DEEP RESEARCH · IGLOO CORPORATION
Igloo Corporation: From SIEM to Data Intelligence
A look at Igloo's position as MLS, zero trust, and AI security operations reshape Korea's cyber market
0. Bottom line first
My central view is that Igloo is a public-sector SIEM leader standing at the intersection of three changes: MLS, zero trust, and AI-driven security operations. If AhnLab is the shield and Genians is the gateway for endpoints and access, Igloo is closer to the control tower that aggregates logs and decides what is a real threat.
Official fact: The source describes Igloo as a first-generation security company founded in November 1999, renamed from Igloo Security to Igloo Corporation in March 2022. It also states that Igloo has held Korea's SIEM market share lead for more than 20 years and has over roughly 70% public-sector share based on Korea ON-line E-Procurement System references.
Interpretation: The moat is not just a product. It is long operating history with public-sector security data, Korea-specific compliance reporting, and an installed customer base. The weakness is that a service-heavy revenue mix may cap margins versus product or subscription-heavy peers.
MLS transition
Tracking data flows across C/S/O security grades increases demand for log integration and anomaly detection.
Zero trust
Continuous verification requires enterprise-wide visibility, matching the role of SPIDER ExD.
AI and SOAR
Automation playbooks and AI detection address alert fatigue and security-staff shortages.
1. Industry inflection: from walls to data intelligence
As of 2025, Korea's information security industry is being revalued as infrastructure for national security and corporate survival, not just compliance. Security used to mean a perimeter firewall. With cloud and AI, the boundary has blurred, and the priority has shifted to observing and interpreting every action.
The source highlights three triggers: the K-Security strategy, the public-sector network-separation reform roadmap known as MLS, and zero-trust guidelines. These changes break the old physical separation model and make data movement, access, and behavior verification continuous. My read is that this expands the total addressable market for SIEM, XDR, SOAR, and AI security operations.
2. Igloo's product portfolio
Igloo's competitiveness is software, not hardware: collecting, storing, and analyzing massive logs. The core products are SPIDER TM, SPIDER ExD, and SPIDER SOAR.
| Area | Product | Source point | Investment angle |
|---|---|---|---|
| SIEM | SPIDER TM | Real-time collection, storage, and analysis of logs from heterogeneous firewalls, IPS, and web firewalls | Public references and compliance fit create barriers |
| XDR | SPIDER ExD | Integrates network, endpoint, cloud, and CTI data sources | Can act as a control tower in MLS and zero-trust environments |
| SOAR | SPIDER SOAR | Automates detection-to-response workflows through playbooks | Upsell logic for existing SIEM customers and labor-shortage relief |
| R&D | AI and cloud | Invests about 5-6% of revenue in R&D; 2024 R&D cost about KRW 6.3 billion | Key to shifting from services to solution automation |
3. Competitive map: different role from AhnLab and Genians
The source does not treat AhnLab, Genians, and Igloo as interchangeable security stocks. AhnLab provides a broader security architecture, Genians focuses on NAC, EDR, and ZTNA for endpoint and access control, while Igloo specializes in integrated monitoring and analytics.
| Category | Igloo | AhnLab | Genians |
|---|---|---|---|
| Main area | SIEM, AI monitoring, SOAR | Integrated security portfolio | NAC, EDR, ZTNA |
| Revenue mix | Service-heavy, about 94% | Product and goods-heavy | License and subscription-heavy |
| OPM | Mid, 5-7% | Mid-high, around 10% | High, 15-20% |
| Zero-trust role | Analytics | Security architecture | Gateway |
| Key customers | National Information Resources Service and many public institutions | Finance, enterprise, public sector | Public, finance, manufacturing, U.S., Middle East |
Interpretation: Igloo's discount factor is profitability. The re-rating factor is whether it can shift service-heavy revenue toward AI XDR, SOAR, and data-intelligence solutions.
4. Growth points and risks
Growth points
- MLS requires real-time monitoring of data across security grades, putting SIEM back at the center.
- Zero trust requires visibility, and SPIDER ExD's ability to filter real threats from massive alert volumes fits that need.
- Security labor shortages strengthen the SOAR adoption case, especially among existing SIEM customers.
- The source cites roughly KRW 30 billion of cash-like assets and a debt ratio below 20% as financial stability points.
Risks
- Overseas revenue remains small. Execution through Cyber Infinity in Japan and overseas collaboration with Piolink needs evidence.
- A service-heavy revenue mix can limit operating leverage.
- The key margin checkpoint is when solution revenue exceeds 10% of revenue.
5. Checkpoints I would track
- Actual public MLS wins and references.
- Whether SPIDER ExD and SOAR convert existing SIEM customers into incremental revenue.
- Whether R&D spend shows up in gross margin and operating-margin improvement.
- Whether overseas revenue and subscription or solution revenue become visible in reported numbers.