AT&T has launched a cloud-based, managed XDR (extended detection and response) offering designed to provide automated and orchestrated malware prevention, threat detection and continuous security monitoring of endpoint, network and cloud assets to help organisations detect and recover from security threats at scale.
The AT&T Managed XDR suite of security software is built on existing offerings including the company's USM Anywhere SaaS security monitoring application; machine-learning based threat intelligence from AT&T's Alien Labs; AT&T Managed Endpoint Security, which incorporates software from AT&T partner Sentinel One; and AT&T Managed Threat Detection & Response software.
In addition, the platform offers the ability to integrate with third-party products via AT&T AlienApps, and provides a variety of third-party connectors.
Enterprise IT architecture is constantly evolving and becoming more complex as companies support hybrid cloud environments and a workforce that increasingly comprises remote as well as on-premises staff. Conventional detection systems fall short in terms of response as the number of alerts and an overwhelming amount of data to monitor are proving to be extremely challenging, AT&T says.
XDR suite offers broad view of IT assets
A big selling point of the new XDR suite is its ability to bring broad, consolidated visibility into enterprise IT infrastructure, from endpoints to the cloud, by combining capabilities from AT&T's own arsenal of security tools as well as those of third-party providers, AT&T officials says.
“AT&T’s managed XDR is a lot different than the conventional detection and response systems in the sense that it provides for our clients to build our solution on the platforms that they already use in order to make the best out of their investments,” says Rakesh Shah, senior director of product management at AT&T Cybersecurity.
“The solution combines Alien Labs’ ability in threat detection with our other managed services developed in partnerships with endpoint security leaders like SentinelOne, Microsoft Defender, and network security giants such as Palo Alto Networks, Zscaler and more."
An ideal customer for the XDR solution, according to Shah, would be a midsize enterprise interested in outsourcing a service to be on AT&T because they don't have the in-house resources to deliver the types of security results that they need. Larger enterprises who may not want to outsource their security completely but are looking for some help may also use the XDR solution.
Managed XDR platform provides expertise
“The nice thing with managed XDR solutions is that you onboard not just that vendor’s holistic extended detection and response technology, but in the case of AT&T’s offering, you are also onboarding the expertise and the capabilities of the AT&T Security Operations Centre (SOC),” says Liz Miller, a vice president at Constellation Research.
“So you get the expanded monitoring and threat detection across network, cloud, end points and servers but you get the skills and expertise of SOC analysts and a much larger data pool to power and train machine learning and any AI tools leveraged to aggregate and analyse security data for faster and, in theory, more proactive response to threats.”
Any XDR solution suite, according to Miller, should ideally be able to focus on bringing enterprise-wide protection, detection and response from any and every source, effectively eliminating blind spots caused by location of endpoints, servers or the network.
“XDR promises to offer more efficient threat detection and response, but one of the challenges in rolling out an XDR solution can be the complexity of deployment and fine-tuning of the platform -- especially with the legacy tech an organization may have in place,” said Christina Richmond, program VP for IDC Security Services, in a statement about the AT&T Managed XDR suite.
“Service providers can offer support and expertise in helping organisations to figure out those integrations as well as services to support customers 24/7 with ongoing monitoring and management.”
AI plays a key role in threat detection
AI plays a key role in AT&T's security offerings. AT&T Alien Labs is a team of threat researchers and data scientists who, using proprietary analytics and machine learning technology, analyse large and diverse collections of global threat data.
Additionally, the researchers at Alien Labs now use the Open Threat Exchange (OTX) platform to automate the discovery of infrastructure that, for example, is targeted by threat actors for ransomware operations.
Sentinel One, on its part, is a cyber security company offering an AI-based endpoint security software that has been incorporated into AT&T's managed XDR platform.
Meanwhile, AlienApps is designed to enable integration of the security orchestration capabilities of AT&T’s USM Anywhere with any third-party business’ in-house productivity and security tools to consolidate and streamline threat detection and response.
The managed XDR platform, in essence, is designed to monitor and detect security threats across the entirety of an enterprise's expanding infrastructure, which can include on-premises assets, cloud workloads, network servers and communication (email) endpoints, with consolidated visibility.
AT&T Managed XDR, available now, will offer platform onboarding as well as initial policy tuning and training. Value-added services from AT&T Consulting will include design, deployment and support services, employee security awareness training, and an incident response retainer service.