Managed detection and response service

AT&T Managed Threat Detection and Response takes advantage of our award-winning unified security management (USM) platform that combines multiple essential security capabilities in one unified console to help support earlier detection, fewer false positives, and faster response.

Continuous data collection across your environments

Centralize security monitoring of all your critical assets across cloud environments and on premises, including endpoints, networks, and cloud apps.

Multiple security capabilities in one unified platform

Our USM platform is able to provide more complete threat coverage than point solutions alone, enabling early detection and helping to minimize false positives.

• Cloud and network asset discovery
• Vulnerability assessment
• User and asset configuration
• Network intrusion detection (NIDS)
• Endpoint detection and response (EDR)
• Dark web monitoring
• SIEM event correlation and log management

AlienApp integrations for continuous monitoring and security orchestration

The highly extensible architecture of the USM platform makes it possible to readily extend its security orchestration and automation capabilities through modular software components called AlienApps.

Some of the 450+ pre-built AlienApps include Microsoft Office 365, Box, Salesforce, Google G Suite™, Cisco Umbrella™, Palo Alto Networks®, CarbonBlack, and more.

AT&T Alien Labs fuels our SOCs with continuous threat intelligence backed by the Open Threat Exchange (OTX) and the expertise of the AT&T CSO so you can stay current with the constantly shifting threat landscape.

Unique threat visibility

Alien Labs has unrivaled visibility into the AT&T IP backbone, the global USM Sensor network, the Open Threat Exchange (OTX), and other sources of threat data.

Deep insights into adversaries and attacks

The Alien Labs research team uses proprietary analytics, machine learning (ML), and a global team of threat researchers to analyze and interpret the huge volume of threat data we collect. This team goes beyond simply delivering threat indicators to performing deep, qualitative research that provides insight into adversary tools, tactics, and procedures (TTPs) to our customers and the larger intel community.

Automating proactive threat hunting

We write and update threat correlation rules that are directly integrated with the USM platform on a daily basis.

Updates include:

• Correlation directives
• NIDS signatures
• HIDS signatures
• Vulnerability signatures
• Asset fingerprints
• Response templates
• Reporting modules
• Data source plugins

The AT&T Security Operations Center (SOC) has a dedicated team of security analysts who are solely focused on helping you to protect your business by identifying and disrupting advanced threats around the clock.

The AT&T Managed Detection and Response SOC analyst team handles daily security operations on your behalf so that your existing security staff can focus on strategic work.

Ongoing security program advocacy

In addition to continuous monitoring and incident investigation, our analyst team leads regular review calls with your security team to cover all investigations and incident response activities.

Our analysts host regular meetings with your team to review service metrics related to our SLAs, and to review progress towards your security program objectives and provide recommendations for improvements.

With our high-touch service delivery model and SaaS platform deployment model, our SOC analysts can be monitoring your critical infrastructure and responding to threats within 30 days of signing the contract.

Service onboarding and threat modeling

Every service onboarding experience begins with an AT&T Cybersecurity consulting engagement. Our highly skilled consultants lead a threat modeling workshop to identify and guide deployment requirements and establish future security program objectives.

Based on the in-depth analysis of your environment, our SOC analysts are able to install, configure, and tune your USM platform deployment according to your requirements and integrate with other security technologies that are in scope of our AlienApps framework.

Training and enablement for your security personnel

Going beyond the initial technology implementation, our analysts use this onboarding engagement as an opportunity to train and enable your security personnel on the platform and to develop a custom Incident Response Plan in collaboration with your incident response team.