AT&T Splits Cybersecurity Services Business, Launches LevelBlue – Source: www.darkreading.com

Source: Mikko Lemola via Shutterstock

AT&T has completed the divestiture of its cybersecurity services group and formed a joint venture with more than 1,000 employees in 10 countries that will focus on managed cybersecurity services.

The new company, LevelBlue, includes AT&T’s managed service business, cybersecurity consulting business, and the assets from AT&T’s purchase of AlienVault in 2018, such as the Open Threat Exchange (OTX) community of security professionals. Services will include managed firewalls — both on-premises and in the cloud — secure Web gateways, email gateways, content filtering, and services for managing security operations centers (SOCs), says Robert McCullen, chairman and CEO of LevelBlue and the founder of WillJam Ventures, which has taken a majority share of the new company.

“AT&T is all about fiber and 5G, and this new entity will be all about cyber,” he says. “And so this will allow us to invest in the people and technology and really focus on our customers from a cyber perspective.”

AT&T is divesting itself of assets as it struggles to pay down the debt incurred by its acquisitions of DirecTV in 2015 and TimeWarner in 2018, and a $3 billion breakup fee incurred by its failed acquisition of T-Mobile, which had been blocked by regulators. The company currently owes $143 billion in long-term debt, according to a December 2023 financial report. 

Growing Beyond Commodity Security Services

The new company starts in a fairly strong position. AT&T Cybersecurity ranked fourth on an annual list of the top 250 managed security service providers (MSSPs) in 2022. (AT&T Cybersecurity did not participate in the 2023 list, but LevelBlue will take part in the 2024 list, McCullen says.) 

Divesting from AT&T will give LevelBlue more flexibility to tailor its offerings to combine the best products and services, which will be key to grow market share, says Jonathan Ong, a senior analyst in the managed security services group at business intelligence firm Omdia. 

“This is especially important due to the consolidation trend driven by both vendors and security end users,” Ong says. “At a more operational level, managed detection and response will likely maintain its strong momentum, but modular add-ons, such as emergency incident response and managed threat hunting, will be important in gaining a foothold in new customers and catering to [small and midsize enterprises], which may not yet have the appetite for a full-fledged service.”

The high price of cybersecurity talent is a boon to the managed security services market because companies cannot afford to build their own security teams. But the same workforce challenges mean LevelBlue will have challenges growing its own team as well.

And grow it must. LevelBlue will need to expand beyond the legacy MSSP slate of services, as the market has increasingly become commoditized, says Joseph Blankenship, vice president and research director for the Security & Risk group at Forrester Research. Instead, companies are moving toward the managed detection and response (MDR) model, he says.

McCullen’s former company Trustwave, for example, shifted its focus to MDR and co-managed security operations center. In January, a private equity fund acquired that 1,600-employee company from Singapore-based telecommunications giant Singtel.

LevelBlue will have to avoid the pitfalls encountered by Trustwave and its former owners, Blankenship says.

“A lot of the service providers that had been playing in [the legacy MSSP] space have pivoted toward their MDR services, and they’ve either deprecated or spun off or sold their MSSP service because they realize, ‘Hey, these two different things are two different skill sets and vastly different profit margins or operating margins,” he says.

A Close Partnership With AT&T

LevelBlue will initially mainly service AT&T’s network customers, which McCullen characterized as “tens of thousands,” as well as some of the new company’s own managed cybersecurity services clients. The new firm will have eight SOCs around the world. 

“We will be servicing their cyber clients, and a lot of them are mutual clients — between network and cyber,” he says. “So we expect to have a long, close relationship.”

LevelBlue will also have an internal research team, Blue Labs, that will focus on both threat research and new product development, including artificial intelligence capabilities, McCullen says. The company will use threat indicators from the Open Threat Exchange (OTX) — originally part of AlienVault, which AT&T acquired in 2018 — and its community of 235,000 security professionals to better detect and respond to breaches.

“We’ll focus on … threat detection to do predictive security,” he says. “We have a ton of data that we can mine to look for threats and hopefully take action before they compromise an organization.”