Secure Your Digital Assets with AT&T Security Solutions

The modern threat landscape requires more than just reactive tools; it demands a unified strategy that combines network intelligence, advanced analytics, and expert human oversight. This buying guide explores AT&T Security, a premier provider of managed security services and threat intelligence. Leveraging the power of the AlienVault Unified Security Management (USM) platform and the AT&T Alien Labs research team, AT&T Security offers a unique blend of global visibility and localized protection.

In this guide, you will learn how AT&T integrates security directly into the network fabric, providing organizations with the tools to detect, respond to, and recover from cyber threats. Whether you are looking to outsource your SOC, secure a migrating cloud workload, or implement a Zero Trust architecture, this document provides the technical and operational insights needed to determine if AT&T Security is the right partner for your enterprise's resilience.

AT&T Security centers its value proposition on three pillars: Intelligence, Integration, and Management.

• Unified Security Management (USM): A single platform that combines five essential security capabilities: Asset Discovery, Vulnerability Assessment, Intrusion Detection (IDS), Behavioral Monitoring, and SIEM (Log Management).
• AT&T Alien Labs Intelligence: Access to a global threat intelligence community (OTX) with over 100,000 participants. This ensures your defenses are updated daily with the latest indicators of compromise (IoCs).
• Managed Detection and Response (MDR): 24/7 proactive monitoring by AT&T’s global SOCs. Analysts hunt for threats that automated tools might miss and provide guided remediation steps.
• SASE (Secure Access Service Edge): Combines software-defined networking (SD-WAN) with security functions like Secure Web Gateway (SWG) and Firewall-as-a-Service (FWaaS) to protect remote users and branch offices.
• Vulnerability Management: Continuous scanning of internal and external assets to identify weaknesses before they can be exploited, with prioritized reporting based on risk level.

• Threat Detection in Hybrid Clouds: A mid-sized financial firm uses AT&T USM to monitor both their legacy on-prem servers and their new Azure environment, identifying a lateral movement attempt by an attacker across the hybrid bridge.
• Meeting Compliance for Healthcare: A hospital network implements AT&T Managed Security Services to satisfy HIPAA requirements for continuous log monitoring and vulnerability scanning, reducing their audit preparation time by 60%.
• Securing the Remote Workforce: A global retail brand uses AT&T SASE to provide secure, encrypted access to corporate applications for 5,000 remote employees without backhauling traffic through a central data center.
• Rapid Incident Response: A manufacturing company hit by ransomware uses AT&T’s Incident Response team to isolate the infection, identify the entry point, and restore operations within 48 hours.

Pricing is generally customized based on the scale of the environment and the level of service required:

• Subscription-Based (USM Anywhere): Pricing for the software platform is typically tiered based on data consumption (GB/day) or the number of assets being monitored.
• Managed Services Fees: For MDR or SOC-as-a-Service, monthly recurring charges are applied based on the complexity of the environment and the required response SLAs.
• Tiered Packaging:
  • Essentials: Basic monitoring and automated alerts.
  • Standard: Adds advanced reporting and broader log retention.
  • Premium: Includes full managed response and dedicated security account managers.
• Additional Costs: One-time implementation/professional services fees, hardware costs for physical on-prem sensors, and overage fees for data spikes.

To deploy AT&T's primary security platform (USM Anywhere), the following requirements apply:

• Virtual Environments: Support for VMware ESXi, Microsoft Hyper-V, and Citrix XenServer.
• Cloud Support: Native sensors for AWS (CloudWatch/CloudTrail), Azure (Monitor), and GCP.
• Browser Compatibility: Latest versions of Chrome, Firefox, Safari, or Microsoft Edge for the management console.
• Network Requirements: Minimum 100Mbps uplink for sensor-to-cloud communication; specific outbound ports (e.g., HTTPS 443) must be open for data transmission to the AT&T analytics engine.
• Hardware Sensors: If using physical appliances, rack space and power for 1U/2U servers in the data center.

To successfully adopt AT&T Security solutions, organizations should meet the following business prerequisites:

• Executive Sponsorship: Buy-in from the CISO or CIO is critical, as these solutions often involve shifting from a "do-it-yourself" security model to a co-managed or fully managed service.
• Defined Incident Response Policy: While AT&T provides the monitoring and alerts, the client must have internal protocols for who is authorized to take action (e.g., shutting down a server) based on AT&T’s recommendations.
• Asset Inventory: A baseline understanding of critical business assets (data, hardware, and cloud instances) is necessary to prioritize monitoring efforts.
• Change Management: Preparedness for minor network adjustments during the installation of sensors or agents across the infrastructure.
• Skill Alignment: While AT&T handles the heavy lifting, an internal point of contact with a basic understanding of security alerts is needed to coordinate with the AT&T SOC.

Implementation typically follows a structured 8–16 week path, depending on complexity:

• Discovery & Design (Weeks 1-3): Architecture review, identifying log sources, and defining escalation paths.
• Setup & Sensor Deployment (Weeks 4-6): Deployment of USM sensors (virtual or physical) and installation of endpoint agents.
• Data Ingestion & Tuning (Weeks 7-10): Connecting cloud APIs and log sources. AT&T engineers tune the correlation engine to reduce false positives based on the client's specific traffic patterns.
• Training & Operational Handoff (Weeks 11-12): Training the client team on the dashboard and finalizing the "Runbook" for incident response.
• Go-Live & Post-Launch Support (Week 13+): Full 24/7 monitoring commences with a formal transition to the AT&T Managed Services team.

AT&T offers tiered support models to match business criticality:

• Standard Support: Access to the online knowledge base, community forums, and business-hour technical support.
• Enterprise Support: 24/7/365 phone and email support with defined response time SLAs (e.g., 1 hour for critical issues).
• Managed Services Support: For MDR customers, this includes a dedicated Technical Account Manager (TAM) and direct access to SOC analysts for incident consultation.
• Professional Services: Available for custom integrations, specialized forensic investigations, and security architecture consulting.
• Training: Comprehensive online Academy training for the USM platform and regular webinars on the evolving threat landscape.

AT&T Security is built on the Open Threat Exchange (OTX), ensuring broad compatibility:

• Cloud Native Connectors: Direct, API-based integration with AWS, Microsoft Azure, and Google Cloud Platform (GCP).
• SaaS Integration: Pre-built connectors for Microsoft 365, G Suite, Salesforce, and Box.
• Network Hardware: Compatibility with major firewall and switch vendors (Cisco, Fortinet, Palo Alto Networks) via Syslog and NetFlow.
• Endpoint Integration: Native agents for Windows, macOS, and Linux, as well as integrations with existing EDR tools (e.g., SentinelOne, CrowdStrike).
• API Access: A robust REST API allows for custom data exports to external BI tools or specialized reporting engines.

AT&T Security is designed to meet the most stringent global standards:

• Certifications: SOC2 Type II, SOC3, and ISO 27001.
• Regulatory Alignment: Out-of-the-box reporting templates for HIPAA, PCI-DSS, GDPR, NERC CIP, and FISMA.
• Data Residency: Options to select specific geographic regions for data storage to comply with local privacy laws.
• Access Control: Support for Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC) to ensure only authorized personnel can access security logs.
• Encryption: Data is encrypted at rest and in transit using industry-standard AES-256 and TLS 1.2+ protocols.