Alexia Sailer


One SOC fits all

Digitization has a huge impact on the security of businesses. Which and what Telekom's answer to these new challenges looks like, you will learn here.


For ages, safety and security were achieved by applying the same basic principle: protective clothing, special packaging, high walls. Centuries ago, knights would wear chain mail and a suit of armor. Banks placed their most valuable items in specially secured chests, later in safes. For decades now, construction workers have been wearing hard hats and steel-tipped boots. And, today, the development centers of SMEs often resemble high-security prisons. For a long time, these methods offered security and protection – until digitalization arrived and turned everything on its head. 

Processes, business models and threats have changed irrevocably. Just-in-time production, for instance, requires all the suppliers and manufacturers involved to work together like clockwork. Any malfunction in the digital management of such processes can have enormous repercussions. What happens, for example, if an automotive supplier’s system is hacked and it cannot produce or deliver any more parts? Or what if processes that were previously analog – like shopping – increasingly move online and become vulnerable at entirely new points in the chain? In the old days, thieves would snatch something from the shelf of a store; today, criminals blackmail companies with DDoS attacks or encryption trojans – or bait buyers with bogus offers. In the digital age, one rarely gets to see the criminals in person. They can wreak havoc with a few keystrokes and then cover their tracks online.

In the face of these new challenges, both private individuals and companies have to adopt a whole new mindset. Though they have been ignoring this invisible threat for quite a while, it hasn’t gone away. In many cases, the consequences have been painful: data or ideas have been stolen or encrypted with intent to blackmail the owner; goods have been paid for but never received. 

The next step is to find out how to protect against these threats? What private individuals can achieve with good intentions and a modicum of caution, is a much greater challenge for companies. Their IT systems are complex and often extensive, have grown bigger from year to year, and harbor latent structural errors. What is more, many companies do not have the experts and tools needed to secure these complex systems – a problem exacerbated by the current shortage of qualified workers in the market. And they have to contend with an almost industrial-scale army of felons, who are constantly honing their methods and modes of attack. As a result, companies are finding it increasingly difficult to get comprehensive protection. 

Deutsche Telekom’s answer to these challenges is its integrated Cyber Defense and Security Operations Center (SOC). That’s a rather long name for our new, enhanced cyber defense center in Bonn, Germany. At the center, specialists from Telekom Security detect and repel attacks, almost in real time. They also analyze the modus operandi of the attackers so as to gain insights for future attacks. Every day, around one billion data records from 3,000 sources pass through the specialists’ all but fully automated analytics tools. If a data record arouses suspicion, a previously defined, clearly structured procedure is set in train: events are isolated, analyzed, understood and rectified – and, where necessary, new rules for more effective defense are derived from the events. The experts call these procedures “run books.” Deutsche Telekom has defined set responses for a huge range of different events – to protect both itself and the more than 30 customers that are already sourcing services from the Cyber Defense Center, among them Linde Group. Deutsche Telekom’s malware library, an information pool comprising some 20 million strings of malicious code, is based on earlier findings and simulations. The knowledge contained in this library can help, for instance, to prepare defense systems for attacks by these or similar code strings and to test whether such codes may have already infiltrated internal systems. Deutsche Telekom utilizes various tools for these analyses – including in its own network. Unused parts of the Company’s own IP address range are monitored 24/7 by means of a proprietary process called black-hole monitoring. Incoming data packets are analyzed and classified here. This locally collected data – in combination with a worldwide network of honeypots – provides in-depth insights into the addresses currently being targeted and the intensity of the attacks, and can thus help a company protect its own systems better before problems arise. But, of course, even the Telekom Security experts cannot guarantee 100-percent security against cyber attacks and espionage – nobody can. But what Deutsche Telekom can guarantee is 100-percent commitment. That means its experienced specialists deploy cutting-edge analytics and defense methods, use the latest tools to uncover clues of attackers, and constantly enhance their tools with the knowledge they gain. That is so much more than individual companies, especially SMEs, could accomplish on their own. In all it does in this field, Deutsche Telekom’s overriding goal is to achieve secure infrastructure.