Governance & Risk Management , Managed Security Service Provider (MSSP) , Next-Generation Technologies & Secure Development
Why Is AT&T Cybersecurity Such a Good Acquisition Target?Analysts Praised AT&T Cybersecurity for Bringing Threat Intel and MSS Together
AT&T wants to unload its cyber assets just five years after doubling down on security through its $600 million purchase of threat intelligence vendor AlienVault.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The Dallas, Texas-based carrier has been working with British banking giant Barclays to solicit bids for its cybersecurity business, Reuters reported Tuesday. No deal is certain, sources told Reuters, and it is unclear how much AT&T's cybersecurity division would fetch now. Both AT&T and Barclays declined Information Security Media Group's requests for comment.
The potential sale of AT&T's cybersecurity division comes against a backdrop of divestitures the telecommunications giant has pursued to pay down debt following its $108.7 billion acquisition of Time Warner in 2018. In the past two years, AT&T has sold a 30% stake in DirecTV to TPG for $1.8 billion and hauled in $40.4 billion by spinning off and merging its Warner Media business with Discovery, Reuters says (see: AT&T Cybersecurity Sets Sights on Threat Intelligence).
In August 2018, AT&T had big ambitions when it bought AlienVault to expand the reach of enterprise-grade security solutions to smaller businesses. Upon closing, AT&T launched a stand-alone cybersecurity solutions business unit tasked with making AlienVault's technology and AT&T's existing security assets accessible to all businesses from Fortune 100 companies to local mom and pop stores, CRN reported.
Analysts Fawn Over Joint AT&T-AlienVault Offering
The new business unit was to be led by Barmak Meftah, who served as AlienVault's president and CEO for nearly seven years leading up to the AT&T deal and helped the company raised nearly $115 million in eight rounds of outside funding. And to boot, the acquisition gave AT&T's business customers access to AlienVault's security management platform for threat detection and response solutions.
AlienVault also offered Open Threat Exchange, a public platform that security professionals could use to share threat information. AT&T said at the time it intended to combine AlienVault's open-source threat intelligence tools with AT&T's portfolio of managed cybersecurity services and network visibility tools, according to CRN.
The joint AT&T-AlienVault offering quickly garnered recognition from analysts, and Gartner included the company as a niche player in its May 2019 Magic Quadrant for managed security services. Gartner praised AT&T for its reporting, event handling and large threat intelligence-sharing community, though it criticized AT&T for the complexity of AlienVault SIEM and its lack of presence in Europe and Asia-Pacific.
Then in July 2020, Forrester recognized AT&T Cybersecurity as a strong performer in its Wave for global managed security service providers, behind only IBM, Trustwave, Alert Logic, Secureworks, Accenture and EY. Forrester said AT&T is a good fit for larger organizations that want a traditional SIEM, but it cautioned that AlienVault's struggles with vulnerability and asset details could become a service delivery issue.
In September 2020, IDC named AT&T Cybersecurity a leader in its MarketScape for worldwide managed security services, praising AT&T for the breadth of its services across cyber strategy and risk, identity and fraud, unified endpoint, network security, and threat detection and response. IDC also praised AT&T for scaling to the needs of large, global enterprises and doing integrated threat intel and easy deployments.
Mum's the Word Lately at AT&T Cybersecurity
Over the past 29 months, analyst recognition for AT&T Cybersecurity has been scant as firms retired their managed security service market evaluations in favor of examining newer technologies. Meftah left AT&T Cybersecurity in July 2020 and 18 months later co-founded venture capital firm Ballistic Ventures, while global channel leader Mike LaPeters left a year earlier for a similar role at Malwarebytes.
Headcount at AT&T Cybersecurity has grown steadily to 804 employees, up 7% from 752 workers a year ago and up 18% from 681 staff members two years ago, according to LinkedIn. The biggest growth areas have been engineering and business development - both of which increased staff sizes by 15% over the past year - while headcount in AT&T Cybersecurity's sales division has fallen by 3% over the past year.
Since 2020, AT&T has rolled out a managed endpoint security offering with SentinelOne that provides comprehensive protection against ransomware while also detecting threats in an enterprise network. In addition, AT&T's recent offering for threat detection and response for government uses the automation capabilities of the AT&T Unified Security Management platform to detect and respond to threats.
How much interest will AT&T Cybersecurity generate in the open market? And will owning the platform appeal more to a technology vendor or to a private equity firm?
Only time will tell.