Demystifying the SOC, Part 3: Whether You Know It or Not, You Have a SOC - Exabeam

Demystifying the SOC, Part 3: Whether You Know It or Not, You Have a SOC

June 23, 2021


Reading time
3 mins

Editor’s note: This post was first published on

In our previous posts, we discussed why every organization, including yours, needs a security operations center (SOC) and why prevention is not enough. Here we’ll discuss why, whether you know it or not, you already have a SOC. And if you look around and there is nobody else in the security team, then you — are — the SOC!!

SOCs are about keeping the organization in a known good state

As previously discussed, the SOC’s mission is to keep the organization’s infrastructure operating securely in a known clean state. Today it ’s assumed that it’s only a matter of time before an organization suffers a security breach. When it does, the SOC acts as a competency center for threat detection, investigation and remediation (TDIR), returning the organization to a known good state as quickly as possible.

But what does a SOC actually do from day to day?

  • It monitors events and logs, and consumes context information to detect a breach in progress.
  • When a breach is detected, it performs investigation to scope the blast radius and understand root cause.
  • It then coordinates with IT to make sure the right steps are taken to address the breach and bring the organization back to a good state. Then works to make sure that “the hole is plugged” and that this incident cannot happen again.
  • If the incident cannot be remediated with the resources and expertise of internal staff, the SOC may work with an outside incident response firm and help coordinate activities with the outside firm and your organization.
  • On a more tactical level, the SOC also needs to fulfill requests from human resources regarding any employees involved, and from the legal department about affected files and data and who may have had access to them.
  • Finally, the SOC informs senior management about the organization’s security posture, any serious incidents, and any other security-related events that may have an impact on the business.

Your SOC

A SOC used to be one or more rooms where a team of security analysts would collaborate in close physical proximity, monitoring screens and working together to address security issues. With remote access, virtual collaboration tools, and Covid 19, that is no longer the case. Today many people, including SOC teams, work from home and collaborate via virtual collaboration tools such as Slack, Microsoft Teams, and Instant Messenger. And a SOC is not necessarily a large team.

In fact, today a SOC is no longer a thing, it’s more of a concept. There really are no longer any specific requirements in terms of number of people staffing a SOC or a physical location where SOC happens.

Are you a small business with a handful of people who know something about security, or even one part-time person who has some security knowledge and is the go-to person for anything security related? That’s your SOC. Look around at your security team. Are you the only one there? Well, then you — are — the SOC!!

So, yes, you have a SOC. But are you really measuring and tracking the efficiency of your SOC using the right metrics? That is the subject of our next blog.


Similar Posts

New-Scale SIEM Brings Powerful Behavioral Analytics and Automated Investigation to Threat Detection, Investigation, and Response

Exabeam Security Log Management — Because Security Operations Isn’t IT Operations

New-Scale SIEM Expands Exabeam Threat Coverage with Content Library and TDIR Use Cases

Recent Posts

Exabeam News Wrap-up – December 1, 2022

Exabeam Achieves ISO 27017 and ISO 27018 Certifications

Understanding UEBA: From Raw Events to Scored Events

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!