Home/Glossary/Security Operations Center (SOC)

Security Operations Center (SOC)

A dedicated function responsible for monitoring, detecting, and responding to cybersecurity threats in real time.

Security OperationsAlso called: "security operations centre"

A SOC combines people, processes, and technology to keep the organization resilient.

Typical roles

  • Tier 1 analysts triage alerts.
  • Tier 2 analysts investigate and coordinate response.
  • Threat hunters proactively search for hidden adversaries.
  • Engineers maintain detection content and automation.

Key metrics

  • Mean time to detect (MTTD) and respond (MTTR).
  • Coverage across networks, endpoints, and cloud workloads.
  • Volume of alerts per analyst and automation rate.

Related Tools

Related Articles

View all articles
Physical Security & CPTED: The Complete Guide to Protecting Facilities, Data Centers, and Critical Assets

Physical Security & CPTED: The Complete Guide to Protecting Facilities, Data Centers, and Critical Assets

A comprehensive guide to physical security covering CPTED principles, security zones, access control, fire suppression, and environmental controls for protecting facilities and data centers.

Read article →
Choosing Between MDR, EDR, MSSP, XDR, and SOC

Choosing Between MDR, EDR, MSSP, XDR, and SOC

In today’s rapidly evolving digital landscape, cyber threats are more sophisticated, frequent, and damaging than ever before. Businesses face everything from ransomware attacks and phishing schemes to...

Read article →
CrowdStrike MDR: 24/7 Business Protection

CrowdStrike MDR: 24/7 Business Protection

At 2:47 AM on a Saturday morning, alarms began flashing in InventiveHQ’s Security Operations Center. CrowdStrike’s AI-powered detection engine had identified suspicious PowerShell activity on a health...

Read article →
CrowdStrike vs Arctic Wolf 2025: Platform vs Service MDR Comparison

CrowdStrike vs Arctic Wolf 2025: Platform vs Service MDR Comparison

Technology platform vs service partnership: Compare CrowdStrike’s comprehensive endpoint platform with Arctic Wolf’s human-led security operations for SMBs

Read article →

Explore More Security Operations

View all terms

Chronicle Security Operations

Google Cloud security analytics platform that provides threat detection, investigation, and response using Google infrastructure and intelligence.

Read more →

Endpoint Detection and Response (EDR)

Security software that monitors endpoints for malicious activity, enabling rapid detection and containment.

Read more →

Managed Detection and Response (MDR)

A security service that combines technology and human expertise to detect, investigate, and respond to threats 24/7.

Read more →

Microsoft Sentinel

Microsoft cloud-native SIEM and SOAR solution that provides intelligent security analytics and threat detection across the enterprise.

Read more →

SBOM (Software Bill of Materials)

A comprehensive inventory of all components, libraries, and dependencies that make up a software application, enabling transparency in the software supply chain.

Read more →

Secrets Management

The practice and tooling for securely storing, accessing, rotating, and auditing sensitive credentials like API keys, passwords, certificates, and encryption keys.

Read more →
Back to glossary