Cyber Resilience Showdown: AT&T vs Verizon

By UpGuard on February 15, 2017

Filed under: CSTAR, cybersecurity

As the two leading mobile telecom providers in the U.S., AT&T and Verizon are perpetually at war on almost all fronts—pricing, quality of service, network coverage, and more. But with data breaches at an all time high, security fitness may soon become a critical factor for consumers evaluating wireless service providers. Let's find out how the two compare when it comes to measures of enterprise cyber resilience.

It's fair to say that these two telecom behemoths have been at it since the early days of wireless, albeit in different Baby Bell incarnations. Both are descended from two of seven independent so-called "Regional Bell Operating Companies," a breakup resulting from the 1982 antitrust settlement between the U.S. Department of Justice and the original AT&T. 

Get the Digital Resilience eBook

As it stands today, Verizon has a slight edge over AT&T in terms of market share and number of subscribers. The most recent study from mobile analytics firm OpenSignal puts Verizon ahead of AT&T in terms of network speed and 4G availability. 

AT&T

AT&T is no stranger to security compromises: back in 2015, the company agreed to settle with the FCC for consumer privacy violations stemming from an insider data breach, to the tune of $25 million—the largest FCC fine in history. The security fiasco resulted in the exposure of 280,000 records containing names and social security numbers of the company's subscribers.

CSTAR - ATT

Despite security flaws in its website perimeter such as missing HttpOnly/secure cookies and disabled DNSSEC, AT&T's 835 CSTAR score reflects a relatively strong cyber resilience posture.

Verizon

Late last year, Verizon also came to grips with its own insider data breach that resulted in the exposure of an unspecified number of customer records. However, this pales in comparison to an earlier data breach just months prior: a website flaw enabled cyber attackers to steal and subsequently peddle 1.5 million Verizon Enterprise customer records on the black market. Thats' right—Verizon Enterprise, publisher of the annual Data Breach Investigations Report.

CSTAR - Verizon

Verizon's appalling 387 CSTAR score is a result of a myriad of security flaws including lack of sitewide SSL, server information leakage, disabled HTTP strict transport security, disabled HttpOnly/secure cookies, and lack of DNSSEC.

 

Side-by-Side CSTAR Scoring: AT&T vs. Verizon

Both companies share common website perimeter security flaws like missing HttpOnly/secure cookies and disabled DNSSEC. But whereas AT&T's issues end there, Verizon's continue with a host of security flaws that leave it vulnerable to data breaches, most noticably lack of sitewide SSL—a common precursor to man-in-the-middle (MiTM) attacks.

AT&T

Screen Shot 2017-02-15 at 9.06.15 PM.png

Verizon

Screen Shot 2017-02-15 at 9.05.13 PM.png

Wondering how well other leading telecom providers do when it comes to cyber resilience and security fitness? Try out our free CSTAR Chrome Extension or sign up for an in-depth customized demo of UpGuard's cyber resilience platform today.

Free eBooks on DevOps and Security

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

The World's First Cyber Resilience Platform

Whether your infrastructure is traditional, virtualized, or totally in the cloud, UpGuard provides the crucial visibility and validation necessary to ensure that IT environments are secured and optimized for consistent, quality software and services delivery.

See how it works at UpGuard.com