Dark room with many PC monitors and a large screen with digital patterns

Identify cyber attacks early and mount a targeted defence

Around-the-clock protection against cyber-attacks with 24/7 security operations

Professional cyber defence

Preventative measures such as firewalls, virus scanners, or content security solutions provide limited defence against professional hackers. The only effective protection against cyber threats is through utilisation of a full range of tools and cyber defence experts working in close coordination with one another, searching for attackers round the clock - and then immediately neutralising the threats.

Our customers trust in our cyber defense

Targeted attacks are rarely detected by security software

Not only is the sheer number of cyber attacks rising and posing a threat to IT-security and businesses, but the "quality" of the attacks is also increasing. Hackers are becoming ever more sophisticated. Cyber spies working as hired thieves for third parties are purposefully targeting company infrastructures. Attackers place malware in their victims' networks to gain control over individual systems or entire infrastructures and collect and exfiltrate sensitive data.

For the most part, the malware goes unrecognized by standard preventative defence mechanisms, since they are distributed as "sleepers" and activated gradually. Through subsequent lateral movement, an increasing number of systems fall under the control of the attacker. During this process, the individual steps are not necessarily recognizable as a cyber-attack.  Only by putting together all available information does a picture of the attack emerge.

T-Systems South Africa Cyber Defence Center

Identify professional cyber attacks early

A Security Operation Centre (SOC) coupled with security information and event management (SIEM), Security Orchestration Automation and Response (SOAR), Artificial Intelligence (AI) and advanced threat hunting is able to identify professional cyber-attacks early, and quickly effect targeted automated counter measures. While a SOC comprises people, processes, and technologies, SIEM is a tool of IT-security, which uses many event sources to identify attacks. A SIEM provides information about potential threats to the analysts in the SOC, allowing for early threat visibility. The AI element enables rapid conclusive investigations and SOAR component automates the response and workflow to ensure remedial actions are taken without delay.

Prevention, detection, response

Close-up man observes data texts on a transparent screen.

Protection is a vitally important ingredient of Zero Impact, but in a world where a breach is almost inevitable, the time to detect and respond impacts materially on an organisation’s longevity.

SOCs monitor and analyze the activities across the entire IT landscape (networks, servers, mobile and stationary clients, data banks, applications, web servers and additional systems) and search for anomalous activities, which could point to a security breach. If Industrial Control Systems (ICS) on Operational Technology networks are available, these can also be monitored. The SOC is responsible for correctly identifying, analyzing, reporting and mitigating potential security incidents.

Command bridge for cyber defence

Security experts on a command bridge monitor the worldwide threat level on big screens, react to incoming alarm messages, and intervene immediately when necessary. If a cyber-attack is successful, companies must be able to uncover the approach used by the hacker and initiate counter measures quickly and effectively. To this end, defence teams have a whole range of security solutions at their disposal for observing the IT systems which require protection. These are linked to the SOC via interfaces to ensure that any data traffic can be observed and analyzed.

A SOC (security operation center) works like a command bridge whose security experts monitor the threat level and can intervene immediately.

Rüdiger Peusquens, Head of Cyber Defence and Warehousing, Deutsche Telekom

Billions of bits of security-relevant data

Man wearing headphones around his neck is looking at a screen.

On a daily basis, T-Systems Security experts analyze several billion bits of security relevant data from thousands of sources, with virtually full automation. Around 200 experts at the Master SOC in Bonn and the associated national and international locations monitor T-Systems’ systems and those of their customers 24/7. They identify cyber-attacks, analyze attack tools, consistently protect the victims from damage and derive prognoses from the attacks regarding future patterns. During operation the Telekom experts draw from their many years' experience in combating attacks on their own infrastructure. More than 20 million different attack patterns have already been collected and utilized for the improvement of in-house systems. A smart team for the protection of a flourishing digital world.

One SOC for many

One SOC can cater to multiple clients simultaneously. There is a strict separation of respective customer data for compliance reasons. That way, the Security Operations Center from Telekom Security increases cost synergies and proves to be more effective than elaborate in-house operations. All clients profit equally on a single platform from the continuously growing experience of our security analytics. Continuous adjustments to the changing threat situation along the entire digital chain are performed daily: ranging from network monitoring and client and server system protection to safeguarding industrial systems.

T-Systems South Africa’s next generation Cyber Defence Center

T-Systems Security's cyber security specialists analyze and process more than a billion bits of security-relevant data and 3,000 data sources every day – in a procedure that is almost fully automated. 

More than a billion bits of security data

Circular data network combined with data sets.

The number of bits of security-related data processed by T-Systems is enormous: more than one billion in our own network and systems – each day. Deutsche Telekom has successfully registered, analyzed, compressed, and processed these data volumes for many years in SOCs. From these vast quantities of data, the security analysts extract the relevant indicators for attacks and process suspicious cases in fractions of a second. In the final step, experts analyze actual breaches and initiate counter measures.

Cyber-attacks are a daily occurrence

42 million

attacks carried out per day on average on Telekom's Honeynet (620 physical honeypot sensors)

400 Gb

per second was the capacity of the biggest DDoS attack so far, against Github with 1.3 Tb worldwide

5.3 billion

botnet packages are observed by us in the backbone of the fixed-lined and mobile networks


Telekom customer interactions incorporating information and customer protection are carried out each year, as a result of the misuse of their services

We look forward to your project!

We are happy to provide you with the right experts and to answer your questions about planning, implementation, and maintenance for your digitization plans. Get in touch!

Malware on the rise

Bar chart showing the increase in malicious files per year.

The number of malicious programs in existence is rising consistently. In 2018, the number of malicious programs was 2.5 times higher than four years prior.

Security information and event management (SIEM)

Server room with artistic looking light bands.

Security information and event management (SIEM) combines security information management (SIM) and security event management (SEM). It orchestrates the continuous collection of log data from end points such as PCs or servers, routers, switchers, applications, firewalls and other systems, and evaluates the data. SIEM enables a holistic approach to IT-security. It correlates notifications and alarms in real time and identifies extraordinary patterns or trends, which could point to a cyber-attack. On the basis of these results, companies can react more quickly and precisely to cyber-attacks. SIEM also uses machine learning (ML) and artificial intelligence (AI) processes. SIEM tools are available as services from the cloud. User Entity Behaviour Analytics (UEBA) also identifies unnecessary elevated rights which usually precede an attack, and this enables more proactive counter activity to prevent a full attack.

Four steps to SOC

Man sits in front of several computer screens and monitors various data displays.
  1. Creating an asset map. Alongside technical assets, this also includes corresponding employees from the organization's security team. They supply the contextual intelligence and contact points during the design phase and when reacting to incidents.
  2. Identification of critical infrastructures, more sensitive data and accounts, which require continuous monitoring and defence. It is necessary to develop threat models to identify scenarios which could cause damage.
  3. Definition of critical use cases and scenarios which have the greatest impact on the continued existence of the business.
  4. Development of a strategy template which facilitates a make-or-buy decision, and shows how a SOC complements or improves the security strategy.

Worldwide development of SOCs

Info graphic about the worldwide structure of the SOC.

Deutsche Telekom currently operates 4 internal SOCs and 8 external SOCs to provide services to our customers. In 2020, T-Systems South Africa extended their CDC to consolidated include global coverage.

Leader in Security Services

Cyber Security Solutions & Services - Large Account 2019/2020

ISG Research has selected T-Systems as the leading provider of security systems for large companies and corporations. T-Systems is the market leader in terms of its portfolio and competitive strength. Services relate to consultation, training, integration, maintenance, support or managed security services, and an IT security infrastructure based on a security operations center.

Digital ecosystem

Future-proofing a company requires four building blocks: connectivity, cloud and infrastructure, security, and digitalization. A Security Operation center and SIEM are essential components of a future-proof Security Strategy for companies.

To our strategy
Do you visit t-systems.com outside of South Africa? Visit the local website for more information and offers for your country.