Security Intermediate

What is SOC (Security Operations Center)?

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

A SOC continuously monitors an organization's IT infrastructure for security threats. SOC analysts use SIEM tools, threat intelligence feeds, and security automation to detect and respond to incidents. SOCs typically operate in tiers: Tier 1 (alert triage), Tier 2 (investigation), Tier 3 (threat hunting).

Key SOC functions include real-time monitoring, incident response, threat hunting, vulnerability management, and compliance reporting. Modern SOCs increasingly use automation (SOAR — Security Orchestration, Automation, and Response) to handle alert volume.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

Security Headers

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

Session Hijacking

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

Input Validation

The process of verifying that user-supplied data meets expected formats, types, and ranges before processing it.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

View All Security Terms →