You are responsible for Security Information and Event Management (SIEM) and the Security Operations Center (SOC). What is it about?

By Security Information & Event Management we mean the real-time analysis of security threats. For a holistic view of our own IT security, our team collects, analyses and processes billions of events per day. These events contain information about activities on relevant IT components. By analysing such events and using our analytics technologies, we are able to detect cyber attacks and anomalies in time, warn of them and react with countermeasures. Our "anti-hacking" teams in the Security Operations Centre support us in this.

How to analyse the supposedly unpredictable? 

We have to be prepared for all threat scenarios. Recognising unpredictable events at an early stage is a major challenge. We use a strategic mix of specialised software, hardware, machine learning algorithms, artificial intelligence and anomaly detection systems to monitor the data flow seamlessly. In addition, we also use intelligent technologies that, for example, combine results from historical forensic analyses with information from darknet monitoring. This enables us to detect trends and so-called zero-day attacks in a timely manner. Furthermore, we cooperate with partners from the industry. This enables us to exchange expertise and experience. 

Does the work for a cyber analytics team mean more data analysis or network monitoring?

The Cyber Analytics team is not only concerned with data analysis, but also with the holistic monitoring of attack vectors on all IT systems and the definition of countermeasures and solution strategies. We focalise on the technical integration of the diverse approaches that provide the best strategic protection for Deutsche Börse Group.

What are the biggest challenges? 

As IT complexity increases, so do the security requirements for IT. We rely very heavily on digital technologies. These prove their worth when it comes to meeting our requirements to ensure fair and regulated markets. This includes the encryption of sensitive customer transactions, cryptographic algorithms of blockchain or further data mining techniques for the processing of trading data. We are also increasingly using technologies such as cloud, automation or robotics for our internal processes. This multitude of digital data requires a high level of cyber security. The dynamics of the field of work continuously challenge you. But we can only achieve success in our work with a well-coordinated team, a team of colleagues with different professional and human competences.

Can you actually still surf the net in private in a relaxed manner? 

Yes, absolutely. With the right security precautions, everyone can protect themselves from cyber crime. This includes encrypted connections with secure passwords and multi-level authentication. It is also important to keep operating systems, browsers, antivirus programmes and mobile software up to date. In social networks, where private data can be unknowingly collected and shared, I recommend changing privacy settings and reducing individual profiles to the most necessary information.