Dark room with many PC monitors and a large screen with digital patterns

Identify cyber attacks early and mount a targeted defense

Around-the-clock protection against cyber attacks with 24/7 operations

Professional cyber defense

Preventative measures such as firewalls, virus scanners, or content security solutions only provide limited defense against professional hackers. The only effective protection against cyber threats is with a full range of tools and experts in cyber defense working in close coordination with one another, searching for hackers round the clock - and then immediately removing them from traffic data.

Targeted attacks are rarely detected by security software

Not only is the sheer number of cyber attacks rising and posing a threat to IT-security and businesses, but the "quality" of the attacks is also increasing. Hackers are becoming ever more sophisticated. Cyber spies working as hired thieves for third parties are purposefully targeting company infrastructures. Attackers place malware in their victims' networks to gain control over individual systems or entire infrastructures and collect and exfiltrate sensitive data.

For the most part, the malware goes unrecognized by standard preventative defense mechanisms, since they are distributed as "sleepers" and activated gradually. Through subsequent lateral movement, an increasing number of systems fall under the control of the attacker. During this process, the individual steps are not necessarily recognizable as a cyber attack.  Only by putting together all available information does a picture of the attack emerge.

White paper

Find out how you can tackle the challenges of establishing a modern SOC in the white paper “Non-disruptive cyber security for Industry 4.0”.

Identify professional cyber attacks early

A security operation center (SOC) coupled with security information and event management (SIEM) is able to identify professional cyber attacks early and quickly effect targeted counter measures. While SOC comprises people, processes, and technologies, SIEM is a tool of IT-security, which uses many event sources to identify attacks. SIEM provides information about potential threats early on and provides these to the analysts in the SOC. On the basis of these properties, SIEM is a technological and methodological component of the SOC.

Prevention, detection, response

Close-up man observes data texts on a transparent screen.

SOCs monitor and analyze the activities in the entire IT landscape (networks, servers, mobile and stationary clients, data banks, applications, web servers and additional systems) and search for anomalous activities, which could point to a security breach. If operating technologies (OT in industrial networks) are available, these can also be covered. The SOC is responsible for correctly identifying, analyzing, reporting and mitigating potential security incidents.

Command bridge for cyber defense

Security experts on a command bridge monitor the worldwide threat level on big screens, follow up on incoming alarm messages, and intervene immediately when necessary. If a cyber attack is successful, nonetheless, companies must be capable of uncovering the approach used by the hacker and initiate counter measures quickly and effectively. To this end, defense teams have a whole range of security solutions at their disposal for observing the IT systems which require protection. These are linked to the SOC via interfaces to ensure that any data traffic can be observed and analyzed.

A SOC (security operation center) works like a command bridge whose security experts monitor the threat level and can intervene immediately.

Rüdiger Peusquens, Head of Cyber Defense and Warehousing, Deutsche Telekom

Billions of bits of security-relevant data

Man wearing headphones around his neck is looking at a screen.

On a daily basis, Telekom security experts analyze several billion bits of security relevant data from thousands of sources, with virtually full automation. Around 200 experts at the Master SOC in Bonn and the associated national and international locations monitor Telekom's systems and those of their customers 24/7. They identify cyber attacks, analyze attack tools, consistently protect the victims from damage and derive prognoses from the attacks regarding future patterns. During operation the Telekom experts draw from their many years' experience in combating attacks on their own infrastructure. More than 20 million different attack patterns have already been collected and utilized for the improvement of in-house systems. A smart team for the protection of a flourishing digital world.

One SOC for many

One SOC can cater to multiple clients simultaneously. There is a strict separation of respective customer data for compliance reasons. That way, the Security Operations Center from Telekom Security increases cost synergies and proves to be more effective than elaborate in-house operations. All clients profit equally on a single platform from the continuously growing experience of our security analytics. Continuous adjustments to the changing threat situation along the entire digital chain are performed daily: ranging from network monitoring and client and server system protection to safeguarding industrial systems.

ISG Provider Lens Quadrant Report

Cyber security in Germany: Resources to deal with increasing threats are becoming scarcer.

Deutsche Telekom's biggest and most modern Cyber Defense Center

Telekom Security's cyber security specialists analyze and process more than a billion security-relevant data and 3,000 data sources every day – in a procedure that is almost full automated.

More than a billion bits of security data

Circular data network combined with data sets.

The number of bits of security-related data processed by Telekom is enormous: more than one billion in our own network and systems – each day. Deutsche Telekom has successfully registered, analyzed, compressed, and processed these data volumes for many years in SOCs. From these vast quantities of data, the security analysts extract the relevant indicators for attacks and process suspicious cases in fractions of a second. In the final step, experts analyze actual breaches and initiate counter measures.

Cyber attacks are a daily occurrence

31 million

attacks carried out per day on average on Telekom's Honeynet (620 physical honeypot sensors)

135 gigabits

per second was the capacity of the biggest DDoS attack on the German internet backbone

5.3 billion

botnet packages are observed by us in the backbone of the fixed-lined and mobile networks

110,000

Telekom customer interactions incorporating information and customer protection are carried out per year, as a result of the misuse of their services

Let’s get in touch

We are happy to provide you with the right experts and to answer your questions – by phone or email.

Malware on the rise

Bar chart showing the increase in malicious files per year.

The number of malicious programs in existence is rising consistently. In 2018, the number of malicious programs was 2.5 times higher than four years prior.

Security information and event management (SIEM)

Server room with artistic looking light bands.

Security information and event management (SIEM) combines security information management (SIM) and security event management (SEM). It orchestrates the continuous collection of log data from end points such as PCs or servers, routers, switchers, applications, firewalls, and other systems and evaluates these data. SIEM enables a holistic approach to IT-security. It correlates notifications and alarms in real time and identifies extraordinary patterns or trends, which could point to a cyber attack. On the basis of these results, companies can react more quickly and precisely to cyber attacks. SIEM also uses machine learning (ML) and artificial intelligence (AI) processes. SIEM tools are available as services from the cloud.

Four steps to SOC

Man sits in front of several computer screens and monitors various data displays.
  1. Creating an asset map. Alongside technical assets, this also includes corresponding employees from the organization's security team. They supply the contextual intelligence and contact points during the design phase and when reacting to incidents.
  2. Identification of critical infrastructures, more sensitive data and accounts, which require continuous monitoring and defense. It is necessary to develop threat models to identify scenarios, which could cause damage.
  3. Definition of critical use cases and scenarios, which have the greatest impact on the continued existence of the business.
  4. Development of a strategy template, which facilitates a make-or-buy decision and shows how an SOC complements or improves the security strategy.

Worldwide development of SOCs

Info graphic about the worldwide structure of the SOC.

Telekom currently operates 4 internal SOCs and 8 external SOCs to provide services to our customers. In 2019, a new SOC in Singapore consolidated our global coverage.

Leader Security Services

Cyber Security Solutions & Services - Large Account 2019/2020

ISG Research has selected T-Systems as the leading provider of security systems for large companies and corporations. T-Systems is the market leader in terms of its portfolio and competitive strength. Services relate to consultation, training, integration, maintenance, support or managed security services, and an IT security infrastructure based on a security operations center.

Digital ecosystem

Future-proofing a company requires four building blocks: connectivity, cloud and IT infrastructure, security, and digitalization. A Security Operation center and SIEM are essential components of a future-proof Security Strategy for companies.


To our strategy

More reading material

Cyber defense for the connected vehicle: approaches to setting up a security operation center for the automotive industry