Yamong CWPP

Protect and monitor
your cloud workloads
in real time

Protect and monitor

your cloud workloads

in real time

Real-time observation, automatic analysis, immediate response. Build a more transparent and secure cloud through these three steps.

Real-time observation, automatic analysis, immediate response.

Build a more transparent and

safer cloud through these three steps.

Apply Demo

Why is it necessary?

Revolutionarily redesigned runtime security,
enhancing visibility.

Revamped Runtime Security
And Enhanced Visibility.

The cloud is evolving rapidly.

Containers, serverless, and Kubernetes have rendered traditional security boundaries meaningless.

Now, we must monitor and protect the behavior itself, rather than relying on static policies.

Yamong directly observes all behaviors (events) occurring within workloads.

By shifting the security criteria to "what is currently running," we can detect privilege escalation attacks, insider threats, and even zero-day vulnerabilities.

The cloud is evolving rapidly.

Containers, serverless, and Kubernetes

have rendered traditional security boundaries meaningless.

Now, instead of static policies,

we must monitor and protect the activity itself in real-time.

Yamont observes all activities (events) occurring within the workload directly.

By shifting the security criteria to “what is running,”

it can detect privilege escalation attacks, insider threats, and even zero-days.

Product Architecture

Yamong consists of three key components.

Kondor Agent

Distributed across each node, collects system calls, network, and file events through eBPF.

Kondor Controller

Integrated management of workload metadata based on Kubernetes API and Kafka streams.

Kondor Analyzer

Real-time event analysis and anomaly detection, policy-less rule engine, automated response capabilities.

"Making the 'invisible security' visible"

'Making the invisible security'

'visible'

Main features

Workload Visibility

It integrates with the Kubernetes API to map the cgroup_id, namespace, pod, and process of each workload in real time. It visualizes the network flow between pods, file access trees, and process hierarchies to show at a glance "where, what, and when" events occurred.

Runtime Abnormal Behavior Detection

The eBPF engine collects security events from the perspectives of network, file system, and processes, and immediately detects attacks at execution time such as unintended file modifications, external connection attempts, and privilege escalation by comparing them with the intended workload.

Automatic Policy-Based Detection

There is no need to manually create or manage policies. Based on kernel events and API scan data, the system learns normal behavior patterns on its own and detects behaviors that deviate from them in real time. Without complex rule settings, it automatically identifies discrepancies between the workload's intent and execution.

Automated Response

After detecting abnormal behavior, containers are automatically isolated or response scripts are executed to prevent the spread of attacks. Additionally, response logs and root cause analysis reports (automatically aggregating detection status, event logs, and abnormal behavior pattern statistics for each workload) are generated to reduce the response time of security personnel.

Ultralight Agent

Average CPU usage less than 1%, Memory 340MB

Expected Effect

I have captured both operational efficiency and detection accuracy.

Reduce the operational burden on security personnel,

Detection → Response → Reporting
All processes can be automated.

Security personnel operating costs

50~80%

Savings

existing

Annual labor costs range from 700 million to 2.1 billion won.

Average security personnel of 5 to 15 people

After the introduction of Yamong

Labor costs of 300 to 400 million won annually

Reduced to a level of 2 to 3 security personnel.

Regulatory and audit response costs

90%

Savings

existing

Average of 15 hours per transaction

Prepare and write reports for external audits directly.

After the introduction of Yamong

Within 1.5 hours per transaction

Automatic log collection and reporting

Cost of security incident response

60%

Savings

existing

Average of 5.9 billion won per transaction

Including accident identification, investigation, and recovery

After the introduction of Yamong

An average of 1.6 billion won

Detection enhancement and rapid response

TCO reduction effect

$46M+

Savings

Use case

Inside the container

Unauthorized file access

Abnormal process execution

Unintended

Network connection attempt

Attempted privilege escalation

We create security that understands the act itself, not the policy

We create security that understands the behavior itself,
not the policy

Yamong is not just a simple CWPP, but a 'security intelligence layer' between the cloud and the kernel.

Yamon is not just a simple CWPP,

but a 'security intelligence layer' between the cloud and the kernel.

Apply Demo

Download product brochure

Protect and monitoryour cloud workloadsin real time

Protect and monitor

your cloud workloads

in real time

Revolutionarily redesigned runtime security,enhancing visibility.

Revamped Runtime SecurityAnd Enhanced Visibility.

Product Architecture

Main features

Workload Visibility

Runtime Abnormal Behavior Detection

Automatic Policy-Based Detection

Automated Response

Ultralight Agent

Expected Effect

50~80%

90%

60%

$46M+

Use case

We create security that understands the act itself, not the policy

We create security that understands the behavior itself,not the policy

Protect and monitor
your cloud workloads
in real time

Revolutionarily redesigned runtime security,
enhancing visibility.

Revamped Runtime Security
And Enhanced Visibility.

We create security that understands the behavior itself,
not the policy