AT&T Cybersecurity’s Edge-to-Edge technologies provide phenomenal threat intelligence, collaborative defense, security without the seams, and solutions that fit your business. Our unique, collaborative approach integrates best-of-breed technologies with unrivaled network visibility and actionable threat intelligence from AT&T Alien Labs researchers, Security Operations Center analysts, and machine learning – helping to enable our customers around the globe to anticipate and act on threats to protect their business.

Timely, tactical cyber threat intelligence powered by AT&T

Driving resilient threat detection and response

Our continuously updated, integrated threat intelligence helps you more quickly prioritize and address the critical threats targeting your business.

Delivering deep insight into adversaries and attacks

Our researchers use advanced analytics and machine learning to analyze one of the largest collections of threat data in the world, so you can stay ahead of evolving threats.

Automating proactive threat hunting

We write and update the correlation rules and threat indicators needed to continuously detect and prevent attacks.

The volume of threat data Alien Labs collects across multiple, global sources gives our Labs team unique visibility of the global threat landscape.

• Visibility into 220+ petabytes of traffic and 100 billion probes for vulnerabilities on the AT&T IP network
• Insight from analysts at 8 global SOC locations
• Observations of more than 20 million threats from our USM global sensor network
• Analysis of more than 250,000 suspicious files and 400,000 suspicious URLs Powering resilient threat detection Alien Labs goes beyond simply delivering threat indicators.

Powering resilient threat detection Alien Labs goes beyond simply delivering threat indicators.

We enrich our threat intelligence with qualitative research that provides insight into adversary TTPs. By identifying and understanding the behaviors of adversaries (and not just their tools) and supporting threat detection at multiple stages of an attack, we help power resilient threat detection even as attackers change their approaches or as an organization’s IT systems evolve. Alien Labs uses proprietary analytics, machine learning (ML), and a global team of threat researchers to validate, analyze, and interpret the large volume of threat data we collect. Our malware analysis technology includes, for example, use of sandboxing for dynamic analysis, agents for static analysis, and supervised machine learning (see figure 2).

Alien Labs curated threat intelligence is directly integrated with the USM platform for threat detection and response. For example, the Labs research team continuously updates intrusion detection system (IDS) signatures, Yara rules, and more than 850 correlation rules in USM on a daily basis. This helps decrease the time from public disclosure of a threat to customers being able to detect, investigate, and respond. Alien Labs also provides intelligence to help support the investigation of and response to threats.

To provide for vigilant coverage of adversary TTPs, Alien Labs maps its correlation rules to industry best-practice frameworks, including the Cyber Kill Chain® and the MITRE ATT&CK™. (See Figure 3). Alien Labs also maximizes the expertise of our AT&T peer-group and threat-sharing community by continuously feeding knowledge back into our threat analysis systems, further refining our threat models, filling knowledge gaps, and quickly identifying emerging threats.

OTX: Supporting collaborative defense

The Open Threat Exchange (OTX) provides users the abiity to collaborate, research, and receive alerts on emerging and evolving threats with open integration to any security product. Alien Labs collects threat indicators from the OTX community (including malicious IP addresses and URLs, domain names, malware samples, and suspicious