What is a Security Operations Center (SOC) and what four building blocks does it consist of?
A SOC is a team — chiefly security analysts — organised to detect, analyse, respond to, report on and prevent cyber security incidents, built from Location, People, Tools and Process.
* A SOC's four building blocks — Location, People, Tools and Process. *
The SOC is the operational home of incident management. Its definition centres on a team of security analysts whose mission spans the whole incident lifecycle: detect, analyze, respond, report, prevent. To do that it needs four components working together: Location (the physical/virtual operating environment), People (analysts and supporting roles), Tools (the technology stack such as SIEM and detection platforms) and Process (the defined workflows that turn alerts into handled incidents).
Go deeper:
Security Operations Center (Wikipedia) — Definiert den SOC (24/7-Monitoring, Incident-Investigation).