What is SOC

 

A Security Operations Centre (SOC) in cyber security is a dedicated unit responsible for monitoring, detecting, and responding to security incidents in an organisation's network. The SOC acts as the frontline defence, using a range of tools like SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) to monitor network traffic and identify potential threats in real-time.

​

The SOC is usually divided into tiers, with Tier 1 analysts handling alert triage and escalation, Tier 2 focusing on deeper investigations and incident response, and Tier 3 performing proactive threat hunting.

​

SOC teams work 24/7 to ensure continuous protection, analysing security alerts, investigating incidents, and taking steps to mitigate threats. They collaborate closely with other teams, such as IT and network operations, to implement preventative measures. The goal of a SOC is to reduce an organisation's exposure to cyber threats and minimise the impact of attacks.