What is a security operations centre (SOC)?

What a Security Operations Centre (SOC) does

The primary objective of a SOC is to monitor for, detect and respond to security incidents. The SOC team are responsible for ongoing monitoring of an ICT environment, to detect and investigate anomalies in network, system and individual behaviours. The team does this with by utilising tooling such as SIEM and SOAR, and are supported by documented processes and incident response measures. With a SOC in place, an organisation can decrease the time to identify and respond to events, effectively reducing the likelihood and impact of security incidents.

10 key functions performed by the SOC

1. Continuous monitoring
2. Log management
3. Managed Detection and Response (MDR)
4. Extended Detection and Response (XDR)
5. Vulnerability Management Service (VMS)
6. Breached Credential Monitoring
7. Managed Security Controls (MSC)
8. Incident response
9. Containment, eradication, and root cause investigation
10. Playbook maintenance
11. Threat Intelligence
12. Platform deployment, configuration, and maintenance
13. Threat Detection

Security Operations Center (SOC) benefits

Protect valuable assets 24x7

A 24x7 SOC allows you to proactively monitor, detect, and respond to cyber threats around the clock, every day of the year. Threats and attacks on your organisation never stop, and neither should your defences.

Decrease risk

A dedicated SOC helps significantly decrease cybersecurity risk across an organisation. With constant monitoring and evaluation of events, SOC teams can identify potential vulnerabilities before they become problematic.

Prevent incidents

With a dedicated SOC, the team goes beyond responding to incidents to actively prevent incidents, with real-time, proactive security measures.

Fast incident response

A SOC team provides immediate incident response to help manage and recover from security incidents, giving you the benefit of reduced time to respond and less downtime.

Increase industry reputation

A SOC shows your customers, partners, stakeholders, and the public that your organisation is security minded, and offers additional assurance in the security of your operations.

Security Operations Centre (SOC) team members

Security analysts

Security Analysts are the most well-known role in a SOC, monitoring tools, investigating and responding to alerts, and escalating issues as needed. There may be various levels of analysts within a SOC, with more experienced analysts on hand for incident escalation.

Security engineers

SOC engineers deploy, configure, and maintain security systems and tooling to keep everything up-to-date, compliant, and operating as expected.

Incident responders

Dedicated incident responders within the SOC will jump into action in the event of a major security incident, delivering services to contain and respond to threats, bring systems back online, and recover to regular operations.

Threat hunters

Threat hunters are a team of experts in system security who can perform sophisticated threat detection and removal tasks.

SOC Manager

SOC managers oversee the SOC team, making sure that both the center and its staff adhere to optimal operational standards. The SOC Manager should report directly to senior leadership.

Other team members

Based on the scope and needs of the SOC, additional specialised personnel like forensic investigators and compliance managers might be included in the team.

About Tesserent Security Operations Centres

Our SOC cybersecurity service was one of the first in ANZ, and our services come with a celebrated 15-year track record. With locally managed, NIST-aligned processes, and 24x7 SOC services, we can provide a close companion to your organisation’s security operations. Our SOC services are certified IRAP PROTECTED and ISO27001 compliant, ensuring high-quality, secure operations.

How Tesserent can help

A Tesserent SOC is always built, configured, and customised with your organisation’s unique risk profile in mind. We offer modular SOC configuration, from true partnership and integration of our team into your environment through to a fully managed turn-key SOC. Our expert-managed, world-class SOC service is delivered locally from our sovereign24x7 SOC.