Home/Glossary/Security Operations Center (SOC)

Security Operations Center (SOC)

A dedicated function responsible for monitoring, detecting, and responding to cybersecurity threats in real time.

Security OperationsAlso called: "security operations centre"

A SOC combines people, processes, and technology to keep the organization resilient.

Typical roles

  • Tier 1 analysts triage alerts.
  • Tier 2 analysts investigate and coordinate response.
  • Threat hunters proactively search for hidden adversaries.
  • Engineers maintain detection content and automation.

Key metrics

  • Mean time to detect (MTTD) and respond (MTTR).
  • Coverage across networks, endpoints, and cloud workloads.
  • Volume of alerts per analyst and automation rate.

Related Tools

Explore More Security Operations

View all terms

Endpoint Detection and Response (EDR)

Security software that monitors endpoints for malicious activity, enabling rapid detection and containment.

Read more →

Security Information and Event Management (SIEM)

A platform that ingests security telemetry, correlates events, and surfaces alerts for investigation.

Read more →

Vulnerability Management

The continuous process of identifying, prioritizing, and remediating security weaknesses in systems and applications.

Read more →
Back to glossary