HomeResourcesCase StudiesBangladesh Telecom Managed SOC
Managed SOCTelecomBangladesh

Bangladeshi Telecoms Operator Cuts Detection Time by 55% with Managed SOC

A BTRC-regulated telecoms operator in Bangladesh with over 15 million subscribers engaged EIC's managed SOC service to address critical gaps in security monitoring. Within 8 weeks of deployment, mean time to detect dropped 55%, achieving 24/7 threat monitoring across the operator's core network, billing systems, and customer data platforms.

24/7 Managed SOC · Telecom · Bangladesh
55%
MTTD Reduction
42
Log Sources
24/7
SOC Coverage
31min
Avg MTTD
15M+
Subscribers Protected
Industry
Telecommunications
Service
24/7 Managed SOC Services
Timeline
8-week deployment + ongoing managed service
Technology
EIC SOC Platform + SIEM Integration
The Challenge

BTRC Compliance Mandate and Growing Threat Landscape

The Bangladesh Telecommunication Regulatory Commission (BTRC) had issued a directive requiring telecoms operators to maintain active security monitoring capabilities. For this operator — serving over 15 million subscribers across voice, data, and mobile financial services — the directive exposed a fundamental gap: they had no dedicated security monitoring function whatsoever.

The operator had experienced two security incidents in the prior 12 months, both detected by customers rather than internal teams. In one case, a subscriber data exposure went unnoticed for 11 days until affected customers reported unusual activity on their accounts. The reputational damage and BTRC scrutiny that followed made clear that reactive detection was no longer tenable.

The internal IT team of six had no dedicated security personnel or SOC experience. Their responsibilities spanned network operations, system administration, and application support — security monitoring was an afterthought handled through periodic manual log reviews that covered less than 10% of the infrastructure.

Core network infrastructure, OSS/BSS systems, and subscriber data platforms lacked centralized monitoring. With 15 million subscribers' personal and billing data at risk, the operator faced both regulatory consequences and significant commercial exposure from any future breach.

A previous attempt to build an in-house SOC had been abandoned after six months. The operator had invested in SIEM tooling but could not recruit qualified SOC analysts in the Bangladeshi market — the few candidates with relevant experience commanded salaries the operator's HR framework could not accommodate, and those who were hired left within months for higher-paying positions in banking or international firms.

  • BTRC (Bangladesh Telecommunication Regulatory Commission) issued directive requiring telecoms operators to maintain active security monitoring
  • Operator had experienced 2 security incidents in prior 12 months — both detected by customers, not internal teams
  • Internal IT team of 6 had no dedicated security personnel or SOC experience
  • Core network infrastructure, OSS/BSS systems, and subscriber data platforms lacked centralized monitoring
  • 15M+ subscribers' personal and billing data at risk
  • Previous attempt to build in-house SOC abandoned after 6 months due to talent shortage and cost
EIC's Approach

From Zero SOC to Full Telecom Coverage in 8 Weeks

EIC deployed a phased SOC implementation designed to achieve full 24/7 coverage within 8 weeks, with detection rules specifically engineered for telecom attack patterns and BTRC compliance requirements.

Phase 01 · Weeks 1–3

Network Discovery & Log Integration

Mapped all critical assets across core network, radio access network management, billing/OSS, CRM, and internet gateway. Integrated 42 log sources including network elements, firewalls, IDS/IPS, and application logs.

Phase 02 · Weeks 3–5

Telecom-Specific Detection Rules

Built custom correlation rules for telecom attack patterns: SIM swap fraud indicators, unauthorized interconnect access, billing manipulation, SS7/Diameter anomalies, and subscriber data exfiltration attempts. Reduced noise from 500+ raw alerts/day to 28 actionable events.

Phase 03 · Weeks 5–8

24/7 Handover & Operational Readiness

EIC SOC analysts assumed L1/L2 monitoring. Escalation procedures defined with operator's network operations center. BTRC incident reporting workflow integrated.

Phase 04 · Month 3+

Ongoing Managed Service

Continuous threat intelligence updates for telecom-specific threats. Monthly executive reports for BTRC compliance evidence. Quarterly threat landscape briefings for CTO office.

Detection Engineering

Telecom-Specific Threat Detection

Generic SOC rules designed for enterprise IT environments miss the threat patterns unique to telecommunications infrastructure. A telecom operator's attack surface extends far beyond standard endpoints and servers — it includes signaling protocols, interconnect interfaces, subscriber identity management, and billing systems that have no equivalent in other industries. Applying standard detection rules to a telecom environment produces either overwhelming noise or dangerous blind spots.

EIC built detection capabilities specifically tailored to the operator's telecom environment, covering four critical threat categories that generic SOC providers typically cannot address:

  • SIM swap fraud patterns — Unusual IMSI reassignment sequences that indicate unauthorized SIM swaps, including rapid successive reassignments and reassignments originating from non-standard dealer channels
  • Interconnect abuse — Unauthorized SS7 messages from unexpected sources, including location queries and call interception attempts from network elements not on the operator's trusted peering list
  • Subscriber data access anomalies — Bulk CRM queries outside business hours, unusual export patterns, and access to subscriber records by accounts that had not previously accessed those data sets
  • Billing system manipulation — Unusual credit adjustments, balance modifications outside established thresholds, and patterns consistent with internal fraud or compromised billing administrator accounts

Within the first month of operation, the SOC detected and escalated three genuine security events that would have gone unnoticed under the operator's previous monitoring approach. One involved an unauthorized bulk query against the CRM database from a compromised service account during off-hours — a pattern that generic IT security rules would not have flagged because the account had legitimate access permissions. EIC's telecom-specific behavioral baseline identified the anomaly within 14 minutes of occurrence.

Results

Measurable Outcomes

55%
Reduction in mean time to detect
42
Log sources monitored 24/7
28
Daily actionable alerts (from 500+ raw)
3
Real threats caught in first month
"
We tried to build our own SOC for six months and failed. EIC had us operational in eight weeks with detection rules that actually understand telecom threats — not generic IT security patterns adapted from other industries.
CTO, Telecoms Operator, Bangladesh
Services in This Engagement

Facing a Similar Detection Gap?

Describe your current monitoring coverage on a 30-minute scoping call. We'll assess your detection gaps and recommend a SOC deployment plan.