The technological change and increasing digitalization lead to new complexities and attack surfaces relating to cyber attacks. Conventional security solutions such as antivirus software & firewalls are suitable to defend basic malware that is known & documented but insufficient in order to prevent today’s highly sophisticated, dynamic & targeted cyber attacks.
![Analytical tools in the Cyber Defense Center detect attacks much more quickly than earlier resources were able to.]([{"name":"landscape_ratio4x3","ratioWidth":4,"ratioHeight":3,"linksForWidth":{"320":"/resource/image/332088/landscape_ratio4x3/320/240/1853db0f85cb6ef516c91ca01466c06c/99EF2D9106B838D2DC43F29E42EE5158/bi-cdc-850x550-jpg.jpg","768":"/resource/image/332088/landscape_ratio4x3/768/576/1853db0f85cb6ef516c91ca01466c06c/C8DAFB7E9D481A9AEABE0EEA5572FEA9/bi-cdc-850x550-jpg.jpg","1008":"/resource/image/332088/landscape_ratio4x3/1008/756/1853db0f85cb6ef516c91ca01466c06c/E5B3BB17D89652B093C30364403EA68A/bi-cdc-850x550-jpg.jpg","1296":"/resource/image/332088/landscape_ratio4x3/1296/972/1853db0f85cb6ef516c91ca01466c06c/3C848F30521E623C55DF460A01AA04ED/bi-cdc-850x550-jpg.jpg","3000":"/resource/image/332088/landscape_ratio4x3/3000/2250/1853db0f85cb6ef516c91ca01466c06c/EA645CFF1E1FE1D2685D26BDE12DD1E5/bi-cdc-850x550-jpg.jpg"}}] "Analytical tools in the Cyber Defense Center detect attacks much more quickly than earlier resources were able to.")
Analytical tools in the Cyber Defense Center detect attacks much more quickly than earlier resources were able to. The new tools scan both the company's infrastructure and the relevant public discussion on Twitter. Real-time analyses make it possible to initiate countermeasures quickly especially in case of attacks.
![Social News Reader: Twitter feeds often report about new security leaks before any official agencies have been able to issue an]([{"name":"landscape_ratio4x3","ratioWidth":4,"ratioHeight":3,"linksForWidth":{"320":"/resource/image/332082/landscape_ratio4x3/320/240/3ec900874aaa6d0faec98548dffe1f0c/66D082A3AA9D8658B41F696F0C10EF9F/bi-newsreader-850x550-jpg.jpg","768":"/resource/image/332082/landscape_ratio4x3/768/576/3ec900874aaa6d0faec98548dffe1f0c/9CF7D6B168F6DE928F1E12A8B25ED389/bi-newsreader-850x550-jpg.jpg","1008":"/resource/image/332082/landscape_ratio4x3/1008/756/3ec900874aaa6d0faec98548dffe1f0c/76AB9CD1996C6C34093B8FF08A506F77/bi-newsreader-850x550-jpg.jpg","1296":"/resource/image/332082/landscape_ratio4x3/1296/972/3ec900874aaa6d0faec98548dffe1f0c/AF2891871E507506B971FC8370CEAEC1/bi-newsreader-850x550-jpg.jpg","3000":"/resource/image/332082/landscape_ratio4x3/3000/2250/3ec900874aaa6d0faec98548dffe1f0c/0FD407B82BC64FF140C6300EA8F72D63/bi-newsreader-850x550-jpg.jpg"}}] "Social News Reader: Twitter feeds often report about new security leaks before any official agencies have been able to issue any warnings.")
Social News Reader: Twitter feeds often report about new security leaks before any official agencies have been able to issue any warnings. With its Social News Reader, Deutsche Telekom scans tweets for relevant key words. The results are displayed in graphic form.
![The security dashboard: Some 180 "honeypot" sensors in the Internet simulate vulnerabilities in cyberspace.]([{"name":"landscape_ratio4x3","ratioWidth":4,"ratioHeight":3,"linksForWidth":{"320":"/resource/image/332076/landscape_ratio4x3/320/240/98b807038d92368fb1898ed6435058d1/481139FC4F10EC08ED204BDBFEAB1264/bi-sicherheitstacho-850x550-jpg.jpg","768":"/resource/image/332076/landscape_ratio4x3/768/576/98b807038d92368fb1898ed6435058d1/F82156682427180B4D878B0F571A8C3B/bi-sicherheitstacho-850x550-jpg.jpg","1008":"/resource/image/332076/landscape_ratio4x3/1008/756/98b807038d92368fb1898ed6435058d1/B549AD16CD86EB673355F0A6F6289F69/bi-sicherheitstacho-850x550-jpg.jpg","1296":"/resource/image/332076/landscape_ratio4x3/1296/972/98b807038d92368fb1898ed6435058d1/0A9948A9BE90E1985F727C4790573A15/bi-sicherheitstacho-850x550-jpg.jpg","3000":"/resource/image/332076/landscape_ratio4x3/3000/2250/98b807038d92368fb1898ed6435058d1/FEB4010F1AD5042FFFB0AEDBB23DFD23/bi-sicherheitstacho-850x550-jpg.jpg"}}] "The security dashboard: Some 180 \"honeypot\" sensors in the Internet simulate vulnerabilities in cyberspace.")
The security dashboard: Some 180 "honeypot" sensors in the Internet simulate vulnerabilities in cyberspace. The security dashboard shows the types of attacks that are taking place, the frequency with which they are occurring and the countries where they are originating. The 180 honeypots register about one million attacks per day.
![Check for vulnerabilities: Deutsche Telekom operates more than 5,000 Web portals.]([{"name":"landscape_ratio4x3","ratioWidth":4,"ratioHeight":3,"linksForWidth":{"320":"/resource/image/332080/landscape_ratio4x3/320/240/9bae52adbcea5564b6352c81549aabe5/E1B450464F27BB55D08DE49783A34490/bi-qualys-850x550-jpg.jpg","768":"/resource/image/332080/landscape_ratio4x3/768/576/9bae52adbcea5564b6352c81549aabe5/2F357F23A8D50778432651CCCDBDB07A/bi-qualys-850x550-jpg.jpg","1008":"/resource/image/332080/landscape_ratio4x3/1008/756/9bae52adbcea5564b6352c81549aabe5/DD2B56D775E4351F400F6A7B22054B07/bi-qualys-850x550-jpg.jpg","1296":"/resource/image/332080/landscape_ratio4x3/1296/972/9bae52adbcea5564b6352c81549aabe5/A58EDAB82ACF352EA2A7874CDBB80423/bi-qualys-850x550-jpg.jpg","3000":"/resource/image/332080/landscape_ratio4x3/3000/2250/9bae52adbcea5564b6352c81549aabe5/37D8CFDC8DBAA6C1E1E697D79C8B66D5/bi-qualys-850x550-jpg.jpg"}}] "Check for vulnerabilities: Deutsche Telekom operates more than 5,000 Web portals.")
Check for vulnerabilities: Deutsche Telekom operates more than 5,000 Web portals. All of its portals are automatically checked, on a weekly basis, for any vulnerabilities. When a vulnerability is discovered, the company's Cyber Emergency Response Team (CERT) responds immediately.
![Security vulnerabilities, affecting all types of computers, become known on an ongoing basis, and manufacturers respond by issu]([{"name":"landscape_ratio4x3","ratioWidth":4,"ratioHeight":3,"linksForWidth":{"320":"/resource/image/332078/landscape_ratio4x3/320/240/97dbe12864d7fabd803986f2fd8ac957/F6BF1638C2183879F030BF8893BC9C20/bi-rsa-850x550-jpg.jpg","768":"/resource/image/332078/landscape_ratio4x3/768/576/97dbe12864d7fabd803986f2fd8ac957/BE53D0CE72DC28DEAD5B118A252E079B/bi-rsa-850x550-jpg.jpg","1008":"/resource/image/332078/landscape_ratio4x3/1008/756/97dbe12864d7fabd803986f2fd8ac957/9F073AE422DB475890F157C3D33F8562/bi-rsa-850x550-jpg.jpg","1296":"/resource/image/332078/landscape_ratio4x3/1296/972/97dbe12864d7fabd803986f2fd8ac957/C48B35643619F47936E55A8983B489A6/bi-rsa-850x550-jpg.jpg","3000":"/resource/image/332078/landscape_ratio4x3/3000/2250/97dbe12864d7fabd803986f2fd8ac957/653D8DFEF1E098D06341559455658776/bi-rsa-850x550-jpg.jpg"}}] "Security vulnerabilities, affecting all types of computers, become known on an ongoing basis, and manufacturers respond by issuing software updates.")
Security vulnerabilities, affecting all types of computers, become known on an ongoing basis, and manufacturers respond by issuing software updates. In server environments, such updates often have to be executed manually. The CERT informs system administrators regarding new updates and monitors their installation.
![Security-relevant servers within the corporate network log all of their activities and any external requests they receive.]([{"name":"landscape_ratio4x3","ratioWidth":4,"ratioHeight":3,"linksForWidth":{"320":"/resource/image/332084/landscape_ratio4x3/320/240/3a0e098d28fb93413258fe0f53a038a/7A0991575EA1E95B2092A42DB1CBDC02/bi-log-850x550-jpg.jpg","768":"/resource/image/332084/landscape_ratio4x3/768/576/3a0e098d28fb93413258fe0f53a038a/2D131477EB323752C9A5B41C39C1C0A6/bi-log-850x550-jpg.jpg","1008":"/resource/image/332084/landscape_ratio4x3/1008/756/3a0e098d28fb93413258fe0f53a038a/CEFE7B64F0A3134A5E26F57179C6AA28/bi-log-850x550-jpg.jpg","1296":"/resource/image/332084/landscape_ratio4x3/1296/972/3a0e098d28fb93413258fe0f53a038a/19C65494A51356370590A40E82B7BF67/bi-log-850x550-jpg.jpg","3000":"/resource/image/332084/landscape_ratio4x3/3000/2250/3a0e098d28fb93413258fe0f53a038a/21964409AC5A19417A730C80818C037A/bi-log-850x550-jpg.jpg"}}] "Security-relevant servers within the corporate network log all of their activities and any external requests they receive.")
Security-relevant servers within the corporate network log all of their activities and any external requests they receive. Deutsche Telekom analyzes such log data for any anomalies, and is thereby able to detect hacker attacks very promptly. When certain specific behavior patterns are detected, a "hunter team" takes over and wards off any threats.
![Honeypot: The company has more than 180 of these decoy traps online, which attract attacks by simulating security vulnerabiliti]([{"name":"landscape_ratio4x3","ratioWidth":4,"ratioHeight":3,"linksForWidth":{"320":"/resource/image/332086/landscape_ratio4x3/320/240/d06611178126f5f81a5a55e1f4fef435/4D4678F527C16523CF6C8D7D62B8F36D/bi-honeypot-850x550-jpg.jpg","768":"/resource/image/332086/landscape_ratio4x3/768/576/d06611178126f5f81a5a55e1f4fef435/C6A50DD2A5C671B00E2985C780E4AB4F/bi-honeypot-850x550-jpg.jpg","1008":"/resource/image/332086/landscape_ratio4x3/1008/756/d06611178126f5f81a5a55e1f4fef435/F4C2F0E74EC9B953F6626EA4BDC24DE8/bi-honeypot-850x550-jpg.jpg","1296":"/resource/image/332086/landscape_ratio4x3/1296/972/d06611178126f5f81a5a55e1f4fef435/DF175C147ECB57A3C15AA412FD48FD5B/bi-honeypot-850x550-jpg.jpg","3000":"/resource/image/332086/landscape_ratio4x3/3000/2250/d06611178126f5f81a5a55e1f4fef435/86610566551915324DFB9C821EAA889E/bi-honeypot-850x550-jpg.jpg"}}] "Honeypot: The company has more than 180 of these decoy traps online, which attract attacks by simulating security vulnerabilities.")
Honeypot: The company has more than 180 of these decoy traps online, which attract attacks by simulating security vulnerabilities. Able to simulate highly specific types of system weaknesses, such as smartphones with security flaws, they can reveal the ins and outs of attackers' strategies for exploiting vulnerabilities.
In order to deal with such cyber attacks, Deutsche Telekom and its Cyber Defense Center changed the focus from mere prevention measures to a holistic management approach. This approach combines prevention, detection and reaction capabilities while constantly developing highly specialized analysis methods being adapted to the changing cyber environment.
"The things you do to protect yourself against cyber attacks are sort of like the things you do to drive safely: make sure your "car" is up to date on its safety inspections, and keep your eyes on the "road" and on the "traffic situation". In addition to emphasizing such good preventive strategies, we also give high priority to smart analysis," notes Thomas Tschersich, Head of Group Security at Deutsche Telekom.
The Cyber Defense Center/CERT (CDC) of Deutsche Telekom operates international Cyber Security Incident Management for the entire Deutsche Telekom Group and provides services for customers.
The main objective is safeguarding and expanding the security procedures for our internal infrastructure as well as for our customers.
In addition, the Deutsche Telekom Cyber Defense Center/CERT is the international point of contact for issues surrounding Internet security and Internet crime, in cooperation with following organizations:
- Federal Office for Information Security (BSI)
- Federal Office for the Protection of the Constitution (BfV)
- European Union Agency for Network and Information Security (ENISA)
- European Union (EC)
- Federal Criminal Police Office (BKA)
- GSM Association (GSMA)
- European Telecommunications Informatics Services (ETIS)
- Forum for Incident Response and Security Teams (FIRST)
- Cyber Security Sharing and Analytics (CSSA)