Dark room with many PC monitors and a large screen with digital patterns

Identify and defend against cyberattacks at an early stage

Complete protection against hacker attacks with 24/7 shift operation

Download the white paper

Managed cyber defense

Why should cyber security be a matter of course for your company, and what elements does it include? You can discover this and more in our white paper “Managed cyber defense: working around the clock to prevent cyber attacks.”

Security software alone is not enough

Close-up man observes data texts on a transparent screen.

Cyberattacks are on the rise and hackers are becoming ever more sophisticated. Cyber spies working as contract thieves are purposefully targeting company infrastructures. To this end, the attackers plant malware in the networks of their victims, with which they can seize control of individual systems or entire infrastructures. This allows them to collect and exfiltrate sensitive data. The problem: For the most part, the malware goes unrecognized by standard preventive defense mechanisms, since they are distributed as "sleepers" and activated gradually. Through subsequent lateral movement, an increasing number of systems fall under the control of the attacker.

We look forward to your project!

Our experts can help you to answer questions about planning, implementation and maintenance for digitalization plans. Let’s discuss.

Daily cyberattacks


cyberattacks were registered by the German police in 2019, an increase of over 15 percent compared to the previous year.1

42.6 million

attacks on Telekom's Honeynet in just one day.2

406 Gbit/s

was the largest bandwidth attack of DDoS attacks in the first quarter of 2020; this is an increase of 81 percent compared to the first quarter of 2019.3

46 percent

of companies are satisfied with their ability to detect cyber threats.4

  • 1 

    Federal Cybercrime Situation Report 2019, September 2020

  • 2 

    Telekom Security Operations Center, September 2020

  • 3 

    BKA: Special analysis of cybercrime during the COVID-19 pandemic, September 2020

  • 4 

    Forrester Research / Palo Alto Networks, The State of Security Operations, 2020

An effective network: Telekom Security

Man wearing headphones around his neck is looking at a screen.

We offer an extensive security portfolio from a single source – everything from firewalls to SOC services. Telekom Security manages Europe's largest and most advanced cyber defense center in Bonn and operates a global network of further SOCs in Asia, North and South America, Africa, and several other locations in Europe. 

  • In Bonn alone, more than 240 experts ensure the security of Telekom's systems and those of its customers.
  • The SOC analyzes 2.5 billion notices on potential security incidents every single day.
  • Our teams have identified more than 20 million attack patterns. We have one of the largest threat intelligence databases in the world.

A security operations center (SOC) works like a command bridge whose security experts monitor the threat level and can intervene immediately.

Rüdiger Peusquens, Head of Cyber Defense and SVP Security Testing, Deutsche Telekom

Server room with artistic looking light bands.

Our work benefits from our security network: we cultivate close contacts with other network operators and cyber security companies, as well as with authorities and institutions such as the BSI, and research institutions such as the Hasso Plattner Institute in Potsdam and Ben Gurion University in Israel. We are also one of the founders of the Cyber Security Cluster Bonn. 

Our customers trust in our cyber defense

Holistic security: prevention, detection, and response

To build effective cyber defenses, you need to anticipate and systematically mitigate risks from the outset. Security encompasses prevention, detection, and response. The Security Operations Center strikes when hackers get past the firewall, at the very latest. 

Security Operations Center (SOC)

The job of SOCs is to detect professional cyberattacks at an early stage. Then they initiate targeted countermeasures. They are also constantly monitoring and analyzing activities across the entire IT landscape (networks, servers, mobile and stationary clients, databanks, applications, web servers, and additional systems) and searching for anomalous activities, which could point to a security breach. Operational technologies (OT) in industrial networks can also be managed this way. The SOC is responsible for correctly identifying, analyzing, reporting, and mitigating potential security incidents. 

Security Information and Event Management (SIEM)

The SIEM is the SOC's alarm system, making it an important technological and methodological component. While SOC comprises people, processes, and technologies, SIEM is an IT-security tool, which uses many event sources to identify attacks. It orchestrates the continuous collection of log data from end points such as PCs or servers, routers, switches, applications, firewalls, and other systems and evaluates these data. SIEM enables a holistic approach to IT-security. It correlates notifications and alarms in real time and identifies unusual patterns or trends, which could point to a cyberattack. SIEM also uses machine learning (ML) and artificial intelligence (AI) processes. These tools are available as services from the cloud.

Four steps to SOC

Man sits in front of several computer screens and monitors various data displays.
  1. Creating an asset map. Alongside technical assets, this also includes corresponding employees from the organization's security team. They supply the contextual intelligence and contact points during the design phase and when reacting to incidents.
  2. Identification of critical infrastructures, more sensitive data and accounts, which require continuous monitoring and defense. It is necessary to develop threat models to identify scenarios which could cause damage.
  3. Definition of critical use cases and scenarios which have the greatest impact on the continued existence of the business.
  4. Development of a strategy template which facilitates a make-or-buy decision, and shows how a SOC complements or improves the security strategy.

One SOC for many

Circular data network combined with data sets.

The security operations center at Telekom Security serves a wide range of clients in various industries. Data from different customers is kept strictly separate for compliance reasons. That way, the security operations center from Telekom Security creates cost synergies and proves to be more effective than elaborate in-house operations. All clients profit equally on a single platform from the continuously growing experience of our security analytics. We offer security along the entire digital chain: ranging from network monitoring to client and server system protection to safeguarding industrial systems. 

From the billions of pieces of data, our analysis teams extract the relevant indicators for attacks and process suspicious cases in fractions of a second. In the final step, they analyze actual breaches and initiate countermeasures.

Leader in security services

Cyber Security Solutions & Services - Large Account 2019/2020

ISG Research has selected T-Systems as the leading provider of security systems for large companies and corporations. T-Systems is the market leader in terms of its portfolio and competitive strength. Services relate to consultation, training, integration, maintenance, support or managed security services, and an IT security infrastructure based on a security operations center.

Impulse Newsletter

Subscribe to our newsletter for the latest trends, topics and use cases relating to digitalization.

Do you visit t-systems.com outside of Singapore? Visit the local website for more information and offers for your country.