top of page

Does your in-house team count as a SOC?​

A Security Operation Centre (SOC) can only be defined through its capabilities and architecture. If you are not performing the capabilities listed below (either internally or outsourced through your current provider), then that group would not be considered a SOC.

SOC Operation

Security monitoring and detection

Alerting (triage and escalation)

Incident response

Vulnerability assessments

Compliance support

Data protection

Security tool configuration, integration, and deployment

Security administration

Security architecture and engineering of systems in your environment

Digital forensics

Threat research


Security road map and planning

SOC architecture and engineering (specific to the systems running your SOC)


Threat hunting

Threat intelligence (production)

SOC maturity self-assessment

Threat intelligence (attribution)

Threat intelligence (feed consumption)

Purple Teaming

Source: SANS 2022 SOC Survey

Discover ConnectProtect  solutions


bottom of page