What is a Security Operations Center (SOC)?

A Security Operations Center (SOC) is a centralized team (and facility) responsible for continuously monitoring, detecting, analyzing, and responding to cybersecurity incidents in an organization. The SOC operates 24/7 and uses technologies including: SIEM (Security Information and Event Management — collects and correlates logs from all systems), SOAR (Security Orchestration, Automation, and Response — automates repetitive tasks), EDR (Endpoint Detection and Response), threat intelligence feeds, and vulnerability scanners. SOC analysts triage alerts (Tier 1), investigate incidents (Tier 2), and handle advanced threats (Tier 3). Key metrics: MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond). Organizations without a dedicated SOC can use MDR (Managed Detection and Response) services.