TC Security for GDPR

Telecommunications networks form part of a country’s critical infrastructure and are increasingly being targeted by cybercriminals. Fault- and interruption-free operation of the networks and services must be fully guaranteed at all times.

The German Telecommunications Act (TKG) and the EU General Data Protection Regulation (EU GDPR) impose legally binding measures on the providers of telecommunications and Internet services.  They must, amongst other things, inform their customers as quickly as possible of DDoS (distributed denial of service) attacks, infected systems and cyber attacks to enable countermeasures to be taken without undue delay.

EU data protection requirements impose strict rules on the handling of customer data, particularly with regard to data storage. Early detection of attempted fraud in telecommunications networks helps reduce and avoid economic damage.

For the various tasks in the area of security, valantic offers special solutions for avoiding economic losses and reputation damage for the companies concerned.

cERT fully addresses the reporting obligations specified by legislators in Section 169a (4) TKG (Section 109a (4) TKG). Each day, the German federal government’s Computer Emergency Response Team receives a large amount of information about security incidents. TKG obliges telecommunications providers to inform their customers without undue delay about known incidents such as DDoS attacks, infected systems and open server services.

valantic’s cERT helps network operators to fulfill this obligation. It ensures the automated processing of cERT notifications and identification of the relevant customer data. Afterwards, the data subjects are notified and informed automatically about the potential threats and suitable countermeasures.

cERT is offered as an on-premises licensing model. valantic takes over the software maintenance as well as the project and integration services required for commissioning.

cDROP addresses the measures prescribed under Section 35 of the German Federal Data Protection Act (BDSG) and Article 17 EU GDPR regarding the protection of personal data. The EU General Data Protection Regulation (EU GDPR) requires all companies to erase obsolete customer data and to be able to prove this in case of doubt.

valantic’s cDROP allows network providers to implement statutory erasure requirements on the basis of defined rules, even in heterogeneous IT ecosystems and across multiple customer accounts. cDROP has interfaces for connecting to various data-carrying source and target systems. Audit-proof historization and meaningful reports document the erasure operations.

• Rule-based implementation of statutory erasure requirements in heterogeneous IT ecosystems
• Interfaces for connectivity with various data-carrying source and target systems
• Automated
• Precise and sustainable erasure of data
• Audit-proof historization and reporting of the performed erasure runs

Data protection projects from valantic begin with the Data Protection Health Check consulting service. Highly qualified data protection experts review your system landscape and business processes and analyze the inherent risks. This serves as the basis for deriving recommendations for action and checklists for your data protection officer.

• Protection against formal cautions
• Increased trust among customers
• High degree of automation
• Open interfaces
• Low personnel costs

valantic offers cDROP as an on-premises operating model and is responsible for the initial installation and setup of the solution as well as for software maintenance. Employees can also optionally receive instruction in using the application.

If you have any further questions, we’d be happy to advise you.

fAST is a highly efficient and cost effective fraud detection system that helps avoid economic damage and losses arising from bad debts. With fAST, telecommunications providers and Internet service providers go on the offensive. They fend off cyberattacks or – if an attack has already taken place – isolate the infected system components to ensure minimum damage and enable operation of their telecommunications services to continue largely without faults or interruption.

fAST is designed for real-time operation, using high-performance in-memory technologies to analyze a million data records per second. Rule-based scenarios and automated actions additionally guarantee very fast recognition and prevention. fAST also learns continuously through the use of artificial intelligence (AI), thereby fulfilling its task ever-more effectively, while simultaneously providing reliable protection against newly emerging threat scenarios.

• Brand new IT architecture
• User-friendly application (Web 2.0+), go live at very short notice
• Real-time fraud detection based on powerful in-memory computing technology, analysis of one million records per second
• Formula/rule editor and data miner with arbitrary rule complexity, unlimited number of rules, implicit alarm hierarchy
• Single/multiple XDR stream consolidation, rule engine for fraud detection, connection of matching algorithms for suspicious pattern detection
• Support for semi-automated rule setups
• More than 230 known fraud scenarios included as rule setups
• Detection of new, unknown attack vectors through machine learning using AI components
• Low hardware cost and OPEX through the use of entry level HW (sufficient for I/O subsystem)
• Flexible, easy-to-process data format resulting in low integration costs

fAST’s excellent scalability ensures that also large volumes of data can be processed in real time – including not only the data analysis, but also the continuous optimization of the recognition processes.