What is a SOC (Security Operations Center)
A SOC (Security Operations Center) is the outpost, made of people, processes and technology, that monitors the company infrastructure 24·7, detects security incidents and coordinates the response. It can be in-house or run by a provider (SOC as a Service): the second option costs on average a fraction of an in-house round-the-clock SOC.
What a SOC is for
A Security Operations Center is where the security signals from across the company converge. Its job is not just to “see”: it is to decide and act when something is off, at any hour. Without a SOC, alerts sit in queues no one watches at night, exactly when attackers prefer to strike.
People, processes, technology
An effective SOC is made of three things: analysts (triage, investigation, decision), processes (runbooks, escalation, governance) and technology (SIEM, EDR/XDR, threat intelligence). Remove one and the outpost weakens.
In-house or managed?
Building an in-house round-the-clock SOC takes years, rare talent and over a million euros a year. A managed SOC (SOC as a Service) offers the same coverage at a fraction of the cost, operational in weeks. Explore the service: Fortgale managed SOC.
In-house SOC vs managed SOC
| Dimension | In-house SOC | Managed SOC (SOCaaS) |
|---|---|---|
| Annual cost | Over EUR 1M (5+ analysts, SIEM, infra) | Subscription, ~30% of in-house cost |
| Time to start | Months/years | 2-4 weeks |
| 24·7 coverage | Hard (shifts, holidays) | Included 24·7·365 |
| Threat intelligence | To be built | Proprietary, included |
In Operation Storming Tide the Fortgale SOC detected and contained a multi-stage intrusion outside office hours: the value of a truly 24·7·365 outpost, where 76% of attacks happen at night or on weekends.
Read the analysis →Frequently asked.
What is the difference between SOC and MDR?
The SOC is the operational outpost (team, processes, governance, reporting); MDR is the detection and response technology component. In the Fortgale model the managed SOC includes MDR. See What is MDR.
What does SOC as a Service mean?
It is a SOC delivered on subscription by an external provider: round-the-clock monitoring, analysts, SIEM and response included, without building the structure in-house. Ideal for those without the skills or budget for their own SOC.
Does a managed SOC support NIS2 compliance?
Yes: continuous monitoring, IOC collection for the notification to the national CSIRT within 24 hours, documentation and reporting for governance. See NIS2 explained.
What does a SOC monitor?
Endpoint, network, cloud, identity and access, critical applications and, on request, OT/ICS systems, all correlated in a SIEM with rules mapped to MITRE ATT&CK.
From theory to a real operation.
What you read here, Fortgale runs every day with a European SOC 24·7·365: 287 tools and actors profiled, <30 min median containment. Explore the service: Fortgale managed SOC.
Related resources: What is MDR · NIS2 explained
A technical conversation, not a funnel.
Leave your details: an analyst calls you back within one business day. European SOC, same time zone, proprietary intelligence on the actors active across the EU.