Sneak up, observe, analyze, and then strike: That is how professional hackers work nowadays. Firewalls are not sufficient anymore, modern detection systems for cyberattacks are also needed. However, the required investments in technology and experts are hardly affordable for medium-sized companies and the public domain. Services such as Managed Cyber Defense from Telekom’s Security Operations Center (SOC) are a way out.
According to the German Federal Office for Information Security (BSI), it takes an average of 208 days to detect a cyber spy – in many cases longer. “The current record is five years,” explains Dr. Alexander Schinner, IT forensic expert, who as a tracker, hunts down online attackers. Those looking to prevent damages to information and communication technology must think and act like an attacker. High-performance security analytics solutions can help to master the tremendous flood of data as they process millions of security events to create a kind of permanent ECG of the threat situation.
The security odometer displays the cyberattacks on the honeypot infrastructure of Telekom and its partners worldwide.
The current threat level due to cybercrime has reached a completely new quality due to increasingly complex and targeted attacks. With Managed Cyber Defense from the Security Operations Center, companies can rely on the highest possible degree of protection using a modular concept. It ensures trust in an increasingly networked world.
A Security Operations Center works like a command bridge whose security experts monitor the “enemy situation” worldwide on big screens, follow up on incoming alarm messages, and intervene immediately when necessary. Many clients can be supported simultaneously by one Security Operations Center while data from different clients is kept strictly separated – ensuring the proven principle of “security & privacy by design”. As a result, the Security Operations Center by Telekom Security increases cost synergies and proves to be more effective than elaborate in-house operations. All clients profit equally on a single platform from the continuously growing depth of experience of the security analytics. Continuous adjustments to the changing threat situation along the entire digital chain are performed daily: ranging from network monitoring and client and server system protection to safeguarding industrial control systems.
Pattern recognition used to hunt hackers
Telekom is attacked millions of times every day and therefore has precise information about the current threat situation and possesses a database containing countless attack patterns. This knowledge accumulated over 20 years is used to specifally protect customers – a unique selling point in the market of Managed Security Service Providers (MSSP). Customers benefit from this knowledge, as well as from modern analysis methods and the growing application of cognitive security solutions based on artificial intelligence. These solutions provide structure for and correlate growing data volumes, render causal connections visible and enable forensic analysis in real time.
Security for industrial systems
Due to the increased interlinking of private and professional life, areas that were outside the Internet in the first waves of digitization – and therefore largely protected from attacks – attract the attention of hackers. “These systems are generally equipped with outdated technology and are not able to counter cyberattacks in any way as they were simply not designed for networked operation,” says Bernd Jäger, expert for Industrial Control System Security (ICS) at Telekom. “Conventional IT security systems, such as IT firewalls, cannot be used in these areas, and in many cases, only rudimentary expertise is available for cybersecurity in industrial networks.”