AT&T and PE Firm Spin Out MSSP LevelBlue

AT&T and private equity firm WillJam Ventures have launched LevelBlue, a managed cybersecurity services joint venture.

The announcement came at RSA Conference 2024 in San Francisco this week, some five months after AT&T and WillJam announced their initial plans to pair up to bolster cybersecurity services for small and medium business (SMB) customers.

The move aims to spin out and expand AT&T’s cybersecurity services to customers under the new LevelBlue name. LevelBlue will provide managed cybersecurity services through a standalone business operated by AT&T and WillJam, according to the companies.

LevelBlue will also provide cybersecurity consulting, threat intelligence and continuous security operations center (SOC) capabilities through more than 1,000 employees around the globe. AT&T is retaining a minority ownership stake and board representation in the new company, the partners stated.

No price tag was announced for the deal, which is expected to close by the end of Q1 2024.

“LevelBlue’s advanced cybersecurity capabilities, our co-investment with AT&T and our ability to innovate will serve our customers and the industry well now and in the future,” said Bob McCullen, chairman and CEO of LevelBlue and managing partner of WillJam Ventures. “LevelBlue’s comprehensive technology and service portfolio simplifies cybersecurity for the businesses that fuel our global economy.”

In a related blog post on the AT&T website, McCullen wrote that he created WillJam Ventures in 2022 to invest in and operate world-class cybersecurity businesses.

Rick Welday, executive vice president of AT&T’s enterprise markets division, said the standalone managed security services venture with WillJam will help AT&T by allowing it “to stay one step ahead of evolving cyber threats and foster innovation in the cybersecurity space.”

Today, LevelBlue’s managed services operate 24/7/365 across four global SOCs and three global network operations centers (NOCs), according to the partners. LevelBlue and its vendors provide comprehensive analytics, reporting capabilities, and full-service support.

A New Category of Security Comes to Life

Plans for this week’s LevelBlue launch were first revealed back in November of 2023, when the two partners announced their intentions. At the time, the new standalone company had not yet been given the LevelBlue name.

The arrangement allows AT&T to continue offering managed security services, while also focusing on enhanced network-based security capabilities for SMBs.

One of the biggest benefits of LevelBlue’s offerings is that by baking security services into AT&T’s connectivity lineup the partners will create a new category of security for customers by melding network embedded security with managed security service provider (MSSP) capabilities.

Private equity firms typically like to invest in MSSPs and MSPs because they are subscription services businesses with predictable and profitable recurring revenue streams.

Shelly Kramer, managing director and principal analyst at SiliconANGLE Media, Inc. | theCUBE Research & Advisory, told MSSP Alert that the LevelBlue partnership makes sense in a crowded cybersecurity marketplace.

“As the cyber stack continues to become more complex, customers need managed security services more than ever,” said Kramer. “LevelBlue will benefit from the brand recognition and trust inspired by AT&T.”

Another analyst, Rob Enderle of Enderle Group, said that AT&T transitioning its cybersecurity operations into the new LevelBlue business shows that "everyone is getting more serious about security given the increased threat levels."

"Private equity likes anything with a large potential upside, and right now, security has one of the largest potential upsides of any segment given the significant increase in hostile state malware creation and the continued advancement of ransomware," said Enderle. "The AT&T name assures the effort has a substantial organization behind it reducing risk. Small firms can come and go which creates risk for buyers, but AT&T’s name mitigates that risk considerably."