AT&T completed its divestiture of its cybersecurity services group and formed a joint venture with more than 1,000 employees in ten countries that will focus on managed cybersecurity services.The new company, LevelBlue, includes AT&T’s managed service business, cybersecurity consulting business, and the assets from AT&T’s purchase of AlienVault in 2018, such as the Open Threat Exchange (OTX) community of security professionals. Services will include managed firewall — both on-premise and in the cloud — secure web gateways, email gateways, content filtering, and services for managing security operations centers (SOCs), says Robert McCullen, chairman and CEO of LevelBlue and the founder of WillJam Ventures, which has taken a majority share of the new company.”AT&T is all about fiber, and 5g, and this new entity will be all about cyber,” he says. “And so this will allow us to invest in the people and technology, and really focused on our customers from a cyber perspective.”AT&T is divesting itself of assets as it struggles to pay down the debt incurred by its acquisitions of DirecTV in 2015 and TimeWarner in 2018, and a $3 billion break-up fee incurred by its failed acquisition of T-Mobile, which had been blocked by regulators. The company currently owes $143 billion in long-term debt, according to a December 2023 financial report. Growing Beyond Commodity Security ServicesThe new company starts in a fairly strong position. AT&T Cybersecurity ranked fourth on an annual list of the top 250 managed security service providers (MSSPs) in 2022. (AT&T Cybersecurity did not participate in the 2023 list, but LevelBlue will take part in the 2024 list, McCullen says.) Divesting from AT&T will give the LevelBlue more flexibility to tailor its offerings to combine the best products and services, which will be key in order to grow market share, says Jonathan Ong, a senior analyst in the managed security services group at business intelligence firm Omdia. “This is especially important due to the consolidation trend driven by both vendors and security end users,” Ong says. “At a more operational level, managed detection and response (MDR) will likely maintain its strong momentum, but modular add-ons such as emergency incident response and managed threat hunting will be important in gaining a foothold in new customers and catering to SMEs which may not yet have the appetite for a full-fledged service.”The high price of cybersecurity talent is a boon to the managed security services market because companies cannot afford to build their own security team. But the same workforce challenges means LevelBlue will have challenges growing its own team as well.And grow it must. LevelBlue will need to expand beyond the legacy MSSP slate of services, as the market has increasingly become commoditized, says Joseph Blankenship, vice president and research director for the Security & Risk group at Forrester Research. Instead, companies are moving toward the managed detection and response (MDR) model, he says.LevelBlue’s CEO McCullen’s former company Trustwave, for example, shifted its focus to managed detection and response (MDR) and co-managed security operations center (SOC) services. In January, a private equity fund acquired that 1,600-employee company from Singapore-based telecommunications giant Singtel.LevelBlue will have to avoid the pitfalls encountered by Trustwave and its former owners, Blankenship says.”A lot of the service providers that had been playing in [the legacy MSSP] space have pivoted toward their MDR services, and they’ve either deprecated or spun off or sold their MSSP service because they realize — hey, this is two different things are two different skill sets and vastly different profit margins or operating margins,” he says.A Close Partnership With AT&TLevelBlue will initially mainly service AT&T’s network customers, which CEO McCullen characterized as “tens of thousands,” as well as some of the new company’s own managed cybersecurity services clients. The new firm will have more than 1,000 employees in nearly ten countries, and eight SOCs around the world. “We will be servicing their cyber clients, and a lot of them are mutual clients — between network and cyber,” he says. “So we expect to have a long, close relationship.”LevelBlue will also have an internal research team, Blue Labs, that will focus on both threat research and new product development, including AI capabilities, McCullen says. The company will use threat indicators from the Open Threat Exchange (OTX) — originally part of Alien Vault, which AT&T acquired in 2018 — and its community of 235,000 security professionals to better detect and respond to breaches.”We’ll focus on … threat detection to do predictive security,” he says. “We have a ton of data that we can mined to look for threats and hopefully take action before they compromise an organization.”



Source link