How Turkcell Uses Picus to Ensure Continuous Threat Readiness and Cross-Team Collaboration

Introduction

Telecommunications have become an integral part of our daily lives.

Telecoms have become a fundamental part of our lives - not only for individuals to stay connected, but as the backbone for our economies and business infrastructures. Thus, for telcos, connectivity is the number one imperative. The potential consequences of a disruption of services can range from a simple network disconnection to complete territorial outage. Furthermore; telecom operators evolved into being providers of content and online services where large and versatile IT and application systems are required. This makes telecom operators even more attractive targets for cyber criminals.

The Customer

With close to 50 million customers in five countries, Turkcell is one of the world's leading digital operators.

Turkcell is a digital operator headquartered in Turkey, providing customers with a unique portfolio of digital services including voice, messaging, data and IPTV services on its mobile and fixed networks. Founded in 1994 as Turkey’s pioneer mobile service provider, today Turkcell Group companies operate in five countries serving close to 50 million customers. In parallel with the dynamics mentioned in the introduction section, Turkcell offers a variety of custom applications and content to its subscribers. In order to manage such an extensive network and an ambitious service portfolio, Turkcell manages a large scale, world class, state of the art network.

Abdurrahman Şakar
Offensive Security Manager, Turkcell

"As the offensive security team our job is to find the answer if we are ready against evolving and new adversarial campaigns. We conduct various red team exercises and the insights provided by Picus helps us design the most relevant scenarios.”

Digitalization widens the attack surface

“We have been working towards differentiating telecom and digital services we provide. Currently we are offering more than dozens of digital services including online messaging, cloud-based file management system, a TV platform, music streaming service, and domestic mail. This makes our job even more difficult as we are now preparing ourselves for the threats against both the telco and the classical IT infrastructures.” says Abdurrahman Şakar, Offensive Security Manager at Turkcell, and continues "when it comes to cyber security, telecommunications is one of the most targeted industries".

A complex environment managed by an army of security professionals

Turkcell owns and runs one of the -if not the biggest- telecom networks in its geography of operation. This large, widespread and diverse infrastructure houses a number of IT and network technologies in addition to the innumerable number of telecom equipment. This colossal infrastructure is protected by a number of security technologies including firewalls, intrusion prevention systems, web application firewalls, proxies, security information and event management (SIEM), endpoint detection and response (EDR), security orchestration, automation and response (SOAR) and vulnerability managers. These security technologies are operated by hundreds of security professionals, working in dozens of separate and specialized teams from IT SecOps, SOC, offensive security to application testing, access and identity management and compliance

Abdurrahman Şakar
Offensive Security Manager, Turkcell

“We use Picus to create common ground between the IT SecOps, Offensive Security and SOC teams. The offensive team uses Picus threat library to simulate the APT scenarios, the results are then analyzed to pinpoint the gaps in the security controls.”

The Result

	Threat readiness through continuous security validation Turkcell continuously validates the attack readiness of their security infrastructure with the daily updated threat samples provided in the Picus Threat Library. Monitoring the defensive effectiveness allows to track security score changes, measure the impact of the policy updates and identify sudden score drops that may be caused by human error, hardware failures and other reasons. “As the Turkcell Offensive Security Team”, says Mr Şakar, “our job is to find the answer if we are ready against evolving and new adversarial campaigns. We conduct various red team exercises and the insights provided by Picus helps us design the most relevant scenarios.”
	An instrument of cross team collaboration Mr Şakar mentions that the purple team exercises leverage Picus to simulate the latest attack techniques and tactics, analyze the detection and response capabilities particular to those threats and work collectively to align cyber defense efforts across the board. “We use Picus to create common ground between the IT SecoPS, Offensive Security and SOC teams. The offensive team uses Picus threat library to simulate the APT scenarios, the results are then analyzed to pinpoint the gaps in the security controls. The technology alliances Picus established help us at this stage to take action early on, by identifying mitigation actions specific to the technologies we use.” adds Mr. Şakar.
	Picus helps streamline the patch management process Turkcell has tightly integrated its vulnerability management platform with the Picus Platform to streamline the patch management process. Mr. Şakar explains that they correlate their vulnerability scanning findings with the results of Picus threat emulations as the Picus platform provides corresponding CVE information where available. A correlation would mean that security controls have no defensive measures for an existing vulnerability and help prioritize defensive efforts.