Managed Security Services Built for the Federal Government
Observatory was developed to address the limitations of independently managed security services by offering an array of modular, scalable options explicitly built to meet the federal government's growing demand for managed security services. Observatory is flexible enough to augment or completely manage security operations—our clients receive the output of over 100 highly technical security analysts delivered directly into their environments.
Observatory’s service delivery framework spans the cyber defense lifecycle (prepare, prevent, detect, respond, and recover) by incorporating five modular solutions:
- Adversary Telemetry
- Detection Engineering
- Threat Hunting
- Incident Response Retainers
- Digital Forensics and Reverse Engineering
From information technology to operational technology, from cloud to 5G, we have delivered these capabilities across Fortune 50 commercial companies to national-level government agencies with endpoints scaling to over 1 million.
Our managed security services go beyond traditional industry offerings that are often compliance-focused and alert-centric. Conventionally managed security service providers (MSSP) focus on tools rather than solutions; are siloed, not integrated; and depend on large staffing footprints that are neither nimble nor scalable to meet client needs. Booz Allen’s approach to managed security services offers cross-functional delivery teams that combine business strategy, operations, and risk management expertise with deep cyber knowledge and technical proficiency.
Observatory Service Offerings
Organizational security operations centers (SOC) struggle to keep up with the changing threat environment. Challenges such as identifying and retaining the right skilled resources, meeting the federal government’s FEDRAMP standards, integrating systems and tools, and using the most cost-effective technologies cause organizations to remain in a reactionary posture. Some agencies understand that building and operating a 24/7 SOC is complex and costly and are considering fully managed, or hybrid managed SOCs. As a result, agencies are considering SOC services through a managed security service provider (MSSP) over building or continuing to operate their SOC.
Observatory’s vendor-agnostic approach does not replicate SOC services, but rather augments over-tasked security teams while focusing on the threats that matter. Underpinning our Observatory services is our FedRAMP High environment built to offload various data sources for further investigation and analysis while agency security teams focus on day-to-day tasks. Observatory offers access to an innovation mindset and technical talent while helping organizations focus on outcomes and lower costs.
Observatory’s services were built around the fusion center concept of independent but cross-functional teams working together to accelerate security functions.
Custom Solutions Operate at the Scale of Government
The Observatory platform wasn’t built to simply replace the tools you already use. Rather, we’ve custom-built a few capabilities that allow us to operate at the scale of the federal government. These capabilities can accelerate existing security teams or provide a platform for our clients to offer as an internal shared service. To accomplish this, we put our years of proven experience at the highest levels of the U.S. government together with two elements that set our offerings apart:
Multi-Vendor XDR Hunt Platform
“Vendor agnostic” isn’t a sales pitch for us: It’s the way we operate. Our clients pick the tools and platforms that work best for their budget, environment, and strategy. Vendor selection shouldn’t be a precursor to effective security operations. Because of this, our extended detection and response (XDR) Hunt Platform allows us to provide threat hunting services, across any endpoint detection and response (EDR) or security information and event management (SIEM) provider without data needing to leave our client’s network. Additionally, our platform moves beyond being a SIEM, and allows our threat hunters to conduct hunt missions down to the endpoint regardless of tooling. Our platform allows us to share the same hunt analytics, perform the same searches, and gather necessary data—regardless of the vendor tool in place.
Keeping with our vendor-agnostic mission, our detection engineering platform allows our teams to follow our “Write Once, Detect Anywhere” approach. Regardless of the size of the agency or the client base we have, using our detection engineering platform means we write, test, tune, and deploy analytics once, directly into your SIEM or EDR. In the background, our platform handles data model translations ensuring that whether the detection is going to an EDR or a SIEM (or both), we’ve tested and tuned it to minimize noise and return greater true positives across any environment.
Procurement Options
We recognize that many organizations need help adapting to the changing threat environment. Our Observatory team is available to augment security operations teams by providing actionable and relevant information based on our client requests through a series of other direct cost (ODC) options. Observatory is available to augment traditional contract labor categories (LCAT) focusing on outcomes and service-level agreements (SLA) or at a flat rate via ODCs under retainer options.
