Resources · Guide · SOC · 1 min read

What is a SOC (Security Operations Center)

In short

A SOC (Security Operations Center) is the outpost, made of people, processes and technology, that monitors the company infrastructure 24·7, detects security incidents and coordinates the response. It can be in-house or run by a provider (SOC as a Service): the second option costs on average a fraction of an in-house round-the-clock SOC.

What a SOC is for

A Security Operations Center is where the security signals from across the company converge. Its job is not just to “see”: it is to decide and act when something is off, at any hour. Without a SOC, alerts sit in queues no one watches at night, exactly when attackers prefer to strike.

People, processes, technology

An effective SOC is made of three things: analysts (triage, investigation, decision), processes (runbooks, escalation, governance) and technology (SIEM, EDR/XDR, threat intelligence). Remove one and the outpost weakens.

In-house or managed?

Building an in-house round-the-clock SOC takes years, rare talent and over a million euros a year. A managed SOC (SOC as a Service) offers the same coverage at a fraction of the cost, operational in weeks. Explore the service: Fortgale managed SOC.

Comparison

In-house SOC vs managed SOC

DimensionIn-house SOCManaged SOC (SOCaaS)
Annual costOver EUR 1M (5+ analysts, SIEM, infra)Subscription, ~30% of in-house cost
Time to startMonths/years2-4 weeks
24·7 coverageHard (shifts, holidays)Included 24·7·365
Threat intelligenceTo be builtProprietary, included
Field-observed proof · SOC in action

In Operation Storming Tide the Fortgale SOC detected and contained a multi-stage intrusion outside office hours: the value of a truly 24·7·365 outpost, where 76% of attacks happen at night or on weekends.

Read the analysis →
FAQ

Frequently asked.

What is the difference between SOC and MDR?

The SOC is the operational outpost (team, processes, governance, reporting); MDR is the detection and response technology component. In the Fortgale model the managed SOC includes MDR. See What is MDR.

What does SOC as a Service mean?

It is a SOC delivered on subscription by an external provider: round-the-clock monitoring, analysts, SIEM and response included, without building the structure in-house. Ideal for those without the skills or budget for their own SOC.

Does a managed SOC support NIS2 compliance?

Yes: continuous monitoring, IOC collection for the notification to the national CSIRT within 24 hours, documentation and reporting for governance. See NIS2 explained.

What does a SOC monitor?

Endpoint, network, cloud, identity and access, critical applications and, on request, OT/ICS systems, all correlated in a SIEM with rules mapped to MITRE ATT&CK.

How Fortgale delivers it

From theory to a real operation.

What you read here, Fortgale runs every day with a European SOC 24·7·365: 287 tools and actors profiled, <30 min median containment. Explore the service: Fortgale managed SOC.

Related resources: What is MDR · NIS2 explained

Want to go deeper with an analyst?

A technical conversation, not a funnel.

Leave your details: an analyst calls you back within one business day. European SOC, same time zone, proprietary intelligence on the actors active across the EU.

Response time: < 1 business day.