SOC – Security Operation Center

A Security Operations Center (SOC) is a specialized security center based on three pillars: people, technology, and processes/procedures.
It enables continuous monitoring, threat detection, and security analysis of systems and IT infrastructure. The SOC is a guarantee of rapid response to incidents that may have a negative impact on the organization’s activities.

Scope of the SOC Services

Monitoring and handling of incidents

  • collecting, analyzing, and correlating events that occur in customer’s networks and systems
  • data collected during the automatic verification in the systems are then checked by analysts
  • detection of security events or incidents
  • assessing the impact of an IT security incident on customer’s systems
  • inspecting the false alarms (false positives)
  • incident handling in accordance with procedures (e.g., incident escalation)

Response to incidents (expansion of incident monitoring and handling service)

  • remote response to a detected cyber event
  • contact with the customer’s security team
  • consulting on measures to mitigate the negative effects of the incident
  • collecting missing information in case of a more advanced attack
  • in-depth analyses, e.g.. the analysis of found malware, botnet, or command and control (C&C) samples
  • support in the scope of post-event analysis (forensics)


  • proactive control, preventing multiple ICT security incidents
  • penetration testing and security reconnaissance
  • security audits and reviews
  • vulnerability search and assessment
  • support for ensuring compliance with legal or corporate requirements in the scope of information security
  • consulting on the organization of proprietary security teams (processes, technologies, human resources)

SOC Team

Specialists undertaking all of the above tasks for our customers. They are highly experienced andhighly competent, which is confirmed by the certificates and diplomas in the field of ICT security they have received.

Certificates and completed courses

  • ISO 27001 Lead Auditor
  • ISO 22301 Lead Auditor
  • Prince2 Foundation
  • ITIL Foundation
  • CompTIA Security+
  • GIAC Certified Incident Handler Certification (GCIH)
  • GIAC Response and Industrial Defense (GRID)
  • Certified Incident Handling Engineer ( C)IHE )
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • OffSec Certified Professional (OSCP)
  • OffSec Wireless Professional (OSWP)
  • OffSec Web Expert (OSWE)
  • Certified Ethical Hacker (CEH)
  • eLearnSecurity Web Application Penetration Tester (eWPT)
  • eLearnSecurity Junior Penetration Tester (eJPT)
  • Cisco Certified Internetworking Expert (CCIE)
  • Cisco Certified Network Professional (CCNP)
  • Cisco Certified Network Associate (CCNA)
  • Cisco Certified Specialist – Web Content Security (CCS-WEBCS)
  • Cisco Certified Specialist – Security Core (CCS-SCORE)
  • Fortinet NSE 4 Network Security Professional

The SOC Team is divided into three lines of support:

1 line (L1)

Specializes in customer service, ICT security monitoring, incident selection and prioritization (triage).

2 line (L2)

Responsible for the area of incident management, including coordination of incident handling and closure of tickets.

3 line (L3)

Experts specialized in advanced security services, such as analysis of complex threats, attack techniques, or administration and tuning of security platforms.

Service Variants

Depending on the customer’s needs, the complexity of ICT systems, and already implemented security processes and procedures, our team will compose an offer that best fits the requirements.

SOC Assistance

An on demand response, for which EXATEL’s support begins when a security incident is detected on the customer’s side. Our SOC experts remain on standby and will help when you need to respond to an incident.

SOC Starter

A proactive service to provide core support to a team of experienced cybersecurity analysts. Analysis of events generated by IT systems can be carried out using both the customer’s and EXATEL’s security solutions.

SOC Support

If more extensive support is required, EXATEL’s specialised 2nd and 3rd line SOC engineers (in addition to assisting with security incidents) will perform work in project mode on advanced cyber security services, like:

  • consulting on network architecture and solutions,
  • an analysis and reconfiguration of selected security systems (Anti-DDoS, NGFW, IPS, NAV, SIEM, EDR, SSL decryption, OT security, and others),
  • consulting on cyber security, communications security, and solutions’ architecture;
  • testing compliance with standards, preparing for certification to selected standards, developing and improving safety procedures;
  • training courses developed by EXATEL specialists based on their own experience in, for example, incident handling;
  • phishing tests.

SOC Hybrid

In addition to the above variants, it is possible to provide SOC service in a hybrid model, in which 24‑hour service is shared with the customer’s team. Such demand is mainly driven by the customer’s need to provide in-house cyber security services on a 24/7 basis.

The insufficient size of the Customer’s team to work around the clock is usually a challenge here. Realistically, such teams can only provide internal SOC services during office hours. Then SOC EXATEL can provide service in various modes, e.g. 16/7 or other.

SOC – Benefits

  • a comprehensive approach to protecting critical infrastructure from cyberthreats
  • customer infrastructure monitoring service by SOC available 24x7x365
  • access to the knowledge of experienced analysts and cybersecurity specialists with a wide range of competence
  • the service can be provided using the SIEM system running on EXATEL’s secure infrastructure
  • no need for expensive investment, implementation, and maintenance of own system to monitor and respond to security incidents
  • SLA guarantee covering service performance and security incident resolution time

Frequently asked questions_

How to convince the board to invest in cyber security. How can you help?

Are SOC services only available for large organisations?

Why do I need a SOC?

Why is SOC as a service better than one created internally?

More knowledge_

Would you like to find out more details about our project?