What is a Security Operations Center (SOC)?

A security operations center (SOC) is a hub staffed by security personnel who continuously monitor an organization’s entire IT infrastructure. A SOC collects security event data from applications, security devices, data centers, cloud resources, and other systems via a Security Information Event Management (SIEM) system.

How a SOC Works

SOCs usually operate through a hub-and-spoke model, where the SIEM gathers data from a range of specialised security technologies. Such security tools include:

SOC Components
SOC Components

Types of SOCs 

There are 7 broad categories of SOCs:

  • Dedicated (Self-managed) SOC
  • Distributed (Co-managed) SOC
  • Managed SOC
  • Command (Global) SOC
  • Multifunction SOC (SOC/NOC)
  • Virtual SOC
  • SOCaaS (SOC-as-a-service)

Key takeaways

  • Check icon
    SOCs provide visibility over an organizations entire attack surface.
  • Check icon
    SIEMs feed SOCs with correlated and aggregated data to streamline incident responses.
  • Check icon
    Additional security tools provide threat detection, protection, and analysis capabilities to the SOC.
  • Check icon
  • Check icon
Reviewed by
No items found.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.

More from our blog

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating