what is a soc

A Security Operations Center (SOC) is a centralized function within an organization that employs people, processes, and technology to continuously monitor and improve an organizations security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. SOC analysts perform round-the-clock monitoring of an organization's network and investigate any potential security incidents. A SOC acts like the hub or central command post, taking in telemetry from across an organization's IT infrastructure, including its networks, devices, appliances, and information stores, wherever those assets reside. The SOC is responsible for collecting, maintaining, and regularly reviewing the log of all network activity and communications for the entire organization. This data helps define a baseline for "normal" network activity, can reveal the existence of threats, and can be used for remediation and forensics in the aftermath of an incident. SOC teams must constantly stay one-step ahead of attackers.