Two of the key capabilities defenders must have include detection and response. Detection and response often take the form of a security operations center (SOC). A SOC is the holistic approach to the people, processes, and technology involved in detecting, analyzing, and engaging the first level response to a cybersecurity incident. SOCs start with this core mission and employ a variety of individuals from junior level analysts to senior malware analysts.
Article Link: https://www.cybereason.com/blog/3-straightforward-ways-to-build-a-soc