Preventative measures such as firewalls, virus scanners, or content security solutions provide limited defense against professional hackers. The only effective protection against cyber threats is through utilisation of a full range of tools and cyber defense experts working in close coordination with one another, searching for attackers round the clock - and then immediately neutralising the threats.
Not only is the sheer number of cyber attacks rising and posing a threat to IT-security and businesses, but the "quality" of the attacks is also increasing. Hackers are becoming ever more sophisticated. Cyber spies working as hired thieves for third parties are purposefully targeting company infrastructures. Attackers place malware in their victims' networks to gain control over individual systems or entire infrastructures and collect and exfiltrate sensitive data.
For the most part, the malware goes unrecognized by standard preventative defense mechanisms, since they are distributed as "sleepers" and activated gradually. Through subsequent lateral movement, an increasing number of systems fall under the control of the attacker. During this process, the individual steps are not necessarily recognizable as a cyber-attack. Only by putting together all available information does a picture of the attack emerge.
A Security Operation Centre (SOC) coupled with security information and event management (SIEM) is able to identify professional cyber-attacks early, and quickly effect targeted counter measures. While a SOC comprises people, processes, and technologies, SIEM is a tool of IT-security, which uses many event sources to identify attacks. A SIEM provides information about potential threats to the analysts in the SOC, allowing for early threat visibility. The SIEM is a technological and methodological component of the SOC.
SOCs monitor and analyze the activities across the entire IT landscape (networks, servers, mobile and stationary clients, data banks, applications, web servers and additional systems) and search for anomalous activities, which could point to a security breach. If Industrial Control Systems (ICS) on Operational Technology networks are available, these can also be monitored. The SOC is responsible for correctly identifying, analyzing, reporting and mitigating potential security incidents.
Security experts on a command bridge monitor the worldwide threat level on big screens, react to incoming alarm messages, and intervene immediately when necessary. If a cyber-attack is successful, companies must be able to uncover the approach used by the hacker and initiate counter measures quickly and effectively. To this end, defense teams have a whole range of security solutions at their disposal for observing the IT systems which require protection. These are linked to the SOC via interfaces to ensure that any data traffic can be observed and analyzed.
A SOC (security operation center) works like a command bridge whose security experts monitor the threat level and can intervene immediately.
On a daily basis, T-Systems Security experts analyze several billion bits of security relevant data from thousands of sources, with virtually full automation. Around 200 experts at the Master SOC in Bonn and the associated national and international locations monitor Telekom's systems and those of their customers 24/7. They identify cyber-attacks, analyze attack tools, consistently protect the victims from damage and derive prognoses from the attacks regarding future patterns. During operation the Telekom experts draw from their many years' experience in combating attacks on their own infrastructure. More than 20 million different attack patterns have already been collected and utilized for the improvement of in-house systems. A smart team for the protection of a flourishing digital world.
One SOC can cater to multiple clients simultaneously. There is a strict separation of respective customer data for compliance reasons. That way, the Security Operations Center from T-Systems Security increases cost synergies and proves to be more effective than elaborate in-house operations. All clients profit equally on a single platform from the continuously growing experience of our security analytics. Continuous adjustments to the changing threat situation along the entire digital chain are performed daily: ranging from network monitoring and client and server system protection to safeguarding industrial systems.
T-Systems Security's cyber security specialists analyze and process more than a billion bits of security-relevant data and 3,000 data sources every day – in a procedure that is almost fully automated.
The number of bits of security-related data processed by Telekom is enormous: more than one billion in our own network and systems – each day. Deutsche Telekom has successfully registered, analyzed, compressed, and processed these data volumes for many years in SOCs. From these vast quantities of data, the security analysts extract the relevant indicators for attacks and process suspicious cases in fractions of a second. In the final step, experts analyze actual breaches and initiate counter measures.
The number of malicious programs in existence is rising consistently. In 2018, the number of malicious programs was 2.5 times higher than four years prior.
Security information and event management (SIEM) combines security information management (SIM) and security event management (SEM). It orchestrates the continuous collection of log data from end points such as PCs or servers, routers, switchers, applications, firewalls and other systems, and evaluates the data. SIEM enables a holistic approach to IT-security. It correlates notifications and alarms in real time and identifies extraordinary patterns or trends, which could point to a cyber-attack. On the basis of these results, companies can react more quickly and precisely to cyber-attacks. SIEM also uses machine learning (ML) and artificial intelligence (AI) processes. SIEM tools are available as services from the cloud.
Telekom currently operates 4 internal SOCs and 8 external SOCs to provide services to our customers. In 2019, a new SOC in Singapore consolidated our global coverage.
ISG Research has selected T-Systems as the leading provider of security systems for large companies and corporations. T-Systems is the market leader in terms of its portfolio and competitive strength. Services relate to consultation, training, integration, maintenance, support or managed security services, and an IT security infrastructure based on a security operations center.
Future-proofing a company requires four building blocks: connectivity, cloud and infrastructure, security, and digitalization. A Security Operation center and SIEM are essential components of a future-proof Security Strategy for companies.