The Security Operations Center (SOC) faces an unrelenting barrage of 30,000 to 40,000 attack attempts per minute, a challenge exacerbated by state actors who are increasingly exploiting security vulnerabilities. Thomas Tschersich, Head of Telekom Security and CEO of Telekom Security GmbH, notes, “They’re exploiting weaknesses faster than we can patch them.”
With the frequency of attacks escalating, and with many of these attacks now orchestrated and improved through artificial intelligence (AI), the role of AI and machine learning in cyber defense has become crucial. These technologies are essential for maintaining an overview of the ever-tightening security landscape.
Strengthening Cyber Defense Amid Rising Threats
Current geopolitical crises and conflicts are intensifying the threats, as AI-driven attacks become more sophisticated. In response, Deutsche Telekom is significantly bolstering its cyber defense capabilities.
“Our new Master Security Operations Center in Bonn is central to our global network of security hubs,” explains Tschersich. “We’re leveraging our team’s extensive experience along with automation, machine learning, and AI to gain crucial reaction time for both our customers and ourselves.”
The new SOC processes several billion pieces of security data daily from a quarter of a million sources. Additionally, it monitors up to 95 million attempted attacks on its internet-based decoy traps in real-time. This data is integrated into the company’s Thread Intelligence database, now regarded as one of the most comprehensive in Europe.
Combating Botnets
The SOC identifies and neutralizes around 800 botnet servers each month. These servers, which act as the control centers for networks of compromised computers, are crucial to preventing the expansion and operation of botnets. Without access to new targets or infected systems, these networks lose their effectiveness. Cybercriminals often use these networks to launch overload attacks, directing hijacked computers to disrupt other systems, including cash registers, booking systems, and online stores, causing significant financial and reputational damage.
Mitigating ‘Tsunami’ Attacks
Denial-of-service attacks (DDoS) have evolved into what are now referred to as ‘tsunami’ attacks, due to their devastating impact. These attacks are increasingly complex and harder to detect in advance, necessitating continuous monitoring and data analysis to counteract them effectively.
Telekom’s Global Cyber Defense Network
Deutsche Telekom’s SOC in Bonn is one of Europe’s largest, with over 250 cybersecurity experts working around the clock. This center collaborates with 13 other international security hubs, forming a robust global network dedicated to safeguarding the company’s systems and those of its clients.
