Interview: John O’Malley, Director of Cybersecurity, AT&T Cybersecurity

Written by

When US telco AT&T acquired AlienVault in 2018, a new division of AT&T Cybersecurity was created. This also enabled AT&T to enhance its existing managed security service provider (MSSP) position and bring together a number of product and service sets under the single umbrella of AT&T Cybersecurity.

Speaking to Infosecurity, director of cybersecurity at AT&T Cybersecurity, John O’Malley, said the overall practice now has eight operation centers globally, including the Alien Labs environment, as well as the managed threat service and the Open Threat Exchange. “This provides a strong ability to know what is going on out there, especially for MSSP customers, and if one person has a problem, they are mitigated and other users are protected,” he said.

“It fits well into the portfolio and we now have quite a bit of traction within AT&T.”

O’Malley said it sends a “strong message to the market” and to the business that cybersecurity is being taken seriously. So considering all that has happened in 2020, how does he see the space surviving the pandemic? He claimed that you now see MSSPs “operating at scale” with dedicated security resources, as running a full-time SOC is becoming an overhead and burden, and there is greater confidence in working with an MSSP.

“One of the trends we’re definitely seeing is that companies are looking at their existing partners and incremental services to get that support, and we ourselves have a good portfolio of products versus point to point products with limited roadmap and inter-operability issues,” he said.

“I think the MSSP is having a resurgence at the moment. With C-level cyber-fatigue, in constantly having to update with the latest and greatest products, and those reaching a lifecycle end have to forklift the whole thing over to something else, with an MSSP they have the latest patching etc. covered, so it is a lower risk option. You’re never going alone. So there is a resurgence of that, and not least of which is the pandemic situation.”

“Companies don’t want to keep adding new partners, products and services with new suppliers”

Regarding the pandemic, O’Malley claimed some companies were able to make the move to a more agile mode of working as part of their cloud strategy. He said if we were to have had this conversation a year ago about moving to cloud, it would be a three- to five-year plan, and now it is about doing it in 18 months.

He cited the growth of zero-trust as an example of that, as this can be viewed as an operational expense than a capital one. “I think that has accelerated a lot of things. Will it be a long term change? I guess time will tell, but it has dragged us into a different world and one I cannot see us returning to.”

What about the current threats, are things static or getting worse? O’Malley said in the summer DDoS attacks had “been very noticeable for us” and particularly from nation state groups. However, he expressed surprise that DDoS mitigation is not a common standard in a lot of companies, as it is easy to put in place and offers a quick return. “It is the threats we don’t know about that we are getting less exposure to,” he said.

Is this the sort of thing a company would go to an MSSP for? O’Malley said it is seeing an interest from companies where there is a “single service” and where a customer is looking to enhance a service “as that is an indication that companies don’t want to keep adding new partners, products and services with new suppliers; they want to go where someone has already made that decision.”

He said this is an indicator of being a “trusted advisor” and as an MSSP, that is what you want to achieve. “There is also a higher degree of OEM involvement as well in the marketplace to ensure that the company is looking for the best possible view and the best possible solution,” he said. “If you have existing support and a contract in place and measurements in that contract and service level agreements, it is the path of least resistance.”

O’Malley said as AT&T Cybersecurity itself is part of a multibillion dollar company (AT&T), and “we’re also a company that has the same challenges as any other global company in terms of protecting themselves and managing the business and employees, and ultimately customers, so it is a different perspective that we have.”

What’s hot on Infosecurity Magazine?