Security Intermediate

What is SOC (Security Operations Center)?

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

A SOC continuously monitors an organization's IT infrastructure for security threats. SOC analysts use SIEM tools, threat intelligence feeds, and security automation to detect and respond to incidents. SOCs typically operate in tiers: Tier 1 (alert triage), Tier 2 (investigation), Tier 3 (threat hunting).

Key SOC functions include real-time monitoring, incident response, threat hunting, vulnerability management, and compliance reporting. Modern SOCs increasingly use automation (SOAR — Security Orchestration, Automation, and Response) to handle alert volume.

Related Terms

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

DDoS (Distributed Denial of Service)

An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.

WAF (Web Application Firewall)

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

A security model that requires strict identity verification for every user and device, regardless of their network location.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

View All Security Terms →