DT ICSS: Leading from the front

01 September 2017 | Jason McGee-Abe


Dr. Rolf Nafziger, SVP of the International Wholesale Business Unit at Deutsche Telekom speaks to Jason McGee-Abe about how the International Carrier Sales & Solutions (ICSS) division is ahead of the game when it comes to mitigating fraud and cyber attacks

p52 350DT ICSS focusses strongly on network security and launched its 360° Defence Strategy programme at ITW this year. How has implementing this across all ICSS product segments been received?

The reception has been very well received by customers, partners, and within the Deutsche Telekom Group. Security is one of the biggest topics in our industry, as the number of attacks and fraudulent episodes increase on a seemingly daily basis. Being able to have one source for all security needs – whether in voice, mobile or data – allows our clients to provide a comprehensive, across-the-board defence strategy that is simpler, faster and more cost-effective. 

For the well-being of our wide range of clientele, we take our responsibility to stop fraudulent activities very seriously. In addition to our wholesale clients, Deutsche Telekom also serves a strong retail customer base. We are therefore committed to ensuring security in our own networks, in order to avoid revenue and reputation loss for all parties. The advanced security measures we implement have become a known factor in our brand identity and is why we have become such a highly trusted security partner. How have enhanced level of attacks in the industry, including the attack on 900,000 DT routers last year in November, helped to shape your network security strategy?

Thanks to security strategies already in place, when this attack happened, Deutsche Telekom was able to respond extremely quickly. Although this assault was not within our area of responsibility, 

I know that the attackers were not able to conclude their goal of employing the routers as bots. The root cause was rapidly identified and vulnerabilities closed. This matter made us again aware of the importance of having defence procedures and tools ready and to continually develop our security portfolio.

What makes DT ICSS stand out as a front-runner when it comes to security?

What really differentiates us is that we provide our security portfolio across all of our business areas. With our 360° approach, our offerings include inherently secure products as well as dedicated solutions. The feedback from our customers has shown that there is nothing similar in the industry. In addition, because we see security as a threat that necessitates the collective resources of all industry players, we have entered into strategic relationships with several leading partners, allowing us to quickly develop the best state-of-the-art solutions, which we then make available to the industry. 

As an international wholesale provider, our approach is also unusual because of the structure of Deutsche Telekom, which allows us to benefit from wide-ranging expertise within the various units. There are many areas of cooperation where we profit from shared knowledge and development activities. Furthermore, the backing of a Tier 1 provider that operates within our strict German legal framework is an important deciding factor when customers choose services.

DT introduced SS7 firewall to its suite of solutions, when it comes to signalling fraud, how has it supported the offering?

The SS7 firewall is one of our key products. We began development because we realised our mobile customers needed more protection from SS7 vulnerabilities. As things moved along, however, we recognised the value this solution would provide for the wholesale market – which is why we decided to roll it out for the benefit of the entire industry.  

What level of mitigation capacity are you offering to your customers, particularly when it comes to cloud-based defence mechanisms?

When it comes to mitigation capacity, Deutsche Telekom combines four different defence strategies: rate limits, filter lists, mitigation devices and black holing. Because of this, DT is able to defend large attacks right on the edge of our network. With respect to our cloud offering, we have joined forces with security experts at Arbor Networks and utilise their global scrubbing centres. This protects against the massive volumetric DDoS attacks via 4Tbps of mitigation capability in the cloud, which will be upgraded to 8Tbps.

How should carriers cooperate and collaborate in the face of security and fraud challenges?

No one carrier can protect the entire global network, which is why international collaboration is key. There needs to be open exchange about security-related matters within the carrier community, so that we can all learn from the experience of others and understand how to better protect ourselves in the future. 

At ICSS, we are playing our part through important partnerships, as well as through our involvement with industry forums. For example, we’re a member of the i3forum and the security working group of the GLF. These are just some key industry initiatives we’re helping support to drive security across the industry, collaboratively.