What is SOC (Security Operations Center)?
A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.
A SOC continuously monitors an organization's IT infrastructure for security threats. SOC analysts use SIEM tools, threat intelligence feeds, and security automation to detect and respond to incidents. SOCs typically operate in tiers: Tier 1 (alert triage), Tier 2 (investigation), Tier 3 (threat hunting).
Key SOC functions include real-time monitoring, incident response, threat hunting, vulnerability management, and compliance reporting. Modern SOCs increasingly use automation (SOAR — Security Orchestration, Automation, and Response) to handle alert volume.