Security Intermediate

What is SOC (Security Operations Center)?

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

A SOC continuously monitors an organization's IT infrastructure for security threats. SOC analysts use SIEM tools, threat intelligence feeds, and security automation to detect and respond to incidents. SOCs typically operate in tiers: Tier 1 (alert triage), Tier 2 (investigation), Tier 3 (threat hunting).

Key SOC functions include real-time monitoring, incident response, threat hunting, vulnerability management, and compliance reporting. Modern SOCs increasingly use automation (SOAR — Security Orchestration, Automation, and Response) to handle alert volume.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

A one-way function that converts input data into a fixed-size string of characters, used for data integrity and password storage.

Session Hijacking

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

A technique that controls the number of requests a client can make to a server within a specified time period.

An authorization framework that allows third-party applications to access user resources without sharing passwords.

View All Security Terms →