THREAT INTELLIGENCE · CONTI
AI-driven collection, analysis,
and distribution of real-time threats.
AI automatically analyzes, refines, and distributes the threat data detected across SecuLetter products. Attack groups, TTPs, and IOCs tracked in real time and applied automatically across every customer environment.
- 50+/day New threats learned (KT AI pipeline)
- 24/7 Automated collection and analysis
- All Customer environments updated
- 100+ Attack groups tracked (including APTs)
How ConTI differs from generic threat intelligence.
Beyond simple feed aggregation — operational intelligence that combines first-party detection telemetry with KT AI analysis.
| Capability | Generic TI feed | ConTI |
|---|---|---|
| Collection sources | Primarily public feeds | SecuLetter first-party detection telemetry + external feeds, unified |
| Analysis | Manual analyst review | Automated KT AI analysis and refinement |
| Distribution speed | Hours to days | Real time — 50+ automated updates per day |
| Consumption | CSV / STIX file download | API and automatic signature distribution |
| Offline support | None | Offline signature distribution supported |
| Attack-group tracking | Partial | 100+ groups, with full TTPs and IOCs tracked |
Core capabilities
Six automated capabilities, from collection to distribution, that shorten the threat-response cycle.
Real-time threat collection
Real-time collection of detection telemetry from every SecuLetter product (SLF, SLE, SLCDR). Integrated with external OSINT and ISAC feeds. Tuned for the Korean and regional threat landscape.
KT AI automated analysis
The KT AI pipeline automatically refines, classifies, and correlates raw data — minimizing false positives.
IOC and TTP extraction
Automatic extraction of malicious URLs, IPs, hashes, and domains (IOCs). TTP mapping based on the MITRE ATT&CK framework.
Attack-group tracking
Tracks 100+ APT groups. Monitors each group's latest campaigns, tooling, and target sectors.
Automatic distribution
Converts analysis output into signatures, rulesets, and IOC lists and deploys via API to every customer environment. Air-gapped sites receive signature files.
Threat report generation
Automated weekly and monthly threat-trend reports. Executive-ready summary plus detailed IOC list for analysts.
ConTI data flow
Five-stage automated pipeline — from detection source to customer-wide application.
Detection sources
SLF · SLE · SLCDR + OSINT / ISAC
ConTI engine
KT AI analysis · IOC and TTP extraction · attack-group profiling
All customers
Signature and API distribution · offline support · threat reports
Specifications
| Threat learning | 50+ new threats automatically learned per day (KT AI) |
|---|---|
| Collection sources | SecuLetter first-party detection telemetry + OSINT, ISAC, and regional / global feeds |
| IOC types | Malicious URLs, IPs, domains, file hashes, certificate fingerprints |
| TTP framework | Based on MITRE ATT&CK |
| Attack-group tracking | 100+ APT and cybercrime groups |
| Distribution | REST API · signature files · offline distribution supported |
| Reports | Weekly and monthly (executive summary plus analyst-grade detail) |
| Access model | SaaS — no additional infrastructure required |
Customer references
Organizations across multiple sectors have built real-time threat-response programs on ConTI.
APT group tracking with ConTI feed
Defense-targeted attack-group campaigns identified in advance. Real-time threat intelligence enables a proactive response to nation-state cyber threats.
Ransomware and BEC intelligence for finance
ISMS-P threat-management program built on ConTI. Real-time monitoring of finance-specific ransomware and business email compromise (BEC) threats.
National cyber-threat information sharing
Aggregates threat information across critical national infrastructure. ConTI feed integrates with the national cyber-threat information sharing infrastructure to strengthen nationwide response.
Document security.
See it for yourself.
Run a benchmark with your own files and samples. Deploys inline without changes to your existing infrastructure—results report typically within 3 days.