← All glossary terms Glossary

What is Security Operations Center (SOC)?

The team and tooling that continuously monitor your environment for security threats, investigate them, and respond when something is found.

A Security Operations Center (SOC) is the people, processes, and technology that monitor security events, investigate them, and coordinate response. SOCs can be internal, outsourced, or hybrid. Internal SOCs typically require a meaningful team to provide 24/7 coverage. Outsourced SOCs — provided by an MDR or MSSP — give you that coverage as a service. The work of a SOC is part triage, part investigation, and part incident response coordination, which is why a SOC that only escalates alerts to you is not really doing the job.

  • Combines people, process, and technology — not just a room full of screens.
  • Can be internal, fully outsourced, or a hybrid co-managed model.
  • Round-the-clock coverage with internal staff typically needs 8–12 analysts, which is why many buy it as a service.

En français

Centre des opérations de sécurité (SOC)

L'équipe et les outils qui surveillent en continu votre environnement, enquêtent sur les menaces et interviennent lorsqu'une menace est détectée.

Un centre des opérations de sécurité (SOC) regroupe les personnes, les processus et la technologie qui surveillent les événements de sécurité, enquêtent et coordonnent l'intervention. Un SOC peut être interne, externalisé ou hybride. Un SOC interne exige généralement une équipe importante pour assurer une couverture 24 heures sur 24; un SOC externalisé — fourni par un service MDR ou un FSSG — vous offre cette couverture comme service. Un SOC qui ne fait que vous transmettre des alertes ne fait pas vraiment le travail.

Security Operations Center (SOC): frequently asked questions

What is the difference between a SOC and a NOC?

A Security Operations Center (SOC) focuses on security threats — detecting and responding to attacks. A Network Operations Center (NOC) focuses on keeping systems available and performing well. They solve different problems and are often separate teams.

Do small businesses need a SOC?

Most small businesses can't justify building one, but they still need SOC-level monitoring. Buying it through an MDR or MSSP gives them 24/7 detection and response without the headcount.

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team