AT&T Cybersecurity rolled out a new managed threat detection and response service that uses the AlienVault technology and threat intelligence combined with AT&T’s security operations center (SOC) and managed services experience.

AT&T acquired AlienVault last year, and rolled that company’s Open Threat Exchange and unified security management (USM) platform into its new standalone security division, AT&T Cybersecurity, which the operator announced at this year’s RSA Conference.

To be clear: AT&T already offered a managed threat detection and response service prior to today’s announcement — and the AlienVault acquisition. But this service, previously called Threat Manager, was “a very high-end, very custom, bespoke service,” said Roger Thornton, vice president of products and technology at AT&T Cybersecurity. “No two Threat Managers were the same. For example, a very large enterprise or government agency would hire AT&T to build out a SOC and then AT&T would manage that for them. We still do that today, but that wasn’t scalable for the masses.”

On the other end of the spectrum: AlienVault’s platform. Thornton, who came to AT&T Cybersecurity via the acquisition, said about half of AlienVault’s customers used the platform to run their own SOCs. Meanwhile, the other half bought the platform through one of AlienVault’s 500 or so managed security service provider partners that offered it as a service. “That was a bit more turn key, repeatable, and cloud based, so it scales,” Thornton said.

The new service, called AT&T Managed Threat Detection and Response, is based on the AlienVault USM platform for threat detection and response. “And what this allows us to do is reach a broader set of customers, be able to deploy more quickly, and offer it as a truly cloud-hosted managed service,” Thornton said.

The cloud-native platform includes security orchestration, automation, and response (SOAR), and has more than 300 built-in integrations. And the AT&T Managed Threat Detection and Response SOC has a dedicated team of security analysts who monitor customer environments 24-7 and detect and respond to threats. In addition to handling the daily security operations of monitoring and reviewing alarms to reduce false positives, the SOC team also conducts in-depth incident investigations, and provides threat context and recommendations for containment and remediation.

All of this helps companies deploy a security program (or turn up their existing SOC) without the cost and complexity of building it themselves, Thornton said. It also costs a lot less than AT&T’s earlier custom-built service. The starting price, according to the vendor, is less than the cost of hiring an additional security analyst, and it’s priced according to the total amount of events that are analyzed.

NHS Management, which provides administrative and consulting services for health care facilities and companies across the southeast U.S., is an early AT&T Managed Threat Detection and Response customer. “We couldn’t do the things that AT&T brings to us for four times the cost of what we’re paying now,” said Stephen Locke, CIO of NHS Management, in a statement. “Even if we did, we wouldn’t have the same level of expertise and intelligence of what’s happening in the cybersecurity world.”

Customer can buy the new managed security service directly from AT&T, or from one of AT&T’s managed security services provider partners. “And we also offer the ability for a hybrid solution where a customer can have their own SOC and our team manages it, and we figure out who takes care of what: us, a partner, or the customer.”