A facility focused on detecting, investigating, and responding to cybersecurity threats across an organisation in real time.
What it is
A Security Operations Center (SOC) houses the team responsible for cybersecurity defence: SIEM tuning, threat hunting, incident response, and post-mortem forensics. Where a NOC watches the health of services, a SOC watches the integrity of those services.
What's on the wall
A SOC video wall typically displays: SIEM dashboards (Splunk, Elastic, QRadar), live attack maps, EDR alert queues, threat-intel feeds, current Mitre ATT&CK coverage, and an incident-bridge feed when a P1 is active. Recordings of operator workflow are common for post-incident review.
Why it matters
Mean time to respond (MTTR) is the survival metric for SOCs. Cutting it from hours to minutes is the difference between a contained incident and a board-level breach. See NOC and situation room.