By using this web site you accept our use of cookies. More information about cookies
Infopulse - Expert Software Engineering, Infrastructure Management Services
By using this web site you accept our use of cookies. More information about cookies
Infopulse - Expert Software Engineering, Infrastructure Management Services
Infopulse - Expert Software Engineering, Infrastructure Management Services

    Send message Please fill in this quick form and we will send you a free quote shortly.
    * Required fields
    Your privacy is important to us. We will never share your data.

      Subscribe to our updates Be among the first to get exclusive content on IT insights, innovations, and best practices.
      * Required fields
      Your privacy is important to us. We will never share your data.

        Subscribe to our New career opportunities Please fill in this quick form to be among the first to receive our updates.
        * Required fields
        Your privacy is important to us. We will never share your data.
        * Required fields
        Your privacy is important to us. We will never share your data.

          Subscribe to our updates Be among the first to get exclusive content on IT insights, innovations, and best practices.
          * Required fields
          Your privacy is important to us. We will never share your data.

            Photo of Oleksandr Kosovskyi Send an email to Oleksandr Kosovskyi Please fill in this quick form to contact our expert directly.
            * Required fields
            Your privacy is important to us. We will never share your data.

              Download ebook Please fill in this quick form
              * Required fields
              Your privacy is important to us. We will never share your data.

                Read the Full Case Study Don't miss the most interesting part of the story!
                Submit this quick form to see the rest and to freely access all case studies on our website.
                * Required fields
                Your privacy is important to us. We will never share your data.
                Infopulse - Expert Software Engineering, Infrastructure Management Services

                How to Build an Efficient SOC for a Modern Telecom Network

                Reading time: 7 minutes

                Security in telecom remains a hot-button issue as both the threat and regulatory landscapes keep evolving. While 4G is already dominant in developed regions and the roll-out of 5G is actively proceeding, many telecoms still support 2/3G as well. However, the underlying technology protocols — SS7 and SIGTRAN for 2/3G, Diameter for 4G, and SIP, GTP — carry inheritance vulnerabilities telecoms must acknowledge and secure.

                The Diameter signaling protocol is natively more secure than SS7 proved to be, yet it is still prone to certain industry threats.

                Percentage of Successful Attacks by Protocol Type - Infopulse - 1


                Securing signaling protocols, however, is just one aspect of telecom security. According to the  , over 48% of total user hours were lost due to system failures and hardware failures in particular. Legacy systems no longer cope with the increased loads in a timely manner. Neither are they properly hardened to withstand emerging cyber threats.

                The above data strongly indicates that telecoms need to get a better grip on security monitoring tasks, as well as implement more proactive defense measures. That is the task SOC in telecom is well-positioned to accomplish.

                The Two Types of SOC Service Models.

                As a dedicated business unit, a security operations center (SOC) uses a mixture of standard operating procedures (SOPs) and technology solutions to monitor, evaluate, respond, and prevent cyber-threats in telecom.

                Such units can be established in-house or commissioned “as a service” from a vendor. Building a SOC in-house requires higher levels of cybersecurity maturity, niche expertise, and respective budgets. For example, enterprises with a total security budget of   allocate a third of it to SOC maintenance.

                Opting for SOC managed services, on the other hand, eliminates the OPEX costs of setting up operations in-house. Additionally, such operational partnerships provide immediate access to required telecom security knowledge, as well as operational best practices and adoption guidance.

                The two most applicable SOC service models for telecom are managed SOC and dedicated SOC.

                Managed SOC

                Also referred to as SOC as a Service, the managed SOC model assumes inclusive delegation of security operations center setup — from initial security assessment to SOC architecture configuration, team onboarding, and ongoing maintenance.

                A managed SOC unit operates as an on-demand extension of your security operations, fully covering a spectrum of security needs such as:

                • L1/L2/L3 support
                • Automated threat detection implementation
                • Security analytics implementation and reporting
                • Custom SOC use cases implementation, based on SLAs

                All of the above are approached with SIEM (Security Information Event Management) and SOAR (Security Orchestration Automation Response) best practices in the core.

                Managed SOC is the optimal solution for local and regional telecoms as this service model offers the optimal price-to-value ratio. An experienced managed SOC provider can assist with both the technology adoption and staffing.

                What you receive:

                • Custom security architecture configuration
                • SIEM/SOAR toolkit configuration
                • Compliance with applicable regulatory requirements (GDPR, CNPI, etc.)
                • Security personal resources, shared with other vendors

                Case in point: Infopulse recently assisted a telecom provider with the SIEM system (Azure Sentinel) introduction and configuration. After conducting an in-depth assessment of the customer’s security architecture, security needs, and existing technology portfolio, our security specialists helped identify the priority use cases for SIEM and implement them. This has helped the provider rebalance the technology costs and improve security coverage.

                Dedicated SOC

                As the name implies, a dedicated SOC unit assumes establishing a specialized remote unit for covering all your security tasks 24/7. Unlike managed SOC services, the staff is not shared with other vendors and works exclusively for your organization.

                Dedicated SOC services are a good alternative to building SOC teams in-house as this model enables:

                • Faster access to required talent
                • Proactive support with establishing proper SOC service functions
                • Standard operating procedures development
                • Security architecture configuration and hardening
                • SOC staffing levels definition and schedule development
                • Supporting implementation and configuration of a technology solution

                The above, however, comes at a higher investment. You do not only need to just build SOC operations, but also ensure their continuous efficacy. Respectively, a higher level of operational maturity is required for both establishment and day-to-day oversight. This makes the dedicated SOC model more applicable to larger telecoms — national and global corporations, requiring better levels of regional coverage.

                A dedicated SOC unit can cover a wider range of custom SOC use cases, ranging from baseline support and network traffic monitoring to AI-powered anomaly detection and predictive threat intelligence.

                Sample telecom-specific tasks that a dedicated SOC unit can cover:

                • SIP systems security and protection against common attack vectors (server impersonation, tempering message bodies, etc.).
                • SS7 network protocol protection (e.g., against Intra-PLMN messages, traffic redirection/inception, etc.)
                • SMS fraud cases (such as GT scanning, SMS spoofing, SMS faking, etc.)
                • Voice fraud cases (e.g., International Revenue Share Fraud, False Answer Supervision, roaming fraud, number hijacking, etc.).
                • VoIP networks hardening and protection (e.g., using secure management protocols such as SDES, ZRTP, and DTLS).

                The definite advantage of a dedicated SOC team is a highly customizable, comprehensive security coverage. Apart from getting assistance with the initial SOC architecture and team setup, you also benefit from the ongoing recommendations and continuous improvements to your security and customer service levels.

                Case in point: To ensure better regional coverage, Deutsche Telekom recently set up a SOC unit in Singapore — its 17th center of the same type. The company reports facing   cyberattacks per day, with occasional spikes to 60 million. Having such a wide network of SOC units enables Deutsche Telekom to analyze over 2.5 billion security-related events daily, using a mixture of human and AI-powered security resources. Such a setup allows them to perform near-immediate issue remediation and real-time updates to customers.

                How to Build a SOC: Business Case for Adoption in Telecom

                Telecom, like no other industry, understands the importance of data security and compliance. It follows that many already realize the need and value of establishing a SOC unit. However, it is the operational intricacies that slow down adoption. If that is your case, we suggest the following three-step framework.

                1. Assess Your Security Needs and Processes

                While SOC covers some aspects of reactive security, it is primarily a proactive cybersecurity unit, aimed at threat detection and early prevention, rather than remediation post-attack.

                Respectively, you need to understand where your company stands security-wise before working out the optimal contingency plan. This entails conducting an in-depth IT architecture assessment and formalizing:

                • Which critical IT infrastructure protection scenario should be implemented?
                • What baseline event monitoring and logging practices have to be in place?
                • How should a reactive cybersecurity response plan be executed?
                • What threat detection, prevention, and monitoring capabilities do you require?

                Additionally, as per  , it is worth separately determining:

                • Target of Measurement (TOM) — the minimum part of infrastructure that should be continuously monitored to ensure operational security.
                • Security Assurance View (SAV) — a detailed representation of the measurement results (i.e., how the information on operational security assurance will be reported).

                These two metrics should help you create common ground for confidence among all security teams and standardize reporting and communication on security incidents.

                2. Create a List of Requirements for SOC Operations

                Having identified the security jobs to be done, you need to translate these into specific functions your SOC team will take on.

                Most managed SOC vendors propose tiered service coverage plans. Approaching the selection with a personalized list will help you select the optimal service package or negotiate custom use cases to avoid gaps in coverage.

                Specifically, a list of requirements for SOC should include:

                • Security monitoring (e.g., 24/7, real-time monitoring for a list of network components, OSS/BSS applications, environments, and host operating systems).
                • Incident management (e.g., specific SLA metrics for initial response time, mean recovery time, etc.).
                • Staffing requirements (e.g., types of cybersecurity roles you look to fill in, optimal staffing schedule).
                • Threat detection capabilities (e.g., SIEM/SOAR implementation on Azure or VoIP threats detection).
                • Network hardening requirements (e.g., if you wish to implement extra protection for IoT networks or implement Software Defined Network (SDN), etc.).

                Essentially, you need to have clear requirements for two levels — technological and operational.

                Let us dwell a bit further. SOC team composition and overall attributes are crucial factors for success. A subpar schedule will result in incomplete coverage and missing security roles.

                A well-performing telecom SOC team has to cover four essential roles:

                • Security Analyst
                • Security Specialist
                • Threat Investigator
                • SOC Manager

                These specialists should have a bounded list of responsibilities, feasible rotation schedules, and receive ongoing training on new operating procedures.

                Learn more about the key characteristics of high-performing SOC teams in telecom.

                3. Compare Vendors

                Once you know what assets you need to protect and how to better do so, get back to SOC service model selection.

                Managed SOC services offer the benefit of faster implementation. This option is also better suited for telecoms with lower overall levels of cybersecurity maturity as you benefit from the vendor’s expertise and guidance when it comes to technology selection and the establishment of the operating procedure. Operating costs are highly competitive too since you are sharing rotated staff with other clients. However, this factor may be a deal-breaker for larger telecoms, requiring more extensive monitoring and complete data/operations isolation as per compliance requirements.

                In that sense, establishing a dedicated SOC unit makes sense. Plan for a longer setup timeline, yet benefit from the unlimited scope of security tasks and SOC use cases the newly established entity can handle. A dedicated SOC is a staunch choice for vendors, requiring extra local resources and expertise, as well as access to the latest technology tools without the expense of opening another office in the region.

                To Conclude

                State-of-the-art security tools cannot alone cope with the alarming volume of daily threats telecoms face today. Cybersecurity in telecom is a balancing act of talent, technology, and proven procedures for localizing potential vulnerabilities and covering those gaps before they manifest into disruptive breaches. Essentially, that is what SOC unit delivers.

                to discuss different scenarios for SOC adoption. Receive personalized guidance on rightsizing the SOC service model to your type of operations.

                About the Author

                Photo of Oleksandr Kosovskyi

                Oleksandr Kosovskyi

                SOC & NOC Expert

                Oleksandr Kosovskyi is a member of the Service Network Assurance management team for our long-standing Telco-client BICS. He has a proven track record of more than 15 years as a SOC & NOC expert for telecoms and communication hubs that spans over a wide spectrum of technologies including Signalling, Messaging, Voice, Probing, etc. With his inside-out knowledge of processes, he specializes in launching and orchestrating dedicated SOC & NOC teams from scratch for our global telecom clients.

                Originally published   July 27, 2021 Updated   August 19, 2021