Dark room with many PC monitors and a large screen with digital patterns

Identify cyber attacks early and mount a targeted defense

Around-the-clock protection against cyber-attacks with 24/7 security operations

  1. Homepage
  2. Security
  3. Managed Cyber Defense

Professional cyber defense

Preventative measures such as firewalls, virus scanners, or content security solutions provide limited defense against professional hackers. The only effective protection against cyber threats is through utilisation of a full range of tools and cyber defense experts working in close coordination with one another, searching for attackers round the clock - and then immediately neutralising the threats.

Targeted attacks are rarely detected by security software

Not only is the sheer number of cyber attacks rising and posing a threat to IT-security and businesses, but the "quality" of the attacks is also increasing. Hackers are becoming ever more sophisticated. Cyber spies working as hired thieves for third parties are purposefully targeting company infrastructures. Attackers place malware in their victims' networks to gain control over individual systems or entire infrastructures and collect and exfiltrate sensitive data.

For the most part, the malware goes unrecognized by standard preventative defense mechanisms, since they are distributed as "sleepers" and activated gradually. Through subsequent lateral movement, an increasing number of systems fall under the control of the attacker. During this process, the individual steps are not necessarily recognizable as a cyber-attack.  Only by putting together all available information does a picture of the attack emerge.

T-Systems Singapore Cyber Defense Centre: Securing your Digital Business

Identify professional cyber attacks early

A Security Operation Centre (SOC) coupled with security information and event management (SIEM) is able to identify professional cyber-attacks early, and quickly effect targeted counter measures. While a SOC comprises people, processes, and technologies, SIEM is a tool of IT-security, which uses many event sources to identify attacks. A SIEM provides information about potential threats to the analysts in the SOC, allowing for early threat visibility. The SIEM is a technological and methodological component of the SOC.

Prevention, detection, response

Close-up man observes data texts on a transparent screen.

SOCs monitor and analyze the activities across the entire IT landscape (networks, servers, mobile and stationary clients, data banks, applications, web servers and additional systems) and search for anomalous activities, which could point to a security breach. If Industrial Control Systems (ICS) on Operational Technology networks are available, these can also be monitored. The SOC is responsible for correctly identifying, analyzing, reporting and mitigating potential security incidents.

Command bridge for cyber defense

Security experts on a command bridge monitor the worldwide threat level on big screens, react to incoming alarm messages, and intervene immediately when necessary. If a cyber-attack is successful, companies must be able to uncover the approach used by the hacker and initiate counter measures quickly and effectively. To this end, defense teams have a whole range of security solutions at their disposal for observing the IT systems which require protection. These are linked to the SOC via interfaces to ensure that any data traffic can be observed and analyzed.

A SOC (security operation center) works like a command bridge whose security experts monitor the threat level and can intervene immediately.

Rüdiger Peusquens, Head of Cyber Defense and Warehousing, Deutsche Telekom

Billions of bits of security-relevant data

Man wearing headphones around his neck is looking at a screen.

On a daily basis, T-Systems Security experts analyze several billion bits of security relevant data from thousands of sources, with virtually full automation. Around 200 experts at the Master SOC in Bonn and the associated national and international locations monitor Telekom's systems and those of their customers 24/7. They identify cyber-attacks, analyze attack tools, consistently protect the victims from damage and derive prognoses from the attacks regarding future patterns. During operation the Telekom experts draw from their many years' experience in combating attacks on their own infrastructure. More than 20 million different attack patterns have already been collected and utilized for the improvement of in-house systems. A smart team for the protection of a flourishing digital world.

One SOC for many

One SOC can cater to multiple clients simultaneously. There is a strict separation of respective customer data for compliance reasons. That way, the Security Operations Center from T-Systems Security increases cost synergies and proves to be more effective than elaborate in-house operations. All clients profit equally on a single platform from the continuously growing experience of our security analytics. Continuous adjustments to the changing threat situation along the entire digital chain are performed daily: ranging from network monitoring and client and server system protection to safeguarding industrial systems.

Deutsche Telekom's biggest and most modern Cyber Defense Center

T-Systems Security's cyber security specialists analyze and process more than a billion bits of security-relevant data and 3,000 data sources every day – in a procedure that is almost fully automated.

More than a billion bits of security data

Circular data network combined with data sets.

The number of bits of security-related data processed by Telekom is enormous: more than one billion in our own network and systems – each day. Deutsche Telekom has successfully registered, analyzed, compressed, and processed these data volumes for many years in SOCs. From these vast quantities of data, the security analysts extract the relevant indicators for attacks and process suspicious cases in fractions of a second. In the final step, experts analyze actual breaches and initiate counter measures.

Cyber-attacks are a daily occurrence

42 million

attacks carried out per day on average on Telekom's Honeynet (620 physical honeypot sensors)

400 Gb

per second was the capacity of the biggest DDoS attack so far, against Github with 1.3 Tb worldwide

5.3 billion

botnet packages are observed by us in the backbone of the fixed-lined and mobile networks

100,000

Telekom customer interactions incorporating information and customer protection are carried out each year, as a result of the misuse of their services

We look forward to your project!

An expert will answer your questions about the planning, implementation and maintenance of your digitization projects. Contact us today.

Contact us

Malware on the rise

Bar chart showing the increase in malicious files per year.

The number of malicious programs in existence is rising consistently. In 2018, the number of malicious programs was 2.5 times higher than four years prior.

Security information and event management (SIEM)

Server room with artistic looking light bands.

Security information and event management (SIEM) combines security information management (SIM) and security event management (SEM). It orchestrates the continuous collection of log data from end points such as PCs or servers, routers, switchers, applications, firewalls and other systems, and evaluates the data. SIEM enables a holistic approach to IT-security. It correlates notifications and alarms in real time and identifies extraordinary patterns or trends, which could point to a cyber-attack. On the basis of these results, companies can react more quickly and precisely to cyber-attacks. SIEM also uses machine learning (ML) and artificial intelligence (AI) processes. SIEM tools are available as services from the cloud.

Four steps to SOC

Man sits in front of several computer screens and monitors various data displays.
  1. Creating an asset map. Alongside technical assets, this also includes corresponding employees from the organization's security team. They supply the contextual intelligence and contact points during the design phase and when reacting to incidents.
  2. Identification of critical infrastructures, more sensitive data and accounts, which require continuous monitoring and defense. It is necessary to develop threat models to identify scenarios which could cause damage.
  3. Definition of critical use cases and scenarios which have the greatest impact on the continued existence of the business.
  4. Development of a strategy template which facilitates a make-or-buy decision, and shows how a SOC complements or improves the security strategy.

Worldwide development of SOCs

Info graphic about the worldwide structure of the SOC.

Telekom currently operates 4 internal SOCs and 8 external SOCs to provide services to our customers. In 2019, a new SOC in Singapore consolidated our global coverage.

Leader in Security Services

Cyber Security Solutions & Services - Large Account 2019/2020

ISG Research has selected T-Systems as the leading provider of security systems for large companies and corporations. T-Systems is the market leader in terms of its portfolio and competitive strength. Services relate to consultation, training, integration, maintenance, support or managed security services, and an IT security infrastructure based on a security operations center.

Managed Cybersecurity Defense

We offer end-to-end managed cyber defense services from consulting to integration and operating services.

Download now!

Digital ecosystem

Future-proofing a company requires four building blocks: connectivity, cloud and infrastructure, security, and digitalization. A Security Operation center and SIEM are essential components of a future-proof Security Strategy for companies.


To our strategy
ConnectivityDigitalCloud & InfrastructureSecurity

More reading material

Cyber defense for the connected vehicle: approaches to setting up a security operation center for the automotive industry

Download white paper