Information security operations center

A SOC is related to the people, processes and technologies that provide situational awareness through the detection, containment, and remediation of IT threats in order to manage and enhance an organization's security posture.

[1] A SOC will handle, on behalf of an institution or company, any threatening IT incident, and will ensure that it is properly identified, analyzed, communicated, investigated and reported.

The SOC also monitors applications to identify a possible cyber-attack or intrusion (event), and determines if it is a genuine malicious threat (incident), and if it could affect business.

Large organizations and governments may operate more than one SOC to manage different groups of information and communication technology or to provide redundancy in the event one site is unavailable.

The term SOC was traditionally used by governments and managed computer security providers, although a growing number of large corporations and other organizations also have such centers.

The SOC is responsible for protecting networks, as well as web sites, applications, databases, servers and data centers, and other technologies.

A Smart SOC (Security Operations Center) is a comprehensive, technology agnostic cybersecurity solution that utilizes leading-edge technology and tools, highly skilled and experienced human talent (composed of cyber intelligence gatherers, analysts, and security experts), and proactive cyberwarfare principles to prevent and neutralize threats against an organization’s digital infrastructure, assets, and data.