AT&T Cybersecurity Services

by Faulkner Staff

Docid: 00021100

Publication Date: 2007

Report Type: PRODUCT

Preview

AT&T offers an extensive portfolio of cybersecurity services for
large businesses and enterprises. The acquisition of AlienVault has given
AT&T a boost with the Unified Security Management platform. This
report takes a look at the realm of cybersecurity offerings provided by
AT&T.

Vendor

Name: AT&T
Headquarters:
208 South Akard Street
Dallas, TX 75202-2233
Tel: (210) 821-4105
Web: https://www.att.com/
Founded: 1984
Stock Symbol: T

Description

[return to top of
report]

With information security professionals in short supply – and demanding
top dollar – many enterprises are turning to outsourcing to satisfy their
security needs, entrusting the integrity of their information
infrastructure and business information to a managed security services
provider.

With the 2018 acquisition of AlienVault, AT&T added the unified
security management platform and threat intelligence capabilities to its
portfolio of cybersecurity products. AlienVault’s president and CEO Barmak
Meftah was named president of AT&T Cybersecurity Solutions. Regarding
the combination of AT&T and AlienVault, Meftah said, “Together we have
the opportunity to simplify a complex problem and automate how many
customers tackle their cybersecurity needs. We will combine our phenomenal
threat detection, incident response, and compliance security platform with
AT&T’s managed security capabilities, making near real-time threat
information actionable and achievable.”

In February 2019, AT&T announced that it would combine the
AlienVault, AT&T Cybersecurity Consulting, AT&T Managed Security
Services divisions into one unit called AT&T Cybersecurity.

AT&T breaks down its cybersecurity portfolio into a three-pronged
approach:

Assess and plan – Consists of products and services
that determine the best possible security solution and the planning
tools needed to put such plan in place.
Detect and protect – Delivers offerings that filter
and analyze traffic and identify and block threats.
Respond and recover – Provides the resources needed
to act on threat and minimize harm.

Related Faulkner Reports

Dell SecureWorks Managed
Security Services Product Profile

IBM Managed Security
Services Product Profile

Verizon Enterprise Security
Services Product Profile

Features

[return to top of
report]

Table 1 outlines the features of the products and services within
AT&T’s cybersecurity portfolio.

Table 1. Major Offerings for AT&T Cybersecurity Services
Objectives	Products and Features
Cyber Strategy and Risk	Strategy and Roadmap Planning – AT&T conducts a needs assessment and draws up a framework after careful analysis of an organization’s goals and current parameters. Key activities include: Analysis and Framework Establishment Risk Assessment and Analysis Strategy and Roadmap Development Aligning business objectives and IT needs Analysis of security requirements Best practices and industry standards utilization Identification of controls and remediation processes Compliance Consulting – AT&T has security governance programs in place to help companies meet regulatory compliance. Plans include: Governance, risk and compliance (GRC) services Payment Card Industry (PCI) compliance solutions Vulnerability Scanning – Avoiding and deflecting threats are the basis for the vulnerability scanning service. This offering comprises a Web portal for viewing scan results; testing of Web applications; customer-tailored risk ratings; and reporting capabilities. Cybersecurity Rating – Since an organization’s security posture changes quickly, AT&T determines the most up-to-date threats to measure their impact against the network ecosystem. Penetration Testing. Tests how security holds up to real-world scenarios while working towards compliance. Risk Based Cyber Posture Assessment. Allows for a quick assessment and make plans to address gaps. Cybersecurity IQ Testing. Allows for the measuring and assessment of an organization’s cybersecurity awareness.
Detect and Protect	AlienVault USM Anywhere – AlienVault Unified Security Management is a SaaS security monitoring offering that centralizes threat detection, incident response, and compliance management across the cloud, hybrid environments, and on-premise locations. It offers automated log collection, continuous threat intelligence, and automates with third-party tools. AT&T Threat Manager – AT&T delivers monitoring and visibility across an organization’s entire network. It consists of: Security information and event management Log management Applied threat intelligence AT&T Security Operations Center analysts Incident Response and Forensics – In the event of a breach or some other type of cybersecurity incident, AT&T can lead the investigation or support an organization’s own IT security team. Prior to and after a breach, AT&T can be tapped to provide services. These include: Incident Response Retainer Services Data Breach Simulations Incident Response and Forensics Program Development Forensics and Electronic Discovery Breach Investigation PCI Qualified Incident Response Assessors
Network Security	Intrusion Detection and Prevention – Screens data packets throughout the network and triggers alerts, drops packets, or blocks traffic whenever a suspicious packet is detected. Network-Based Firewall – Monitors bandwidth usage and address security related compliance problems. Firewall services are configured based upon an organization’s specific security policies. Premises-Based Firewall – Consists of a fully managed firewall, complete with software and hardware components, to deliver network monitoring capabilities. Organizations can choose from firewall systems from Check Point Software, Fortinet, Palo Alto Networks, Cisco, and Juniper Networks. DDoS Defense – Delivers cloud-based monitoring of distributed denial-of-service attacks through in-depth analysis of traffic. It identifies malicious traffic that is sent to scrubbing facilities for blocking purposes. Secure Email Gateway – Deflects spam, malware, ransomware, phishing attacks, and more to keep inbound and outbound email protected. Cloud Web Security Service – Provides content filtering and Web protection to protect devices and users have multiple connectivity options to access the network infrastructure. An encrypted tunnel delivers protection from location/device to cloud services. Token Authentication – Secures access across a variety of customer applications with two-factor authentication and multiple token authenticators while supporting multiple platforms including iOS, Android, Windows Mobile, and BlackBerry. Enhanced Cybersecurity Service – Features email filtering, domain name system sinkhole security, and user access management to prevent threats from invading the network. Additional Offerings – AT&T has teamed up with third-party vendors to offer alternative security products to safeguard networks. These include: Symantec Endpoint Protection Norton Security for Professionals Lookout Mobile Endpoint Security IBM MaaS360 MobileIron for Core and MobileIron for Cloud VMware Workspace One-Cloud and VMware Workspace One-On Premises
Endpoint Security	VMWare Workspace ONE(R) – An enterprise management platform that allows IT administrators to control mobile devices, cloud-hosted virtual desktops, and applications. It is available as a cloud or on premises offering. IBM MaaS360 – Integrates mobile management with IT tools to create mobile apps at scale to furnish organizations with the capabilities they need to provide comprehensive security across devices, apps, content, and users. MobileIron – Helps organizations harness the secure mobility and improved device compliance, allowing organizations to manage and monitor endpoints, apps, and content. Lookout Mobile Endpoint Security. Designed to mitigate risk through Lookout’s analysis and reporting features; privacy controls; and integration with SIEM systems via the Mobile Risk API, including Splunk, ArcSight, and QRadar.

Environment

[return to top of
report]

AT&T’s solutions for cybersecurity are intended to be deployable,
scalable, and adaptable to most environments.

Major Competitors

[return to top of
report]

IBM
Cisco
Secureworks
Symantec
Verizon Enterprise
Trustwave
Sophos

Conclusion

[return to top of
report]

AT&T has demonstrated its commitment to security with the acquisition
of AlienVault, which gives it the Unified Security Management platform.
The USM platform combines threat detection, incident response, and
compliance capabilities. AT&T has combined AlienVault’s capabilities
and intelligence within its own portfolio to further safeguard
enterprises.

In the wake of recent and wide-reaching data breaches, including the
Equifax, Office of Personnel Management, Marriott, Yahoo, and others,
companies of all sizes are discovering that protecting their data isn’t
just a task that can be put off and completed at a later date. Many
breaches aren’t discovered for months or even years, long after data has
been compromised and stolen. In a February 2019 report, Risk Based
Security revealed that there were 6,515 disclosed data compromises in 2018
– over five billion records in total were compromised. The number of
breaches decreased slightly about one-third from 2017. However five
billion records is still a large number and RBS determined that it took an
average of 49.6 days to report a breach following its discovery.¹

Ransomware attacks, cryptocurrency mining, phishing attacks, and other
threats can result in millions of dollars in losses. A March 2019
ransomware attack on Norwegian aluminum provider Norsk Hydro topped $40
million in one week . It’s unclear how much more money this one
breach will cost the company. Although organizations are warned by law
enforcement not to pay the ransoms on these styles of attacks, some
companies figure it’s cheaper to pay up than to try and recover locked
files. However, paying a ransom does not mean that the cybercriminals will
decrypt the files and return them. In the past, many companies found it
difficult to justify the funds needed for cybersecurity services when it
seemed unlikely that a cyber attack or breach would occur. Nowadays, the
likelihood of a cyber threat causing massive damage is great thanks to
unpatched software, employees falling for business email compromise scams,
and the use of weak passwords. This is where AT&T comes in. Its
cybersecurity services help companies find their weakest points and
develop plans to deflect threats; collect data from logs for evaluation;
and identify potential security issues in network traffic and mitigate
them. AT&T can take over all cybersecurity duties for a company that
prefers to offload them or doesn’t have the staff to handle them or can
simply work in tandem with a company’s cyber team. While cybersecurity
services are indeed expensive, there is no other alternative as protection
is critical. And as the incident at Norsk Hydro dictates, one breach or
attack can be so costly that a company could go out of business.

Web Links

[return to top of report]

AT&T: https://www.att.com/
Cisco: https://www.cisco.com/
IBM: https://www.ibm.com/
Secureworks: https://www.secureworks.com/
Sophos: https://www.sophos.com/
Symantec: https://www.symantec.com/
Trustwave: https://www.trustwave.com/
Verizon Enterprise: http://www.verizonenterprise.com/

References

¹ Risk Based Security. “2017 Data Breach QuickView Report.”
February 13, 2019.

[return to top of this
report]