SOC (Security Operations Center)
Definition
A SOC is a centralised team of security specialists that continuously monitors an organisation's IT environment, detects, analyses and responds to threats.
A SOC acts as the operational heart of an organisation's cybersecurity strategy. SOC analysts use tools such as SIEM, EDR and threat intelligence feeds to monitor and investigate security events.
An internal SOC is expensive: it requires 24/7 staffing, specialised personnel and continuous tooling investment. Many organisations therefore opt for an external SOC through an MDR provider.
An effective SOC combines technology, processes and people. Maturity is measured via metrics such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).