SOC
Security Operations Center
A Security Operations Center (SOC) is a centralised team and facility that continuously monitors, detects, analyses, and responds to cybersecurity threats across an organisation's IT environment. Operating around the clock, a SOC combines skilled analysts, defined processes, and technologies such as SIEM to reduce the time it takes to identify and contain security incidents.
A SOC's core functions include real-time monitoring, threat detection and triage, incident response, and continuous improvement of defences. Analysts typically work in tiers — from initial alert triage to deep investigation and threat hunting — supported by playbooks that standardise how incidents are handled.
Building an in-house SOC requires significant investment in people, tooling, and 24/7 staffing. Many organisations instead use a managed SOC (SOC-as-a-service), gaining round-the-clock coverage and specialist expertise without the cost and complexity of running one themselves.
