In an increasingly dynamic digital environment exposed to sophisticated threats, organizations face the challenge of comprehensively protecting their information assets. One key strategy involves the deployment of Security Operations Centers (SOC), which integrates people, processes, and technologies to detect, analyze, and respond to security incidents in real time. This article offers a critical narrative review of academic and technical publications from 2016 to 2025 on operational maturityOperational maturity models and conceptual frameworks that guide proactive threat detectionThreat detection. The study identifies widely adopted models inspired by capability-based frameworks, which address technical, human, procedural, and governance dimensions of SOC development. It also examines threat hunting methodologies such as MITRE ATT&CK, the Diamond Model, and the Threat Hunting Maturity Model, showing how they support hypothesis-driven investigations, adversary behavior mapping, and the progressive evolution of organizational hunting capabilities. Findings indicate that combining maturity frameworks with structured threat detectionThreat detection approaches enables organizations to transition from reactive defense postures toward adaptive and anticipatory security strategies. In practical terms, the review provides organizations with tools to prioritize investments, strengthen operational processes, and design training initiatives, while offering researchers a foundation for refining evaluation models and testing their applicability across diverse sectors. Limitations include the lack of standardization among frameworks and the methodological heterogeneity of existing studies. Future research should validate these models in real-world SOC environments, assess their impact on operational indicators such as Mean Time to Detect and Mean Time to Respond and explore the integration of emerging technologies, including artificial intelligenceArtificial intelligence, automationAutomation, and digital twinsDigital twins to enhance threat management capabilities.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Evolution and Challenges of Security Operations Centers in the Digital Age

  • Vanessa Elena Morocho-Sailema,
  • Homero J. Velasteguí,
  • Ángel Gabriel Jara-Elizalde

摘要

In an increasingly dynamic digital environment exposed to sophisticated threats, organizations face the challenge of comprehensively protecting their information assets. One key strategy involves the deployment of Security Operations Centers (SOC), which integrates people, processes, and technologies to detect, analyze, and respond to security incidents in real time. This article offers a critical narrative review of academic and technical publications from 2016 to 2025 on operational maturityOperational maturity models and conceptual frameworks that guide proactive threat detectionThreat detection. The study identifies widely adopted models inspired by capability-based frameworks, which address technical, human, procedural, and governance dimensions of SOC development. It also examines threat hunting methodologies such as MITRE ATT&CK, the Diamond Model, and the Threat Hunting Maturity Model, showing how they support hypothesis-driven investigations, adversary behavior mapping, and the progressive evolution of organizational hunting capabilities. Findings indicate that combining maturity frameworks with structured threat detectionThreat detection approaches enables organizations to transition from reactive defense postures toward adaptive and anticipatory security strategies. In practical terms, the review provides organizations with tools to prioritize investments, strengthen operational processes, and design training initiatives, while offering researchers a foundation for refining evaluation models and testing their applicability across diverse sectors. Limitations include the lack of standardization among frameworks and the methodological heterogeneity of existing studies. Future research should validate these models in real-world SOC environments, assess their impact on operational indicators such as Mean Time to Detect and Mean Time to Respond and explore the integration of emerging technologies, including artificial intelligenceArtificial intelligence, automationAutomation, and digital twinsDigital twins to enhance threat management capabilities.