Security Operations Center (SOC)
What is Security Operations Center (SOC)?
Security Operations Center (SOC)A centralized team and facility that continuously monitors, detects, investigates and responds to cybersecurity incidents across an organization's IT estate.
A Security Operations Center is the operational nerve center for defensive cybersecurity, combining people, processes and technology to provide 24x7 monitoring of endpoints, networks, identity systems, cloud workloads and applications. Analysts at tiered levels (T1 triage, T2 investigation, T3 hunting and engineering) use a SIEM, EDR, NDR and SOAR stack to correlate telemetry, validate alerts, contain threats and coordinate incident response. The SOC owns key operational metrics such as MTTD, MTTR and dwell time, and drives continuous improvement through detection engineering, threat intelligence and post-incident reviews. SOCs can be internal, hybrid, or outsourced as MDR services.
● Examples
- 01
An enterprise SOC ingesting 50,000 events per second into Splunk and triaging EDR detections in under 15 minutes.
- 02
A managed SOC monitoring AWS CloudTrail, Azure AD and Microsoft Defender for multiple tenants.
● Frequently asked questions
What is Security Operations Center (SOC)?
A centralized team and facility that continuously monitors, detects, investigates and responds to cybersecurity incidents across an organization's IT estate. It belongs to the Defense & Operations category of cybersecurity.
What does Security Operations Center (SOC) mean?
A centralized team and facility that continuously monitors, detects, investigates and responds to cybersecurity incidents across an organization's IT estate.
How do you defend against Security Operations Center (SOC)?
Defences for Security Operations Center (SOC) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Security Operations Center (SOC)?
Common alternative names include: Cyber Defense Center, CDC, Security Operations.