Security OperationsAlso called: "security operations centre"
A SOC combines people, processes, and technology to keep the organization resilient.
Typical roles
- Tier 1 analysts triage alerts.
- Tier 2 analysts investigate and coordinate response.
- Threat hunters proactively search for hidden adversaries.
- Engineers maintain detection content and automation.
Key metrics
- Mean time to detect (MTTD) and respond (MTTR).
- Coverage across networks, endpoints, and cloud workloads.
- Volume of alerts per analyst and automation rate.
Explore More Security Operations
View all termsEndpoint Detection and Response (EDR)
Security software that monitors endpoints for malicious activity, enabling rapid detection and containment.
Read more →Managed Detection and Response (MDR)
A security service that combines technology and human expertise to detect, investigate, and respond to threats 24/7.
Read more →Security Information and Event Management (SIEM)
A platform that ingests security telemetry, correlates events, and surfaces alerts for investigation.
Read more →Virtual Chief Information Security Officer (vCISO)
An outsourced executive who provides strategic cybersecurity leadership and governance without the cost of a full-time hire.
Read more →Vulnerability Management
The continuous process of identifying, prioritizing, and remediating security weaknesses in systems and applications.
Read more →