As a security-first organization, AT&T Cybersecurity makes your data protection and privacy a top priority. USM Anywhere architecture and processes are designed to protect your data in transit and at rest.
All data sent from the USM Anywhere Sensor deployed in your on-premises or cloud environment to the USM Anywhere service in the AlienVault Secure Cloud is encryptedCryptographic transformation of data into a form that conceals the data's original meaning to prevent it from being known or used. and transferred over a secure TLS 1.2 connection. Each Sensor generates a certificate to communicate with the USM Anywhere service. This means that all communication is uniquely encrypted between each Sensor and USM Anywhere.
The data collected in USM Anywhere is secured using AES-256 encryption for both hot (online) storage and cold (long-term) storage.
Single-Tenant Data Store
Unlike other SaaS solutions that use a multi-tenant architecture, AT&T Cybersecurity uses a single-tenant data store architecture to securely store your data. With USM Anywhere, your data is stored in its own dedicated data store, which is completely isolated from other customers’ data. Unlike multi-tenancy, which is prone to data leakage and breakage that can affect multiple customer accounts, single-tenancy ensures that all customers’ data is kept separate and leak-proof.
Cold Storage Data Integrity
USM Anywhere offers secure long-term log retention, known as cold storage. By default, USM Anywhere enables 12 months of cold storage with the ability to extend the long-term storage capacity as needed.
USM Anywhere uses a write once, read many (WORM) approach to log storage to prevent log data from being modified or otherwise tampered with. You can download your raw logs at any time. If you do not renew your subscription, AT&T Cybersecurity will keep the raw logs for 14 days after your subscription expires, giving you a grace period to restart your service. Within the 14 days, no data is collected until your license is reactivated. Therefore, data is lost between license expiration and reactivation. After 14 days, your data will be destroyed.
Your data in USM Anywhere is treated as highly confidential, and only a select few AT&T Cybersecurity staff members have access. This group of employees uses multi-factor authenticationA method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence. (MFA) to access the AlienVault Secure Cloud. Strict internal controls and automation enable support for the service while minimizing administrative access.
AT&T Cybersecurity also has a formal information security program that implements various security controls to the National Institute of Standards Technology (NIST) Cyber Security Framework. Key controls include: Inventory of Devices, Inventory of Software, Secure Configurations, Vulnerability Assessment, and Controlled Use of Administrative Privileges. Additionally, AT&T Cybersecurity conducts security self-assessments on a regular basis.