AT&T to form standalone cyber security services business

Telecommunications giant AT&T has announced plans to form a standalone managed cyber security services business. The new venture will offer select security software solutions, associated managed security operations and security consulting resources, with capital investment from Chicago-based investor WillJam Ventures. The arrangement will enable AT&T to continue offering managed security services while simultaneously focusing on enhanced network-based security capabilities, it said in its announcement.

AT&T expects the transaction, which is subject to regulatory reviews and customary closing conditions, to close in Q1 2024. Additional terms of the transaction were not disclosed.

AT&T will focus on “new category” of network-embedded security

AT&T’s move into the standalone cyber security service space is significant as the company focuses on creating a “new category of network-embedded security” for small- and medium-sized business customers. “Security starts in the network. AT&T is building more security capabilities into its core network and edges. These security services will be ‘built-in’ to our connectivity products,” the firm said. AT&T is currently undergoing controlled introductions for these new products and will have more to share with the market soon, it added.

“By bringing together network-embedded security and global managed security service provider (MSSP) capabilities, business customers will have stronger protections and security postures end-to-end,” according to the telecoms leader. The new arrangement will help customers stay one step ahead of evolving cyber threats while allowing both entities to foster and accelerate innovation in the cyber security space for a broad range of customers, AT&T claimed.

Cyber security landscape more dynamic and challenging than ever

AT&T’s direct focus remains on unlocking the power of best-in-class connectivity with embedded security features that will allow its network to intelligently protect customers end-to-end, said Rick Welday, head of AT&T enterprise markets. “We’re energized about this new business model and the opportunities and capabilities these network enhancements will bring to the market.”

Today’s cyber security landscape is more dynamic and challenging than ever, with rapidly expanding attack surfaces and an intensifying cyber security skills gapv driving businesses to adopt managed security services to safeguard their digital assets, added Bob McCullen, managing partner, WillJam Ventures LLC. “Working together we’ll be uniquely positioned to protect organizations globally.”

Standalone cyber security business has “work to do” to establish itself

AT&T has long played second fiddle in security services delivered by telcos in the US market. It has lagged behind Verizon, which enjoys huge market share – not least (though by no means exclusively) because of the renown of its annual Data Breach Investigations Report, which is often quoted by vendors, customers and analysts, Rik Turner, senior principal analyst at research firm Omdia, tells Cyber Security Hub. “AT&T’s acquisition in 2018 of SIEM-lite vendor AlienVault was meant to address this, the prevailing wisdom being that it would build a security practice around that asset. Regardless of whether it is a standalone business with a separate identity or if it is called AT&T Cyber, this business unit/subsidiary will have some work to do to establish itself in the already busy market, Turner adds.

“In North America, it will face folks like Verizon and IBM, plus more specialist MSSPs over there, while in Europe there are the likes of Orange CyberDefense just about everywhere, plus T-Systems in the DACH region, TI in Italy and Telefónica in Spain,” Turner says.

CISOs consider size, scale and depth of focus in cyber as a marker of competence

The capital injection from WillJam Ventures will help AT&T’s new cyber security division grow at much higher rates than possible while shackled to the parent company, says Adam Etherington, senior principal analyst at Omdia. “Specifically, the separation will also allow the new entity a degree of freedom in product development, messaging and market focus in cyber without constantly needing to align plans and actions tightly with AT&T’s core business of networks.”

Security is becoming increasingly important, especially as firms consider who to partner with, and CISOs look at the size, scale and depth of focus in cyber as a marker of competence, Etherington adds. “A standalone security group will improve the standing of AT&T. However, as rightly pointed out, this focus will move AT&T up the competitive radar of other leading providers. The next crucial steps for AT&T include briefing the market on existing customer impacts, plans on roadmap development and channel and parent company commercial impacts.”