Security Intermediate

What is SOC (Security Operations Center)?

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

A SOC continuously monitors an organization's IT infrastructure for security threats. SOC analysts use SIEM tools, threat intelligence feeds, and security automation to detect and respond to incidents. SOCs typically operate in tiers: Tier 1 (alert triage), Tier 2 (investigation), Tier 3 (threat hunting).

Key SOC functions include real-time monitoring, incident response, threat hunting, vulnerability management, and compliance reporting. Modern SOCs increasingly use automation (SOAR — Security Orchestration, Automation, and Response) to handle alert volume.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

JWT (JSON Web Token)

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

View All Security Terms →