Back to glossary

Security Operations Center (SOC)

A centralized unit that deals with security issues on an organizational and technical level, responsible for monitoring, detecting, and responding to cyber threats.

AbbreviationSOC
Categorysecurity

Overview

A Security Operations Center (SOC) is a command center for an organization's cybersecurity. It consists of a team of security analysts, engineers, and managers who use various technologies to protect the organization's digital assets 24/7.

Core Functions

  • Monitoring: Continuous oversight of the network, systems, and applications.
  • Detection: Identifying suspicious activity using tools like SIEM and EDR.
  • Analysis: Investigating alerts to determine if they represent a real threat.
  • Incident Response: Taking action to contain and remediate security breaches.
  • Threat Intelligence: Incorporating information about new and emerging threats into the monitoring process.
  • Compliance: Ensuring that security activities meet regulatory requirements.

SOC Models

  • In-house SOC: Managed and staffed by the organization itself.
  • Virtual SOC: A decentralized team working remotely.
  • Managed SOC (SOC-as-a-Service): Outsourced to a third-party provider (MSSP).