Vitesco Technologies is headquartered in Regensburg and wants to play an internationally leading role in the electrification of vehicles. To achieve this, the company is pursuing a clear strategy with a focus on sustainability. Until 2021, Vitesco Technologies was a division of Continental AG. Then Continental decided to bundle the expertise for drive technology into a separate company. A new industry heavyweight came into being. The company researches, develops, and produces across 50 locations worldwide. In 2021, 37,000 employees generated a turnover of around 8.3 billion euros. In 2021, the spin-off became a legal entity. The company had to stand completely on its own two feet. This also affected the IT systems which contribute significantly towards the company's added value. As a strategic IT partner, T-Systems supports Vitesco Technologies with the setup of its IT landscape and takes responsibility for the business-critical IT systems.
With the conscious decision to outsource SOC services and platform operation, the team at Vitesco Technologies is concentrating on strategic security tasks and is relieved of the burden of performing basic services. With advice from Deutsche Telekom Security, a suitable security architecture was created for the company, which was suited to the requirements of modern cloud sourcing. Competence in both technical realization and consultation was a key concern for those in charge of the project. This goes beyond technology and security management processes.
T-Systems and Deutsche Telekom Security have demonstrated their comprehensive security know-how throughout the realization of our modern security architecture.
Thomas Buck, Senior Vice President Information Technology, Vitesco Technologies
In addition to setting up and operating the IT systems, Vitesco Technologies was also faced with designing information security and IT security for the spin-off. This comprised not only building up personnel and making decisions on specific tools, but also strategic decisions – including which security services the company wanted to focus on itself. The spin-off from Continental offered Vitesco Technologies the unique chance to implement a state-of-the-art security architecture. Here, the company was aiming to benefit from innovative technologies. The rebuild thus enabled them to plan a setup for the future. Vitesco Technologies not only needed classic security solutions, but also specific solutions, owing to its cloud strategy, in order to secure its services and operational infrastructures within the public cloud.
With the help of T-Systems as a strategic IT partner and Deutsche Telekom Security, the security team from Vitesco Technologies developed and implemented a security architecture fit for the future. In doing so, it quickly became apparent that the internal security team wanted to concentrate on demanding security tasks. Upstream services should be performed in an external security operations center. Two services were bundled within the SOC: Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR).
For SIEM, Vitesco Technologies relies on a highly innovative system. The SIEM system collects logs from various sources and transmits these to a SOAR system at Deutsche Telekom Security. The interpretation of the log data generates corresponding pre-defined detection scenario alarms. These alarms are sent to the SOAR team at Deutsche Telekom Security. There they are evaluated by security and data analysts. Verified alarms are forwarded as an incident to the security team at Vitesco Technologies. The identification of individual detection scenarios by Deutsche Telekom Security was a core aspect during the setup of the security architecture.
The standard SOC services offered by Deutsche Telekom Security not only include the operation of security platforms, but also a team that supports the customer with additional developments and system optimization. In addition, Vitesco Technologies uses the Threat Intelligence Database from Deutsche Telekom Security, one of the largest databases of its kind in the world. Beyond SOC services, the development company has commissioned an incident response service. This allows the security team access to experts on short notice, who provide assistance in the event of a severe security incident.
