A Security Operation Center (SOC) is a centralized cyber security function within an organization that employs people, processes, and technology to continuously monitor and improve an organization’s security posture by preventing, detecting, analyzing, and responding to cybersecurity incidents.
A Cyber Security SOC acts as the command center by taking in telemetry from an organization’s network, devices, and information systems, regardless of the location of those assets. By collecting context from all sources, advanced threats are more likely to be identified. Ultimately over time, the SOC becomes the cyber security center in which every event is logged within the organization is logged, correlated, and monitored.
For each of these events, the SOC then makes the decision on how the events are then managed and acted upon.Back to Glossary