Wireless communications giant AT&T spun out its managed cybersecurity business to create a standalone company called LevelBlue that will enter the highly competitive market with more than 1,300 employees and seven operations centers around the world.

The announcement on the first day of the RSA conference in San Francisco comes six months after AT&T announced its intentions for a joint venture with Chicago-based investment firm WillJam Ventures. The telecommunication company is keeping a minority stake in the new company, which is headquartered in Dallas and has offices in Ireland, Spain, and Australia.

Bob McCullen, the former CEO of Trustwave, a cybersecurity and managed security services provider, is LevelBlue’s chairman and CEO, with Sundhar Annamalai – a longtime AT&T executive who most recently was vice president of transformation and strategy at health insurance company Humana – serving as president.

When announcing the plan in November 2023, AT&T executives noted that the company is integrating more security capabilities into network and edge products and that spinning out the AT&T Cybersecurity managed services business will give the company a managed services partner to lean on. They reiterated this point again at RSA, with Rick Welday, executive vice president of AT&T’s Enterprise Markets business unit, said in a statement that “as we continue to embed more security capabilities into our core network, this venture simultaneously allows us to stay one step ahead of evolving cyber threats and foster innovation in the cybersecurity space.”

AI and the Cloud

In a blog post, McCullen noted the rapidly evolving enterprise computing landscape and the need for managed cybersecurity services to keep up with the changes.

“As organizations continue innovating, technologies such as artificial intelligence (AI) and cloud computing create a more dynamic, expanded threat landscape,” he wrote. “With LevelBlue, organizations no longer need to sacrifice innovation with security – they achieve both, with confidence.”

McCullen added that “cyber resiliency is not easily defined, nor is it easily attainable without the necessary support. LevelBlue’s strategic cybersecurity services will help solve this challenge during a time when it’s needed most.”

The new company will bring with it capabilities it held while it was housed within AT&T, including the managed security services for implementing plans that focus on security while also addressing such issues as costs and complexity. It also offers consulting services to help organizations assess their needs, plan and design their operations, identify top security priorities, and launch proactive and preventative techniques.

LevelBlue also comes with four global security operations networks (SOCs) and three network operations centers (NOCs) that are run around the clock. Its threat intelligence group runs a platform that leverages machine learning techniques and its support by the Open Threat Exchange (OTX), which has more than 235,000 security experts who submit more than 20 million threat indicators every day, according to the company.

Shedding Debt

Reports about AT&T’s decision to let go of its security business began circulating in early 2023, with Reuters reporting that it was part of a larger effort to shed businesses to reduce debt stemming from its $108.7 billion acquisition of Time Warner in 2018, a deal that the carrier reversed course on three years later by spinning it out with Discovery to create a new business.

The same year it bought Time Warner, AT&T also acquired Alienvault to be the foundation of its new cybersecurity business that it hoped would attract more corporate business. According to Reuters, AT&T in 2022 reduced its net debt by about $24 billion and wants to cut another $100 billion by next year. At the end of December, the carrier’s debt stood at $132.2 billion.

Synopsys to Sell Software Security Unit

AT&T isn’t the only tech company to announce it was shedding the security part of its business. Silicon design and verification company Synopsys the same day announced a deal with two private equity firms, Clearlake Capital Group and Franciso Partners, to sell its Software Integrity Group business for up to $2.1 billion with the goal of creating a new and privately held company that provides application security testing software.

Again, a driver behind the decision was the rapidly expanding AI landscape.

“For Synopsys, this move sharpens our focus on the unprecedented, high-growth opportunity we have in our core business – where the engineering of silicon and systems is converging as technology R&D teams look to capitalize on this AI-driven era of pervasive intelligence, Synopsys President and CEO Sassine Ghazi said in a statement.

The company’s Software Integrity Group offer a range of software and services aimed at giving developers tools to ensure the security of the software they’re building. It includes the Polaris Software Integrity Platform, software risk analysis tools like composition analysis, fuzz and security testing, and penetration testing.

In addition, services range from insider threat detection and red teaming to threat modeling and security testing.

The deal is expected to close in the second half of the year. The new company is expected to be run by the Software Integrity Group’s management team. A new name will be announced later.