It’s not a surprise if AT&T wants to sell its cybersecurity unit as the carrier has struggled to match industry expectations for the unit following its acquisition of AlienVault in 2018.

So says Eric Parizo, managing principal analyst at Omdia, which shares a parent company with Channel Futures (Informa). This week, Reuters reported AT&T is looking to sell its cybersecurity division. It said AT&T has been working with Barclays to solicit potential bids for its cybersecurity business. AT&T acquired AlienVault in a roughly $600 million deal.

Once the acquisition was complete, AlienVault became AT&T Cybersecurity.

An AT&T spokesperson told us the carrier doesn’t comment on rumors or speculation.

AlienVault Acquisition by AT&T Not Right from the Start

Parizo said the AlienVault acquisition seemed like “an odd fit” for AT&T.

Omdia’s Eric Parizo

“AlienVault gained traction in the marketplace as a hybrid security information and event management (SIEM) solution geared more toward smaller, midmarket organizations,” he said. “However, AT&T’s primary intent with the acquisition was to use the technology to provide managed services to large enterprises. Indeed, though AT&T has sought to improve the product under its ownership, it has never been an ideal platform for enterprise-grade managed detection and response (MDR), particularly as extended detection and response (XDR) and next-generation SIEM solutions have emerged in the past few years and largely usurped the capabilities for which AlienVault had been known.”

AT&T Cybersecurity is broader than just the former AlienVault solution, now the Unified Security Management (USM) platform, Parizo said. It also features the AT&T Alien Labs Threat Intelligence group, plus eight global security operations centers (SOCs) around the world to provide managed SOC services in a follow-the-sun model.

“As noted by Reuters, the motivation is that with increasing likelihood of a recession coming, AT&T is looking to shed non-core businesses and use the proceeds to pay down its billions of dollars in debt,” he said. “As interest rates rise, that much debt on a balance sheet becomes more of an albatross for investors.”

Lots of Options for Customers

As far as the cybersecurity impact, AT&T is not a dominant player in SIEM or MDR, Parizo said. Customers will find many other suitable options should a potential new owner change the technology or delivery model.

“More broadly, Omdia believes that 2023 may be the year when vendors and providers that aren’t all-in on cybersecurity look to exit the market as a cost-cutting measure,” he said. “Gigamon’s recent sale of its ThreatInsight network detection and response (NDR) business to Fortinet is an example, as is the OpenText acquisition of Micro Focus, which had significantly increased its capabilities in cybersecurity in recent years, but investors had yet to see a payoff. It’s a trend to watch for as the year goes on.”

Consolidation Inevitable Among Service Providers

Adam Etherington is principal analyst of digital enterprise services, also with Omdia. He said there are a vast number of platform, appliance and service companies in the security space.

Omdia’s Adam Etherington

“I believe this possible move by AT&T is just the beginning,” he said. “Consolidation is inevitable among service providers.”

That’s because:

“The competitive landscape is still very fragmented, but nontraditional security players are being very successful and challenging established, large service providers like AT&T,” he said. “Consider Ernst & Young or PwC, who both have established, fast-growing security practices that are compelling and executive-engagement, consulting led.”

Finally, Etherington said he’s noticed telcos creating separate cyber divisions of late, including AT&T and Orange Business Services.

“While they told me this was to ‘sharpen focus’ on cyber, it wouldn’t surprise me if this was also a way to prepare possible divestments, alongside their towers and physical asset ‘businesses’,” he said.