An Inside Look at AT&T’s Operations Center, and its Security Strategy

The view from inside AT&T's Global Network Operations Center (Image provided by AT&T)
The view from inside AT&T's Global Network Operations Center (Image provided by AT&T)

AT&T is traditionally thought of as a network provider – a behemoth among the giants of US telecommunications. It is among the 20 largest corporations in the world according to market value, and boasts more than 100 million mobile customers worldwide. Yet few think of this Ma Bell progeny as a supplier of security services. It’s an image the company is working hard to transform, says Andy Daudelin, VP of AT&T’s Security Services division.

The security market is seen as a $1 billion opportunity for AT&T, it said back in November. The reason: AT&T’s vast network monitoring resources leave it uniquely positioned to provide cloud-based security services for organizations of all sizes, simply by taking advantage of its existing infrastructure. When one thinks about it, the proposition makes logical sense. After all, if the objective is to protect data and the availability of the digital ecosystem, then who is better suited to defend the system than the companies that provide the infrastructure through which the data flows?

It’s not an entirely novel concept – after all, BT provides many of the same offerings in the UK and throughout the world. But the overlap of telecoms and security for the enterprise market is far less common in the US, and it offers a world of commercial opportunities for companies with the ability to capitalize on this.

AT&T has received its fair share of criticism over the years – both in terms of security and network availability. The company was named worst wireless provider in the country by Consumer Reports in both 2010 and 2011. Also in 2010, hacker group Goatse Security gained unauthorized access to email addresses for more than 100,000 of AT&T’s iPad users. In 2012, many of the company’s business customers experienced service outages during a distributed denial-of-service attack on AT&T’s DNS servers. The attack persisted because – in response – AT&T adjusted its configurations in real-time, which resulted in availability problems while its engineers resolved specific configuration issues.

As with any organization that enjoys longevity, however, the telecoms provider has used these challenges as learning tools, and in the process establish perhaps the world’s largest Global Network Operations Center (GNOC) and with it a world-class security research capability – led by senior VP and chief security officer, Edward Amoroso.

AT&T cooperated with law enforcement with respect to the Goatse intrusion, resulting in subsequent convictions on conspiracy charges for two of the hackers involved in the incident. And in November of 2012, the company thwarted what it called an “organized” hacking attempt to compromise the account credentials for nearly one million of its mobile customers.

Built in 1999, AT&T says its GNOC is the largest such operations center of its kind in the world. With its dim lighting and sprinkling of spotlighted desk lamps, it reminded me of the war room in Dr. Strangelove. But glance up and you get the feeling you are in a facility akin to NORAD, glimpsing at dozens of large visual monitors, feeding in near real-time information about network traffic and operational data. Adjacent to this, in a similar but smaller room, lays a separate security operations center.

The GNOC’s objective is two-fold, according to AT&T’s network visitor program manager, Steve Moser. First it serves a command-and-control function, designed to detect and respond to disruptions in the company’s network. Its second job is preventive, designed as a facility to “get in front of issues”, Moser explained, which includes security problems.

After a walk through the GNOC, I then sat down with two executives from AT&T Business to discuss the company’s new security strategy. More importantly, I wanted to know how AT&T planned on going from a virtual unknown in the security services world to a $1bn revenue stream.

Play to your Advantages

Michael Singer is the associate VP of Mobile, Cloud, and Access Management Security for AT&T Business’ marketing division. An Ed Amoroso disciple, he recently took this position after years as executive director of the firm’s Security Services research and development arm. “We know data at rest is going into the cloud, and into the hands of people with mobile devices”, he said, recalling a decision by Amoroso – several years ago – to divide the Security Services division into groups focused specifically on cloud and mobile security. The move was a natural one, given the foreseen emphasis of these forms of computing.

Daudelin explained why security services have billion-dollar potential for AT&T. The plan is to “mainstream security services into AT&T’s business solutions”, he noted, by integrating security into many of the company’s commercial service offerings.

I then asked him why an enterprise should buy security services from AT&T, rather than a dedicated security firm. After first mentioning that AT&T does offer integration with other vendors’ security technologies, Daudelin offered up his ace: “Our network gives us the power – in terms of information and events – that can be fed through AT&T’s big data analytics. We can put together a complete solution that leverages both of these advantages”.

Singer wasted little time in following up on this pitch. “We are fortunate that we can adopt the same network monitoring operations we have leveraged for decades and apply this to security monitoring”, he asserted. “We leverage these in our managed security services in a way that you couldn’t do unless you are running a very big network”. While size isn’t everything, at this point I couldn’t help but recall that I was sitting two floors up from the GNOC – and impressive network monitoring resource that reaffirmed Singer’s claims.

Easing the Burden

Depending on an organization’s specific business needs, not all IT services are candidates for network-based security solutions, Singer admitted. There is a handful, however, that he labeled as “easy” ones. They include email, firewalls, intrusion prevention (IPS), and anti-virus.

‘Integration’ is also a key concept brought up numerous times by both Singer and Daudelin. The strategy is to offer seamless integration of security services for its businesses offerings – allowing even smaller organizations to pick and choose what services they want to target for additional enhancements. “Security should be a natural, easy add on” to any of the company’s services, Daudelin explained – and this includes easier purchasing bundles for SMBs, vertical industries, and plain security services.

As I part ways with these two AT&T security executives, as ask them what they hope to achieve enroute to fulfilling the lofty sales goals the firm established just a few months ago. “Improving the customer experience”, Singer responded immediately, underscoring the fact that security must be seamless to promote greater uptake of the services that companies like his are trying to sell.

“We need to raise awareness about AT&T’s network security capabilities”, added Daudelin, who is not afraid to acknowledge that his company is far from a ‘household name’ in the security services world. It’s a task he says the company takes seriously, and a fact that he – along with his team – is working hard to change.

Singer, in closing, summed it all up with extreme brevity. “We can transfer the burden from customers to AT&T”, he said with a slight smile. If the Security Services division can achieve that $1bn dollar business goal over the near term, that smile could become a full-out grin – from ear to ear. And if it does, in the process the entire information security ecosystem could learn whether the telecom providers at the front lines of network operations are the most adept defenders of the data that traverses their networks.

Editor's Note
This article has been updated from the originally published version to reflect that AT&T did employ its DDoS Defense service during the 2012 denial-of-service attack. 


What’s hot on Infosecurity Magazine?