Corporate Responsibility

Alexia Sailer


Breathing down attackers' necks – cyber defense at Deutsche Telekom

  • Share
    Two clicks for more data privacy: click here to activate the button and send your recommendation. Data will be transfered as soon as the activation occurs.
  • Print
  • Read out

The hackers set up - the defenders, too! We have looked beyond the shoulders of employees of the Telekom's cyber-defense, and we learned how modern cyber-defense is developing.

Image "Cyber defense at Deutsche Telekom"

The Security Operations Center – or SOC – is the heart of Deutsche Telekom's cyber defenses.

Suddenly, everybody has to move very fast. Pulses start climbing. Concentration intensifies. An alarm is sounding. It's a hacker attack! For Dániel K. and his colleagues, it's all routine – and somehow always a thrill. They work in the company's Security Operations Center, and thus toil on the very front lines. When the system shows an alarm, the analyses run at top speed. What exactly has happened? Just how far did the attacker get? How can he be stopped? Fortunately for the company, the team is on permanent alert. 365 days of the year, 7 days a week, 24 hours a day. The team monitors Deutsche Telekom's infrastructure around the clock.

The heart of cyber defense

The Security Operations Center – or SOC – is the heart of Deutsche Telekom's cyber defenses. It reviews and assesses cyberattack-alarm messages that come in from around the world, with a special focus on attacks against Deutsche Telekom's infrastructure, and it initiates countermeasures in cooperation with additional teams. Its work is vital, since hackers never go on vacation (at least not all at once!). For companies today, the question no longer is "will we fall victim to a successful attack?" It now is "when is such an attack going to happen?" When such an attack does occur, defense teams have to act fast – to pinpoint the attack, remove the attack malware, and then clean up all the traces. Every day, the team's experts, using state-of-the-art analytical methods, analyze about a billion security-relevant events drawn from more than 3,000 data sources. They also attend to the some 1,000 inquiries they receive daily regarding a wide range of security topics. On average, they issue 21 instructions per day to Deutsche Telekom's various departments, concerning procedures for dealing with weaknesses in standard software. 

The SOC experts work in shifts. Today, Dániel K's. shift starts at 2 p.m. As he hangs up his jacket, he glances over to his colleagues and says a friendly "hi." Then he hunkers down behind the three screens that take up much of his desk. Today – as on just about any day – he receives some ten thousand alarm messages. Messages that Dániel K. has to look into. "In bad-case scenarios, security vulnerabilities can lead to enormous damage, quickly mounting into the millions – not including the attendant damage to the company's image," Dániel K. explains. By way of example, he notes that vulnerabilities can be used to reconfigure websites, for posting of damaging content or simply for the purpose of completely paralyzing sites.

Always stay a step ahead of the attacker

Things would get very serious if an attacker succeeded in pilfering customer data from web applications. In the past, security vulnerabilities have led to numerous highly publicized hacks and instances of data theft. "Needless to say, we want to prevent all of these things," Dániel K. adds, clicking all the while to shift from screen to screen. The duties of the SOC staff and their colleagues in cyber defenses also include finding and implementing suitable fixes for vulnerabilities, always working as fast as possible. "Ideally, we would always be able to stay a step ahead of any attackers, but that's hardly possible. But we certainly can breathe down their necks, in ways they can definitely feel, so that's part of our job."

Cyber defense for customers

The cyber defense team's work at Deutsche Telekom includes more than simply protecting the company's own servers and infrastructure. A recently established new business area, Telekom Security, now offers such services for customers as well. For companies that are unable to build their own cyber defense team, or prefer to outsource this area, Deutsche Telekom provides a complete range of services, from prevention to detection to defense. And it does so with a team that includes both highly experienced experts and smart young analysts. Since the early 1990s, Deutsche Telekom has been continually improving and upgrading its cyber defenses. In the process, it has analyzed and assessed more than 20 million samples of malware code and archived the results in a "Threat Library." That library now houses a wealth of experience, in more than one sense, and it is a treasure house that customers can now profit from.

This fall, Deutsche Telekom's new Cyber Defense Center, including a major Security Operations Center, will begin operations in a new facility in Bonn. In it, the most advanced center of its type, over 50 experts, representing a range of different specializations, will then work for Deutsche Telekom – and its customers.

24/7 in action

After working for three hours, Dániel K. takes a break. As he heads for the coffee machine, Dániel K. asks a colleague if he has been able to fix that leaking water pipe at his home. The two colleagues have worked together for many years and know each other quite well. "When you work with other people in the same team, 24/7, there comes a time when you no longer just talk about the weather," he explains with laugh, as the cappuccino stream fills his cup. A little sugar, and then it's back to those screens. As the monitoring systems continue to hum, Dániel K. logs into various social media portals and combs through the network. "We have to stay up to date. The whole area of security keeps developing at a breakneck pace. And in social media, you often find information about attacks, and even information about attackers."

These aspects are all in a day's work for the cyber defense experts. So what keeps these cyber warriors motivated? Dániel K. knows what it is. "We're the guys on the very front lines. We're the first ones to notice any hacker attacks, and we are the ones who give instructions on how to respond." If not for him and his team, hackers would have the run of the place, and they would quickly cause huge damage. Unfortunately, there will always be security vulnerabilities. As things get more and more digital, they also get more and more vulnerable. "Frankly, I can't say that I always love working shifts, but I do love the thought that I'm helping to prevent the sort of criminally caused crisis that would cost the company millions. So I know why I'm doing what I do. We stay on hackers' heels – always," Dániel K. adds. He still has four hours to go. Outside, it's starting to get dark.

Would you like to become part of Deutsche Telekom's cyber defense team? Or would you be interested in some other exciting security-related position at Deutsche Telekom? This link takes you to our current job openings. 

Symbol image SOC

Telekom Security expands its Managed Security services

Telekom Security extends its Managed Security Services – new DAX-customer uses the Security Operations Center.