Preventative measures such as firewalls, virus scanners, or content security solutions provide limited defense against professional hackers. The only effective protection against cyber threats is through utilisation of a full range of tools and cyber defense experts working in close coordination with one another, searching for attackers round the clock - and then immediately neutralising the threats.
SOCs monitor and analyze the activities across the entire IT landscape (networks, servers, mobile and stationary clients, data banks, applications, web servers and additional systems) and search for anomalous activities, which could point to a security breach. If Industrial Control Systems (ICS) on Operational Technology networks are available, these can also be monitored. The SOC is responsible for correctly identifying, analyzing, reporting and mitigating potential security incidents.
Security experts on a command bridge monitor the worldwide threat level on big screens, react to incoming alarm messages, and intervene immediately when necessary. If a cyber-attack is successful, companies must be able to uncover the approach used by the hacker and initiate counter measures quickly and effectively. To this end, defense teams have a whole range of security solutions at their disposal for observing the IT systems which require protection. These are linked to the SOC via interfaces to ensure that any data traffic can be observed and analyzed.
A SOC (security operation center) works like a command bridge whose security experts monitor the threat level and can intervene immediately.
On a daily basis, Telekom security experts analyze several billion bits of security relevant data from thousands of sources, with virtually full automation. Around 200 experts at the Master SOC in Bonn and the associated national and international locations monitor Telekom's systems and those of their customers 24/7. They identify cyber-attacks, analyze attack tools, consistently protect the victims from damage and derive prognoses from the attacks regarding future patterns. During operation the Telekom experts draw from their many years' experience in combating attacks on their own infrastructure. More than 20 million different attack patterns have already been collected and utilized for the improvement of in-house systems. A smart team for the protection of a flourishing digital world.
One SOC can cater to multiple clients simultaneously. There is a strict separation of respective customer data for compliance reasons. That way, the Security Operations Center from Telekom Security increases cost synergies and proves to be more effective than elaborate in-house operations. All clients profit equally on a single platform from the continuously growing experience of our security analytics. Continuous adjustments to the changing threat situation along the entire digital chain are performed daily: ranging from network monitoring and client and server system protection to safeguarding industrial systems.
The number of bits of security-related data processed by Telekom is enormous: more than one billion in our own network and systems – each day. Deutsche Telekom has successfully registered, analyzed, compressed, and processed these data volumes for many years in SOCs. From these vast quantities of data, the security analysts extract the relevant indicators for attacks and process suspicious cases in fractions of a second. In the final step, experts analyze actual breaches and initiate counter measures.
Security information and event management (SIEM) combines security information management (SIM) and security event management (SEM). It orchestrates the continuous collection of log data from end points such as PCs or servers, routers, switchers, applications, firewalls and other systems, and evaluates the data. SIEM enables a holistic approach to IT-security. It correlates notifications and alarms in real time and identifies extraordinary patterns or trends, which could point to a cyber-attack. On the basis of these results, companies can react more quickly and precisely to cyber-attacks. SIEM also uses machine learning (ML) and artificial intelligence (AI) processes. SIEM tools are available as services from the cloud.
Future-proofing a company requires four building blocks: connectivity, cloud and infrastructure, security, and digitalization. A Security Operation center and SIEM are essential components of a future-proof Security Strategy for companies.