Defense & Operations
Security Operations Center (SOC)
Also known as: Cyber Defense Center, CDC, Security Operations
Definition
A centralized team and facility that continuously monitors, detects, investigates and responds to cybersecurity incidents across an organization's IT estate.
Examples
- An enterprise SOC ingesting 50,000 events per second into Splunk and triaging EDR detections in under 15 minutes.
- A managed SOC monitoring AWS CloudTrail, Azure AD and Microsoft Defender for multiple tenants.
Related terms
SIEM
A platform that aggregates, normalizes and correlates security telemetry from across the enterprise to enable detection, investigation, compliance and reporting.
SOAR
A platform that automates and orchestrates SOC workflows by chaining detections, enrichments and response actions into playbooks executed across security tools.
EDR (Endpoint Detection and Response)
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.
Threat Hunting
Threat Hunting — definition coming soon.
Mean Time to Detect (MTTD)
Mean Time to Detect (MTTD) — definition coming soon.