EN
Contact Sales Request a PoC
Since 2015 · A decade focused on CDR

Document threats,
neutralized at the
binary level.

Our MARS engine reverse-engineers every document at the binary level to surface hidden threats. CDR then strips out malicious components and rebuilds a clean file—preserving the original layout and content. The same Detect+CDR architecture protects every content entry point: network gateways, email, and cloud.

Request a PoC How it works
MARS ENGINE REVERSE ENGINEERING SLF · SLE · SLCDR · ConTI ENTERPRISE READY
Illustration of the MARS engine reverse-engineering a document at the binary level, removing threats, and rebuilding a clean file
GS Grade 1
Independently certified
Benchmarked on 200,000 real-world files
100+
Enterprise deployments
Across government, finance, and defense
309+
Supported file formats
Industry-leading · CFB + OOXML
12.02s
Average MARS analysis
Across 200,000-file benchmark
WHY SECULETTER · THREE REASONS ENTERPRISES CHOOSE US

Stop the threats your existing security can't see—
non-executable document attacks, neutralized at the source.

Technical foundation, threat coverage, and enterprise-grade credentials—three reasons SecuLetter is the right choice for content security.

PRINCIPLE · HOW
MARS ENGINE

Disassemble. Analyze. Reassemble safely.

IN · PAYLOAD.DOCX ▸ [META] ▸ [BODY] ● macro.vba ● ole.bin ▸ [RELS] ● ext.link ▸ [MEDIA] Disassemble MARS · Structural analysis ▸ [META] ✓ ▸ [BODY] ✓ ● macro.vba ✕ ● ole.bin ✕ ▸ [RELS] ✓ ● ext.link ✕ ▸ [MEDIA] ✓ Reassemble OUT · SAFE.DOCX ▸ [META] ▸ [BODY] ▸ [RELS] ▸ [MEDIA]

MARS reverse-engineers every document at the binary level to expose hidden threats—malicious macros, embedded OLE objects, weaponized fonts. CDR then strips out the risk elements and rebuilds a clean, functional file. Even signatureless zero-days can't execute when they've been structurally removed.

Underlying technology
MARS (Malware Analysis & Reverse-engineering System) engine—a reverse-engineering-based Detect+CDR architecture.
Key difference
Detection-based tools (antivirus, sandboxing) only catch what they've already seen. MARS analyzes file structure itself—neutralizing zero-day threats based on what they are, not what they look like.
Measured performance
Independently benchmarked at 12.02s average analysis and 34ms average sanitization across 200,000 real-world files.
See how MARS works
COVERAGE · WHAT
309+ FORMATS

We don't replace your stack. We close its blind spot.

Antivirus Sandbox APT tools SecuLetter .EXE .DOCX .HWP .PDF .XLSX .IMG Covered Partial Not covered

Antivirus and sandboxing handle executable files well. The blind spot is non-executable documents—Word, Excel, PDF, images, and HWP. The majority of attacks against regulated industries arrive through these formats. SecuLetter exists to close that gap.

Supported formats
309+ formats across the CFB and OOXML families—Microsoft Office (all generations), PDF 1.4 through 2.0, image steganography detection, and HWP 5.0/2018.
Integration
Deploys as a gateway in front of existing antivirus, sandbox, and DLP infrastructure. Adds missing coverage without disrupting policies or replacing hardware.
Field result
Q3 2024: At a government agency, SecuLetter intercepted four malware droppers that had bypassed the incumbent sandbox. Document-borne incidents at that site since deployment: zero.
View coverage details
EVIDENCE · WHY
AUDIT READY

Audit-ready evidence, on day one.

GS Grade 1 Verified across 200,000 real files GS Benchmarked 12.02s avg. analysis · 34ms sanitization CC EAL2 · Government certified Procurement-ready documentation In production across regulated industries Ministries Pensions Healthcare Defense Military Finance + 100 organizations

Enterprise security buyers face a common pressure—"adopt this solution, and don't get flagged in audit." Insufficient evidence directly affects performance reviews and budget approvals. SecuLetter provides documentation that drops straight into audit, procurement, and security review.

Independent certifications
Common Criteria EAL2 · ISO 27001 · GS Grade 1 (TTA) · featured in Gartner research as a CDR vendor.
Peer references
National ministries, pension funds, defense contractors, and major financial institutions—100+ enterprise organizations in production. The strongest approval pathway is peer adoption at scale.
Migration case
In 2024, a major defense contractor migrated from a foreign CDR product to SecuLetter. Cited reasons: native format coverage, local-language audit documentation, and regional support response times.
View all certifications and references
Solutions

Every content path. One engine.

The same MARS engine secures both the file path (SLF) and email path (SLE). Add CDR sanitization (SLCDR) and threat intelligence (ConTI) as shared modules wherever you need them.

FILE · SLF

File security gateway

Cross-network file transfer, document repositories, and web upload portals. 309+ formats reassembled at the structural level.
EMAIL · SLE

Email security (DISARM)

Attachment sanitization, URL rewriting, and content verification before delivery. Deploys in front of your existing email gateway with no infrastructure changes.
DEPLOYMENT PATHS · WHERE WE PROTECT

Protect every path content takes into your enterprise

Two primary content paths—file and email—both protected by the same MARS engine. Add modules wherever you need them.

PATH 01 · FILE

File security path

Cross-network file transfer, document repositories, public upload portals, financial and government internal networks, defense secure networks, manufacturing and energy OT systems, and secure development environments.

SLF
File security gateway
+SLCDR
Sanitization module
+ConTI
Threat intelligence
Throughput
49,000–315,000 files per day (hardware-dependent)
Reference deployments
National health insurance · major brokerage
Deployment
On-premises appliance
PATH 02 · EMAIL

Email security path

Inline deployment in front of your mail server (on-premises) or API integration with Microsoft 365 and Google Workspace (cloud). Attachments and links analyzed in parallel before delivery.

SLE
On-premises email gateway
DISARM
Cloud API
+ConTI
Threat intelligence
Throughput
160,000–912,000 messages per day
Reference deployments
Major defense contractor · major investment firm
Deployment
On-premises appliance · cloud deploys in minutes
+ Add-on modules — Layer CDR sanitization (SLCDR) and threat intelligence (ConTI) onto any path. These attach to your deployment rather than being sold as standalone categories.
SLCDR ConTI
Explore all solutions
DEPLOYMENT · ARCHITECTURE

One MARS engine. Every entry point.

Network gateways, email, web portals, and document repositories—different paths, all protected by the same engine.

SecuLetter deployment architecture: SLE, SLF, and SLCDR integration across external network, DMZ, and corporate network layers
Email gateway SLE

Inbound email attachments and embedded URLs analyzed by MARS on arrival. Deploys inline, downstream of your existing spam filter.

Cross-network file transfer SLF

Every file inspected before crossing from the external to the internal network. Integrates via SMB, NFS, and SFTP APIs.

Public web portals SLF

API integration with public-service portals, procurement systems, and web applications. Async polling-to-callback architecture minimizes server load.

Document repository SLF

CDR sanitization runs before files are stored. Malicious files are quarantined; only clean files reach the repository.

HOW IT WORKS · TWO TECHNIQUES COMBINED

Reverse-engineering analysis + CDR sanitization

MARS is the analysis engine; SLCDR is the sanitization engine. We're one of the few cybersecurity vendors that built both in-house.

Background · three blind spots in legacy security

Sandboxes need observable runtime behavior to classify a threat. Attacks engineered without runtime behavior are undetectable by definition.

VM-aware evasion Time-delayed payload User-action trigger
01

Reverse-engineering analysis MARS ENGINE

Disassembles file structure at the binary level—without executing the file. Surfaces structural anomalies even when no known signature exists.

02

Threat identification

Identifies risk elements: malicious macros, scripts, embedded OLE objects, weaponized links, and external template references.

03

CDR sanitization SLCDR

Removes the risk elements, then reassembles the file while preserving the original layout, comments, and link structure.

04

Safe delivery

Delivers the verified, clean file to the recipient. End-user experience is identical to the original.

VS

If a sandbox is watching the security camera footage,
MARS is identifying suspects by fingerprint and DNA.

12.02sAverage MARS analysis time
34msAverage CDR sanitization per file
309+Supported file formats
Read the full technical overview
CUSTOMERS · ENTERPRISE DEPLOYMENTS

100+ organizations protected by SecuLetter every day

Government, finance, defense, and manufacturing—a partial list of named, in-production references. Contact your account team for the full list.

NHIS NHIS
NPS NPS
KISA KISA
KEPCO KEPCO
Korea Post Korea Post
KOTRA KOTRA
KOICA KOICA
KETEP KETEP
MSIT MSIT
MOTIE MOTIE
MCST MCST
KAMCO KAMCO
KB Securities KB Securities
Korea Investment & Securities Korea Investment & Securities
Daishin Securities Daishin Securities
BNK Busan Bank BNK Busan Bank
DB Insurance DB Insurance
eBEST Investment & Securities eBEST Investment & Securities
KSD KSD
LIG Nex1 LIG Nex1
HD Hyundai Oilbank HD Hyundai Oilbank
Samsung Electronics Sales Samsung Electronics Sales
Seoul Semiconductor Seoul Semiconductor
CASE STUDIES · PRODUCTION DEPLOYMENTS

Ten named enterprises.
Same engine. Different environments.

Government, finance, defense, and education. Adoption triggers and operational outcomes—the kind of detail you can quote directly into audit, internal approval, or RFP review.

Finance SLE+SLF

BNK Busan Bank

Behavior-based security couldn't catch threats hidden in non-executable documents.

  • Malware detected across both network gateway and email paths
  • Unified monitoring platform via API integration
SCALE 3,300 employees
Government SLF

National Health Insurance Service

Malware infiltrating through the public-service portal's file upload path.

  • 5x faster file analysis in head-to-head testing
  • Public-service portal protected with no impact on workflow speed
SCALE 16,000 employees
Government SLF

Korea Internet & Security Agency

Air-gapped network security required for sensitive systems.

  • High detection rate, fast analysis, no file-size limits
  • Real-time threat blocking with no operational delay
SCALE 800 employees
Defense SLE+SLF

LIG Nex1

Sophisticated email-spoofing attacks. Replaced an incumbent behavior-based solution from a foreign vendor.

  • Malware and malicious URLs detected at the network gateway
  • Email-attachment document attacks stopped at the source
SCALE 3,250 employees
Government SLE

Korea Electric Power Corporation

Incumbent security couldn't detect document-based ransomware.

  • 20,000+ accurate threat detections per day
  • Closed the coverage gap left by the existing spam filter
SCALE 2,339 employees
Finance SLE+SLF

Korea Investment & Securities

Surge in document-based malware drove the need for a Common Criteria-certified solution.

  • Email-path malware and phishing URLs blocked
  • Email path scaled with high-availability redundancy
SCALE 2,876 employees
Government SLF

Korea Post Information Center

Cross-network transfer of regulatory PDF filings hit detection-rate and throughput limits.

  • Every regulatory PDF fully analyzed
  • No workflow delays at peak transfer volumes
SCALE 37,000 employees
Government SLF

Korea Institute of Energy Technology Evaluation and Planning

Increase in non-executable file attacks targeting remote-work environments.

  • Malware blocked before files reach the document repository
  • Remote-work environment hardened
SCALE 134 employees
Finance SLF

Daishin Securities

Behavior-based solution had high latency and missed evasive attacks.

  • High detection rate regardless of file size
  • Cross-network transfers protected with no added latency
SCALE 1,425 employees
Education SLE

Joongbu University

Email-spoofing malware exceeded the existing spam filter's detection capability.

  • Known and zero-day malware detected
  • Phishing-URL injection attacks blocked
SCALE 12,000 students
CERTIFICATIONS · AWARDS · PROCUREMENT

Audit-ready evidence, ready to drop into your approval workflow

View all certifications
KISA Certified
100% APT detection rate
TTA GS Grade 1
12.02s avg · 200k files
CC
Common Criteria
EAL2 assurance
Government procurement
Listed on Korea's e-procurement system
Gartner
Featured email security vendor
ISO 27001
Information security management
CDR Patents
Industry-leading portfolio
POC · BENCHMARK READY IN 3 DAYS

Document security.
See it for yourself.

Run a benchmark with your own files and samples. Deploys inline without changes to your existing infrastructure—results report typically within 3 days.

Request a PoC Contact Sales
NDA upfront Government procurement approved Deployed across national ministries Common Criteria EAL2 certified