Working with MSSPs to optimize XDR

March 8, 2022  |  Michael Vaughn

Businesses today have many tools in their security stack and security teams find themselves spending too much time managing the tools and not enough time tackling business-critical projects. Security tool overload creates internal challenges and distracts from the primary business mission. How can companies better protect themselves while staying on track to achieve goals?

 Let’s take a look at how working with a managed security service provider (MSSP) to manage your extended detection and response (XDR) solution can improve security coverage in busy and complex environments.

Much like secure access service edge (SASE) combines several network security protections, XDR combines network and endpoint detection and response capabilities with endpoint protection and security orchestration, automation, and response (SOAR). As with SASE, the devil is in the details.

XDR as a service helps you scale

One material way to simplify security is to enlist the aid of an MSSP. These experts have a deep understanding of how the tools work, and they have broad experience installing and running a variety of products and platforms in different customer environments.

XDR provides protection, detection, and response across the security ecosystem

While AT&T’s USM-based XDR is vendor-agnostic, it features a unique integration with SentinelOne, one of the leading vendors in the endpoint detection and response space. SentinelOne consolidates multiple endpoint security solutions, including next generation antivirus, pre-execution protection, and AI-based detection and response, into a single agent. The USM Anywhere integration with SentinelOne powered by the SentinelOne Advanced AlienApp allows the SOC analyst to terminate malicious processes, quarantine infected devices, and even roll back events to keep endpoints in a constant clean state. All this is achieved from a single pane of glass with the USM Anywhere platform.

Services based on AT&T’s USM Anywhere and SentinelOne bring broad visibility into your environment through their ability to interoperate with many security tools utilizing AT&T’s AlienApp integrations. These connections across your environment pull events and security intelligence into one centralized hub for further correlation and add context to help you respond faster to investigations and threats. With an extensive and evolving library of AlienApps, you will not need to rip and replace your current infrastructure; as you grow or change, your security can too.

Intelligence is key

Threat intelligence is critical for accurate detections and reducing false positives. This is one of the strengths of the USM Anywhere-based solutions—they include access to AT&T’s unique perspective as a service provider and operator of one of the largest networks in the world.

It starts with the world’s largest open threat intelligence community, AT&T Alien Labs Open Threat Exchange (OTX), feeding in data from researchers around the globe. Additional machine learning and security analytics help correlate the data and provide context so threats can be identified faster and more accurately. However, the biggest advantage is the AT&T Alien Labs researchers who, in combination with the OTX platform, can discover infrastructure and tools used by threat actors to host their operations and launch ransomware and other sophisticated cyberattacks. By concentrating on threat actor tactics, techniques, and procedures (TTPs), this approach provides early-stage, more predictive identification of threats, which means higher-fidelity detection of evolving threats.

Highly contextualized and correlated data is automatically maintained and fed into the award-winning USM platform, along with AlienApp intelligence for data analysis across your growing business.

Vendor lock-in, or multi-vendor integration?

One approach to addressing security tool complexity is to “go all in” with one vendor. The argument here is that standardizing on one vendor’s approach is better because the tools were designed to work together. However, the truth is that often each vendor’s products are more a collection of acquired technology than an integrated solution, and roadmaps for consolidation frequently stretch to the horizon. Not to mention that vendors tend to be leaders in one type of tech but followers in most other areas.

Another approach to consider is an open XDR solution. This approach brings together two important existing solutions: advanced security information and event management (SIEM) platforms with correlation engines, and endpoint detection and response agents. They also have deep integrations with third-party tools such as firewalls, SaaS/IaaS clouds, SASE solutions, and more. These integrations make responding to incidents, and automating responses, quick and easy. With this approach, you are free to choose the best security vendors with the confidence that they can be used together without the need for you to replace your entire stack.


There are no quick fixes for most of our modern security challenges, but one clear way to simplify things is to select products and services that are well integrated and offer the flexibility to mix and match critical components. By relying on MSSPs, organizations can reduce the need for both staff and subject matter expertise. Since detection and response has a significant learning curve, businesses can also realize significant savings and rest assured that their network is guarded by professionals. AT&T’s USM-based XDR brings together our strongest resources to help you improve your time to detect, respond, and recover from threats. Leverage our advanced security analytics, leading endpoint security, deep integrations with industry-leading vendors, and world-class 24x7 support to drive efficiencies in your security operations and help you find and quickly act on true threats to your business.

To learn more, visit AT&T Cybersecurity MSSP Partner Program (att.com)

Share this with others

Tags: mssp, xdr

Featured resources



2024 Futures Report

Get price Free trial