I had been recently asked “why SOC? I get the how and the what, but missing g the why…” and i found this brilliant question, got me scratching my head for a bit, guess too many years doing the how and what have its affect after all.

So here are some of my thought, hope its gets you thinking as well.

There are many thoughts and opinions around this topic and I will try and consolidate some for focus and simplicity.

It’s also very important to remember that the term SOC (Security operation centre) have a wide definition in terms of its specific deliverables and co-operation within the enterprise.

Correlation – Finding needle in a haystack become easier with automation and help business focus and respond appropriately to the evolving threat landscape, Correlation of information systems events assist in faster times to detection & response (MTTR).



Assisting in getting better ROI from technology investment, “single pane of glass” central log location, configuration tuning… keep the organisation running.

Risk reduction.


SOC assist the business in meeting compliance regulatory requirements.

Provide evidence for/in investigation.

Separation of duties.

Enhanced security

Actively monitoring and correlating infrastructure users and data events assist in faster detection time rapid response by dedicated team.

Reduce the impact of an incident.


central location for collecting threat and activity information, single pane of glass for available controls.