- Company experts see increase in attacks on companies
- Master Security Operations Center (SOC) officially opened
- AI and learning systems are trending on both sides
The pressure of 30,000 to 40,000 attack attempts per minute, which are measured by the sensors in the Security Operations Center, rarely lets up. At the same time, state actors have also stepped up the pace when it comes to exploiting security gaps. “They are putting their finger in the wound, more and more often even before a band-aid is available,” says Thomas Tschersich, Head of Telekom Security and CEO of Telekom Security GmbH.
His experts can hardly keep up with the measuring, counting and weighing. It's now a matter of hours and minutes, not days. Artificial intelligence (AI) and learning systems are therefore playing an increasingly important role in the everyday lives of cyber security officers. They help to never lose sight of the tense security situation and to maintain an overview at all times.
More attacks with AI - Telekom strengthens cyber defense
Current crises and wars are exacerbating the trends. Precisely because more and more attacks are being generated, improved and controlled with AI. Deutsche Telekom is responding to this and expanding its cyber defense capacities.
“The new Master Security Operations Center in Bonn is the heart of our global network of such security centers. We are relying on the many years of experience of our teams, as well as automation, learning technology and artificial intelligence. This gives us valuable time to react for our customers and also for ourselves,” says Tschersich.
Every day, the new SOC analyzes several billion pieces of security-relevant data from a quarter of a million data sources almost fully automatically. Deutsche Telekom also evaluates up to 95 million attempted attacks on its Internet-based decoy traps live every day. These findings are also fed into the company's Threat Intelligence database. It is now considered to be the most comprehensive in Europe.
Standing up to botnet servers
The protection center detects around 800 botnet servers per month and restricts their function. They are effectively the brains of such networks and without contact to new victims or already infected systems, botnets can neither grow nor operate. Their control servers use malware to take control of other people's computers and smart objects. The more zombie systems are interconnected to form such a network, the more powerful a weapon it becomes. Criminals then use the externally controlled computers for overload attacks, for example. They direct the data streams of the hijacked computers to other computer systems and paralyze them. This can be cash registers, booking systems or online stores and leads to damage through loss of turnover and reputation.
'Tsunami' attacks hit with great force
Such denial-of-service attacks (DDoS) have become increasingly sophisticated over the years. The latest generation of overload attacks is now referred to as a 'tsunami', so devastating can their impact be. But they are also more difficult to detect in advance, which is why it is essential to constantly monitor the development of the situation and analyze data streams.
Telekom SOC among Europe's largest - global network
More than 250 cyber security experts in Bonn monitor the Group's systems and those of its customers 24 hours a day - wherever the company is active on the world's continents. The SOC in Bonn works together with centers in 13 other countries. The cyber security center in Bonn is one of the largest of its kind in Europe.
About Deutsche Telekom: Deutsche Telekom at a glance