• Investigating Potential Incidents: SOC teams receive a large number of alerts, but not all
alerts point to real attacks.
• SOC analysts are responsible for digging into a potential incident to determine if it is a
real attack or a false positive.
• Triaging and Prioritizing Detected Incidents: Not all security incidents are created equal,
and an organization has limited incident response resources.
• Once an incident has been identified, it needs to be triaged and prioritized to optimize
resource utilization and minimize enterprise risk.
• Coordinating an Incident Response: Responding to an incident requires engagement
with multiple stakeholders and the use of a variety of different tools.
• Security is part of the business, and SOC teams need to report to management like any
other department.
• Patching Vulnerable Systems: Exploitation of vulnerabilities is a common attack vector for
cybercriminals. SOC teams are responsible for identifying, applying, and testing patches for
vulnerable enterprise systems and software.
• Addressing Support Tickets: Many SOC teams are part of the IT department. This means
that SOC analysts may be called upon to address support tickets from an organizations’
employees.