SOC Reimagined: Scalable, Customizable, Built for Resilience

In today’s dynamic threat landscape, cyber resilience requires more than just passive defense. It calls for a proactive, flexible, and integrated approach to security operations. That’s where the modern Security Operations Center (SOC) comes in, and at Samlink, SOC services are evolving into something smarter: modular, extendable, and tailored. 

According to Christian Eichin, Chief Information Security Officer at Samlink, modern SOCs are no longer hidden in the background. 

“They’ve moved into a more primary role, becoming proactive and anticipatory. A modern SOC should not just keep up with threats. It should aim to stay one step ahead.” 

SOC as a Modular Umbrella

Christian describes the SOC as an umbrella structure made up of multiple modules with an overarching governance, each serving a distinct function. From vulnerability and malware management to threat intelligence, application monitoring, incident response and forensics and additional functionalities, the modular setup enables customized services to match the specific needs, maturity, and infrastructure of each customer.  

“Customers are never in the same place. Some have legacy systems, others are building new environments. Modularity allows us to scale and adapt, to integrate with what’s already in place, step by step.” 

This flexibility also supports regulatory developments, such as the upcoming DORA requirements. The SOC’s data-gathering capabilities can be extended to support new reporting obligations, giving clients an edge in compliance readiness. 

Start Small, Scale Smart

Many organizations already have some kind of security structure in place, even if it isn’t formally called a SOC. That’s why Samlink often begins with a discovery and definition phase, mapping out the customer’s current state, needs, and goals. 

“Sometimes the customers don’t even fully know what they need, and that’s completely okay. We work together to discover it,” Christian says. 

From there, services are built incrementally and then fine-tuned. This avoids risky “big bang” transitions and ensures new modules integrate seamlessly with governance and existing processes. 

While automation and AI are increasingly vital in cybersecurity, especially at the first-response level, Christian underlines that human expertise remains essential. 

“You’ll see a shift. More automation at the first level, but deeper investigation and decision-making will always need human input. Also, let’s not forget: the bad actors are using AI, too. We need to stay just as fast or even faster.” 

Looking Ahead: From SOC to SNOC 

One future development already underway is the convergence of Security Operations Centers (SOC) with Network Operations Centers (NOC), also known as SNOC. This integration enhances efficiency and visibility by breaking silos between teams responsible for network management and security. 

At the same time, modular SOC design opens the door to incorporating new disciplines, such as regulatory reporting or quality assurance, into the framework. 

Christian emphasizes that a SOC doesn’t operate in isolation. It is one element of a broader cyber resilience strategy, which in Kyndryl’s framework includes four pillars: Anticipate, Protect, Withstand, and Recover. 

“SOC falls under the ‘Withstand’ phase. It is important, but not enough on its own. Real resilience comes from integrating all four.”