The SecuLetter standard deployment process runs in 7 stages: Inquiry → Benchmark → PoC → Design → Build → Acceptance → Operations. Each stage's inputs, outputs, and duration are defined up front — so approval documents and audit-response materials get written without guesswork. Average duration: 3 months (light), 6 months (standard).
Choose on-premises, cloud (DISARM), or hybrid based on network policy, organization size, and regulatory requirements. All three share the same MARS engine, CDR pipeline, and ConTI intelligence — so policies and detection data carry over when you switch models later.
The standard configuration for government, finance, and defense. Installed as a dedicated appliance on the internal network — inserted into cross-network file transfer, web upload, and mail server paths. The self-contained, no-external-connection design fits both regulated security-suitability and cross-network requirements.
Cloud email security for Microsoft 365 and Google Workspace organizations. No MX change required — deploys via API in minutes. Attachments run through the MARS and CDR pipeline at the moment of receipt, with support for encrypted archives and retroactive scanning of historical mail.
For heterogeneous environments — HQ plus branches, internal plus external partners — that need simultaneous coverage. Internal zones run on-premises SLF; external email runs on DISARM SaaS. Policy and logs are managed centrally through the ConTI portal.
SecuLetter products are inserted only where files enter from outside — cross-network file transfer, mail receipt, web upload. Internal file servers, DRM, and business systems stay as they are. The MARS engine intervenes only at the moment a file enters.
Mail server, DRM, and SIEM stay as-is. SecuLetter intervenes only at the moment a file enters from outside.
Supports ICAP, SMTP, Syslog, CEF, REST, and SAML. Automatic bypass on failure prevents business interruption.
Pre-mapped to cross-network file transfer requirements and information security management — usable as audit evidence with no separate design pass.
Based on the TTA GS Grade 1 test (200,000 real files), 100+ organizations in production, and averages across government and finance customers. Designed to leave existing infrastructure performance materially unchanged.
Each stage has predefined inputs, output documents, and owners. Drop directly into your procurement schedule to walk senior approvers and auditors through.
PoC request or procurement inquiry. Joint sales and engineering kickoff call (60 min). We confirm network topology, primary file types, throughput, and regulatory requirements, then agree on PoC scope.
In the SecuLetter lab or an isolated environment at your site, we validate detection, sanitization, and performance against 10,000 to 200,000 real files. Same protocols as the KISA and TTA evaluations — measuring detection rate, average response, and false-positive rate in parallel.
Deploy in TAP/mirror mode in your production environment and observe live traffic. No blocking — we detect and classify only to validate false-positive rate and business impact up front. Your security team drives the SLF/SLE dashboard directly.
Based on BMT and PoC results, we finalize hardware spec, HA configuration, network gateway integration, and log retention. Decide on procurement path — multi-vendor contract or Innovative Procurement Item sole-source. Cite the certifications page directly in your procurement workflow.
Appliance delivery, rack mount, network connection, and policy migration. Active-active redundancy and bypass configurations are standard — cutover happens with no business interruption. Integration tested against file servers, mail servers, DRM, and SIEM.
Run in detection mode first to tune false positives and finalize exception policy. Switch to block mode in the final week. Daily monitoring and weekly reports for two weeks post-cutover. Security-suitability evidence delivered as a bundle.
Maintenance contract (15% annual standard) covers updates, signature distribution, and incident response. Quarterly operations review, semi-annual threat briefing. With a ConTI subscription, threat intelligence is shared in real time.
Four content-ingress paths — cross-network file transfer, email, public web portals, and document repositories. Each card summarizes the configuration, average deployment time, operating KPIs, and representative references.
External-to-internal file flow through the network gateway
REFS · National postal center · Power utility · Commercial bank
Inline mail gateway with attachment sanitization and URL rewriting
REFS · Defense prime · Top-tier brokerage · University
Public-service portal, tender, and e-government upload security
REFS · National health agency · Korea Internet & Security Agency · Provincial government
Pre-scan before ECM and DRM storage
REFS · National R&D agency · Multiple government organizations
What government and finance buyers most often ask during PoC and procurement. Answers include the supporting page and relevant contract clauses.
Contracts consist of product license, hardware (where applicable), and annual maintenance. The standard maintenance rate is 15% per year, adjusted for night and holiday support, on-site staff, and other options.
Procurement via the multi-vendor government contract (item ID 23456789) fixes the unit price with no separate tender; sole-source via Innovative Procurement Item (IP-2023-0914) is also available. Quotes scale by throughput, HA, and optional modules (CDR, ConTI).
No dedicated headcount required. Designed so an existing security operator handles dashboard monitoring in 10–20 minutes per day. At typical deployment scale the average operating load is 4–6 hours per month.
For 24/7 coverage, SecuLetter SI and MSSP partners offer managed services as an option. Most finance customers integrate by forwarding logs to their existing SIEM/SOC without adding headcount.
Not overlap — complementary. Antivirus targets known signatures; sandboxes target behavior analysis of executables. The MARS engine disassembles the structure of non-executable files (documents, PDFs, HWP, images) through reverse engineering — covering exactly the surface other tools miss.
A major defense contractor runs SecuLetter SLE alongside an existing sandbox; top-tier brokerages integrate it with their NGFW and DLP, consolidating detection data in a single portal.
Average file processing is 12.027s for SLE (measured on 200,000 real files under TTA GS) and 34ms for SLCDR sanitization. No perceptible delay in the workflow — 10–20x faster than typical sandboxes (2–3 minutes).
At peak, spare nodes in the HA configuration distribute load. Even if a temporary queue forms, original mail delivery is not delayed — only attachments enter a separate processing queue.
SecuLetter products hold Common Criteria certification, 100% APT detection in the KISA evaluation, TTA GS Grade 1, and an Innovative Procurement Item listing — usable as evidence for cross-network file security, ISMS-P information security management, and national security-suitability evaluation.
On deployment we bundle requirement-mapping sheets, audit Q&A, and operational evidence from comparable customers. Your account manager attends in person during audit season for technical defense.
Standard API and Syslog integrations are validated against major cross-network file transfer products and DRM systems (Fasoo, MarkAny, SoftCamp), and 100+ organizations already run them in parallel. File formats, extensions, and decryption ordering are tuned per environment.
Environments with conflict risk are validated up front during the PoC in TAP/mirror mode. We have a track record across special environments — OT and defense networks included.
The one-month lab benchmark test is free. The one-month on-site PoC is also free by default for government and finance buyers; a separate quote may apply if special-environment setup is needed (for example, a dedicated lab for an air-gapped network).
BMT and PoC include the result report, one operator training session, and on-site engineering support. If the customer chooses to adopt, operating artifacts (signatures, policies) from that period roll directly into the production deployment.
Standard SLA: P1 incidents (service outage) resolved within 4 hours, with response within 1 hour; P2 and P3 handled on business-day terms. Major government and finance customers add 24/7 hotline plus quarterly on-site review as an option.
Incident logs are delivered as quarterly SLA fulfillment reports — drop-in ready for security audits and executive reporting. Trailing 3-year SLA compliance: 99.4%.
Licensing is based on daily throughput (items/day) and processing nodes. If user count grows but attachment volume stays flat, no expansion is needed; once throughput crosses thresholds, nodes are added within the HA configuration.
Acceptance includes one standard operator training (4 hours) and one administrator deep dive (2 hours). Onboarding materials — operations manual, policy templates, dashboard playbooks — are distributed as PDFs.
One additional free training session per year; further sessions priced separately. Re-training is available on staffing changes.
Yes. With role-based access control (RBAC), operators manage allowlists, exceptions, and alert policies directly; sensitive policies (block criteria, signatures) are restricted to administrators or the SecuLetter engineering team.
Default is 1-year retention plus 3-year archive (optional), extendable to finance and public-sector audit requirements. Detection events, original files, and sanitized output are all queryable, with real-time SIEM delivery via Syslog and CEF.
For suspected incidents, the SecuLetter security research team provides forensic analysis support — annual contract or per-incident.
On a PoC request, a technical account manager is typically assigned within 2 business days to set up the kickoff call. Get a single consolidated walkthrough of lab benchmark testing, on-site PoC, and procurement paths.
