← All glossary terms Glossary

What is Security Operations Center (SOC)?

The team and tooling that continuously monitor your environment for security threats, investigate them, and respond when something is found.

A Security Operations Center (SOC) is the people, processes, and technology that monitor security events, investigate them, and coordinate response. SOCs can be internal, outsourced, or hybrid. Internal SOCs typically require a meaningful team to provide 24/7 coverage. Outsourced SOCs — provided by an MDR or MSSP — give you that coverage as a service. The work of a SOC is part triage, part investigation, and part incident response coordination, which is why a SOC that only escalates alerts to you is not really doing the job.

Keep learning

Related terms

Security Information and Event Management (SIEM)

A platform that collects log data from across your environment and runs detection rules over it to find security events.

Read definition →

Security Orchestration, Automation, and Response (SOAR)

Tooling that automates repetitive parts of investigation and response — like enriching alerts or isolating endpoints.

Read definition →

Multi-Factor Authentication (MFA)

A sign-in security control that requires something beyond a password — typically a phone, security key, or app prompt.

Read definition →

Phishing

Fraudulent messages — by email, text, or phone — designed to trick someone into giving up credentials, money, or access to your systems.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team