thinking that it could help me professionally, I started playing golf and that’s now my hobby. If it was a solo sport, I probably would have quit, but with a mix of personal and social motivation, I keep playing until now.
Q: Is there a book or movie that changed your life?
While I haven’t revisited any particular book or movie multiple times, I do find myself consistently reading the Bible even in small portions. So, I’d say the Bible.
Q: Have you experienced a “winter season” in life? How did you overcome it?
When I was in my twenties, my failure to get into my desired university department discouraged me. But with time, those feelings passed. Honestly, there wasn’t a specific solution. Time simply did its job.
Q: If you were born again, would you become an entrepreneur once again?
I wasn’t a founder, but I did have experience as one of the first members. If taking risks to gain, then yes. Boundaries might work as a protection but can also be a limit.
Q: What advice would you give to aspiring entrepreneurs or junior cybersecurity professionals?
Don’t try to take shortcuts. You might miss essential steps in the process.
Q: Do you have a favorite restaurant?
Honestly, expensive restaurants usually taste better. I enjoy exploring new places rather than sticking to favorites. But when I visit Busan for work or vacation, I always visit Giwajip Daegu-tang (기와집대구탕) near Haeundae for their soup.
Q: What does management or being a CEO mean to you?
When I first became CEO, I asked myself that exact question. My answer was: “Someone who delivers results and protects what must be protected.” It reminded me of the Bible’s description of God’s first command to Adam in Eden: “Work the land and protect it.”
Q: Who is your life role model?
I wouldn’t say I have a single role model, but I’ve learned the most from the CEOs I’ve worked with. Through conversations with them, I gained deeper insights and broader perspectives.
* Would you like to learn more?