The security operations center (SOC) of the future
(Spoiler: it's not just louder alarms)
Three Points to Remember
- The security operations center (SOC) of the future is designed to integrate threat detection and proactive defense to reduce cyber risk, not just increase alert volume
- UpHold Effect™ is designed to strengthen security posture through automation and deception, with a goal of reducing attack surface and preventing breaches before detection.
- UpHold Aware™ is designed to transforms telemetry into actionable intelligence, improving threat detection speed, with a goal of reducing false positives and supporting faster incident response
For the better part of two decades, we’ve been building security operations centers (SOCs) that do one thing exceptionally well: generate alerts.
We’ve gotten really good at it.
We’ve added more telemetry, more feeds and more dashboards. We’ve made query engines faster and built increasingly sophisticated correlation logic.
And yet, most SOC leaders still say the same thing: “We’re busier. We’re not necessarily safer.”
That’s not a criticism of the teams. It’s a recognition the model needs to evolve.
The reality is simple: detection alone is not enough. And defensive posture alone is not enough. The SOC of the future requires both to be integrated by design.
That’s why we’re developing two mission drivers that traditionally lived in parallel lanes: UpHold Effect™ and UpHold Aware™. Effect and Aware will both be part of the UpHold product suite that keep missions connected and secure through any condition. These Mission Drivers are being designed to help transform SOCs to be more resilient and prepared to defend against tomorrow’s advanced persistent threat actors in two ways.
First: You cannot detect your way out of systemic gaps in your environment
If your attack surface is sprawling, your cloud configurations drift daily and your defensive controls operate in isolation, the SOC becomes a very expensive notification service.
That’s where UpHold Effect™ comes in.
Effect is being designed to deliver layered, mission-aligned cybersecurity by combining deception, cloud security and continuous attack surface management to reduce exposure and limit adversary freedom of movement.
It aims to make environments harder to exploit, slow attackers down and generate higher-fidelity signals. It is being developed to reduce the probability and impact of compromise before an analyst ever touches the console.
In short, we’re designing Effect to shape the battlefield.
But strong defensive posture without operational intelligence only solves half the problem.
Second: Visibility without intelligence is just noise
Modern environments generate telemetry across identity, network, endpoint, cloud and edge. Adversaries exploit the seams between them. If your SOC cannot correlate across enterprise cross-functional activity and prioritize based on mission impact, you’re left with alert volume and analyst fatigue.
That’s where UpHold Aware™ comes in.
Aware is being designed to unify telemetry, cross-domain correlation and machine-augmented analytics to transform raw cyber data into prioritized, actionable intelligence.
It aims to help protect enterprise environments with earlier detection of complex, multi-stage threats, align signals to mission impact and help analysts focus on high-value decisions instead of sorting through noise.
Aware is not just about collecting data – it is being built to make that data understandable.
Together: The Leidos SOC of the future
When combined, UpHold Effect™ and UpHold Aware™ create something more meaningful than incremental improvement.
Effect is being designed to reduce exposure and strengthen security posture.
Aware is being designed to deliver the intelligence needed to understand threats in context.
One is designed to see and understand. One is designed to decide and act.
Together, they are being designed to reduce both the likelihood and impact of a breach.
The integration is also expected to matter operationally. Deception signals from Effect are planned to feed directly into Aware’s analytics. Attack surface insights will help refine detection priorities. Intelligence generated by Aware is intended to drive precise, proportional actions to be enforced by Effect – with human oversight and explainability built in.
And, because this is the real world, we are designing them to work in denied, disrupted, intermittent and bandwidth-constrained conditions. The goal is for visibility to persist, defensive controls to remain effective, and mission impact to drive prioritization.
We are designing a smarter SOC, not a louder SOC.
Security leaders do not need more dashboards. They need measurable risk reduction, faster containment, defensible automation and mission confidence.
If we build toward that, we can work toward having a SOC that does more than tell us we have a problem.
The Leidos SOC of the future is being developed to deliver what leaders actually need: measurable risk reduction at mission speed – where cybersecurity authority meets unmatched agility.
