mail icon

To recognise threats early and draw the right conclusions from them, MSS-i relies on many different factors. After all, the more precisely and quickly the Swisscom specialists find out where threats lie, the better they can act and react. For this reason, Swisscom continuously monitors and analyses its own feeds as well as feeds from partner companies. Worldwide.

The components for smart correlation

information flow diagram

Own feeds

Nobody knows the Swisscom network better than Swisscom. Information on the threats that are detected on the Swisscom network are immediately input into the service intelligence.

Partner feeds

As a leading Swiss telecommunications company, Swisscom works closely together with Swiss and international providers – and learns immediately from these partners when a new threat arises somewhere.

Other feeds

Last but not least, Swisscom monitors and uses feeds from manufacturers and feeds from feed portals.

Collective intelligence

Swisscom manages security devices in Switzerland and throughout the world. And, when analysing the logs, learns about concrete incidents around the globe. This ensures a collective intelligence, from which all customers ultimately benefit.

Smart collection

MSS-i processes feeds and logs practically in real time: the logs are compared with the feeds and detect threats in a short time. The service receives the logs raw, meaning exactly as they are delivered by the devices, and then compares them with the feeds in an intelligent manner. This correlation of big data ensures significantly more security than an evaluation using a simple algorithm. If a threat is detected, the system automatically triggers an incident and evaluates the threat.

Correctly assess the risk

Risk = Threat x Vulnerability x Asset Information

A threat multiplied by the vulnerability multiplied by the criticality of the target system results in the risk.

From raw data to meaningful reports

information flow diagram

The correlation engine aggregates, normalises and correlates the events of various security devices for relevant incidents. This eliminates false positives, on the one hand, and also displays the incidents in accordance with business logic (e.g. “supply chain is at risk” instead of “firewall is at risk”).

Interaction between man and machine:

We teach machines to think.

For maximum security, people and machines need to work perfectly together. If something can be clearly qualified, the security engine can solve it without human help. However, for more demanding tasks, there is no schema by which the machine can proceed.

For this reason, an expert is needed who performs a specific analysis and avert the threat. Through this analysis, the machine learns something new and can perform the task independently next time. All Swisscom customers benefit from this increase in intelligence.