AI and Learning Systems in the Security Operation Center
Telekom opens its Master Security Operations Center in Bonn, analyzing billions of security-relevant data points per day.
Every minute, 30,000 to 40,000 attack attempts are detected by the sensors in the Security Operations Center. “These attacks hit where it hurts, often before a solution is even available,” says Thomas Tschersich, CEO of Telekom Security. Now, it’s a matter of hours and minutes, not days, to respond. This urgency is driven by the fact that more and more attacks are being generated, enhanced, and controlled by AI. As a result, AI and learning systems are playing an increasingly vital role in defense. They ensure the security team maintains continuous awareness of the evolving threat landscape and keeps an overview at all times.
More AI-Driven Attacks
Deutsche Telekom is expanding its cyber defense capabilities with the launch of its new Master Security Operations Center (SOC) in Bonn, which works in collaboration with SOCs in 13 other countries. “We are focusing on automation, learning technologies, and artificial intelligence. This allows us to respond faster—both for our customers and ourselves,” says Tschersich. Each day, the new SOC automatically analyses several billion pieces of security-relevant data from a quarter of a million sources. Additionally, the security team monitors up to 95 million attack attempts on its internet-based decoy traps in real-time. These findings are then fed into the company’s Threat Intelligence database.
Countering Botnet Servers
The SOC identifies and neutralizes approximately 800 botnet servers per month, restricting their functionality. These servers are the command centers of botnet networks, and without communication with new victims or already infected systems, botnets cannot grow or operate. Botnet control servers use malware to hijack other people’s computers and smart devices.
The more interconnected zombie systems that form a botnet, the more powerful it becomes. Criminals can then use these externally controlled computers to launch overload attacks. By redirecting data streams from hijacked computers to other systems, they can overwhelm and paralyze targets such as cash registers, booking systems, or online stores—resulting in financial losses and reputational damage.