Softline AG // Services // Information Security and IT Security // Security Operations Center

Security Operations Center (SOC)

A Security Operations Center, sometimes called an Information Security Operations Center or ISOC, is an internal or outsourced team of IT security professionals that monitors an organisation's entire IT infrastructure around the clock to detect cybersecurity events in real time and remediate them as quickly and effectively as possible.

Core task of a SOC

  • Minimisation, detection and analysis of IT security risks
  • Elimination, description and control of risks
  • Support in the implementation of measures and initiation of evidence gathering in the event of suspicions or incidents

Advantages of a SOC

  • Competence unit for combating and preventing cyber threats
  • Central location of all security-relevant systems
  • Protection of IT infrastructure and data against internal and external threats
  • Risk reduction in all security-relevant areas
  • Ensuring compliance with legal requirements regarding the detection and handling of cyber attacks

SOC as a Service

Managed Detection

SIEM as a Service

With SIEM (Security Information and Event Management) as a Service, we offer comprehensive, transparent IT security monitoring for your entire IT infrastructure. SIEM captures log and event data generated by applications, security devices and host systems and stores it on a central platform. The software collects data from antivirus solutions, firewall log files and other locations and classifies it into categories, such as malware activity and failed or successful logins. If it detects a threat in the process, it triggers an alert and indicates a threat level according to predefined rules.

Endpoint Detection & Response as a Service

With Endpoint Detection & Response as a Service, we detect suspicious or threatening activities on all your endpoints quickly and reliably. All background processes and activities on the devices are monitored: program executions and modifications, registry changes, network connections and the like. As soon as they appear suspicious, we intervene.

Vulnerability Management as a Service

The main task of vulnerability management is to check IT systems for known technical vulnerabilities or security gaps. Any vulnerabilities are identified on the basis of a continuously updated list of vulnerabilities. This is based both on the "Common Vulnerabilities & Exposures" database and on notifications published by the manufacturers themselves.

Threat Hunting

Threat Hunting is the search and detection of IoC in the IT infrastructure of a company. On the one hand, this is triggered by an already existing suspicion of a compromise or signs of an IT security incident, which result in a forensic analysis in the form of threat hunting. On the other hand, threat hunting is dedicated to the active search for ongoing attacks or preparatory threatening activities that have already been able to overcome existing defenses and security controls.

Managed Response

"A successful and correct response to an IT security incident can only be made if the state of the system under investigation corresponds as far as possible to the state at the time of suspicion." Managed Response includes, on the one hand, preventive measures to improve the capabilities in the corporate environment to collect resilient or forensically secure digital traces and, on the other hand, to conduct IT forensic investigations according to recognized rules of technology in the event of suspicions or incidents.

Managed Intelligence

Threat Intelligence is evidence-based information about cyberattacks. This intelligence helps organizations stay informed about new threats so they can protect themselves.

Open source intelligence (OSINT for short) is the term used to describe research using publicly available information. It involves using various sources, such as Google, LinkedIn and Twitter, to gather data on a pre-declared target. The knowledge gained from this is incorporated into defensive measures and defense strategies.

Managed Risk


During a penetration test, the tester acts like a potential attacker. He uses the same tools, information sources and tries to bypass the implemented security measures unnoticed. For example, temporary vulnerabilities or structural problems of networks, hardware and software are revealed. In contrast to a real attack, the type as well as the scope of the tests are coordinated with the responsible persons beforehand and during the execution. In addition to documenting the procedure, a comprehensive report evaluates the current security level and makes suggestions for improvement.


The Cybersecurity Assessment is used to determine the maturity level of an organisation's cyber security based on the Center of Internet Security (CIS) Critical Security Controls. The CIS Critical Security Controls represent the most respected standard for effective cyber defense. They provide specific and actionable ways to stop today's most widespread and dangerous cyberattacks. The CIS Critical Security Controls do not attempt to replace comprehensive standards such as ISO 27001/27002, BSI IT-Grundschutz or the NIST Cybersecurity Framework. A key advantage of the CIS Controls is that they are derived from the most common attack patterns and enable rapid identification of the necessary next steps.

Benefits and services

  • 24/7 availability
  • Separate premises with access control
  • Sufficient number of office and control center workstations
  • BSI-accredited APT response service provider
  • ISO 27001 / ISO 9001 certifications
  • Dedicated Internet access

  • Trained IT forensic specialists

  • Information security specialists

  • IT security experts

A strong team of SOC experts: many years of expertise, bundled competence & secure customers



Further information

Are you interested in our SOC as a Service or would you like to learn more without obligation? Call us, send us an email or use our contact form. We look forward to your inquiry!

+49 341 24051-0

Contact form