4min

Unify your Security Operations Center and Vulnerability Operations Center

Vulnerability management is growing increasingly complex as the number of CVEs and the attack surface expand and evolve. Including vulnerability management in the cybersecurity stack is crucial, so here is why and how you can build bridges between your Vulnerability Operations Center (VOC) and Security Operations Center (SOC).
Cybersecurity Platform MITRE Evaluations

An increase in vulnerabilities that exceeds protection capabilities

As of the first half of 2025, the number of CVEs was already 16 to 18% higher than in 2024 for the same period. Forrester’s data reveal that in 2022, 25% of external attacks were carried out in part or entirely via software vulnerability exploits. Paired with an expanding workspace attack surface that includes cloud, identities, and networks, attackers are outpacing organizations’ defenses.

As a result, the number of tools is increasing, making their management, configuration and maintenance increasingly tedious.

In the face of increasing CVEs, proactive vulnerability management is essential, but to get the most out of it, you need to be able to prioritize needs, which requires an in-depth knowledge of the cyber context and regular testing to stay in tune with the reality of threats targeting your workspace.

Beyond the multiplication of tools, as the 2025 Forrester report “The Unified Vulnerability Management Solutions Landscape” points out, data remains fragmented and unifying vulnerability assessment remains complex to avoid silos despite vulnerability assessment becoming a commodity, Artificial Intelligence could provide answers, but it is not yet fully exploited at this stage – and data qualification remains essential to take full advantage of AI.

In this challenging context, how can you effectively manage priorities to protect your workspace?

What are the priorities for protecting the workspace against vulnerabilities? 

According to Forrester’s report “How to improve collaboration between Vulnerabiity Risk Management and SOC”, enterprises should focus on 3 main issues:

  • Vulnerabilities response (remediation / mitigation)
  • Vulnerabilities prioritization
  • Unified reporting  

Among other tasks, a Vulnerability Operations Center should also focus on monitoring the exploitation of vulnerabilities to assess their emergency level, monitoring the rise of new vulnerabilities, improving attack surface and exposure management, managing risks and business impact, and overseeing external providers and in-house tools to protect the workspace against vulnerabilities. That’s a lot to deal with. But as we’ll see, the solution lies in a close collaboration between SOC and VOC around their common goal: preventing and blocking breaches.

As Forrester notes: “Vulnerability risk management strives to improve the structural components of your risk posture, SOC detects security incidents before they snowball into a breach.” Effective protection requires coordination between the teams that manage proactive and reactive tools.

In other words, the VOC approach consists of reducing weaknesses that can lead to intrusion, and a SOC is designed to detect and respond to threats. The SOC can identify vulnerabilities that would not have been identified or prioritized by the VOC, creating a virtuous circle between teams and approaches.

How SOC and VOC can (and should) collaborate

For example, these pieces of information are relevant for both SOC and VOC: 

  • Business stakes and context
  • Attack surface
  • Actively exploited vulnerabilities
  • Data from endpoints’ activity 

All this data helps prevent threats and manage remediation correctly by prioritizing critical vulnerabilities and establishing a patching schedule.

To this end, SOC analysts and VOC teams must ensure a continuous exchange of information to detect, classify, investigate, and respond to cyber threats. This collaboration also aims to optimize detection and analysis work, without overloading the alert system. Instead, they streamline it with better filtering based on business priorities and the criticality level of assets that may present vulnerabilities.

This can be achieved through shared documentation, adapted workflows, crisis simulation exercises, communication, shared objectives, etc. – and this streamlining process must also be reflected in the choice of tools to support the joint work of the SOC and VOC teams.
 

What tools can unify VOC and SOC? 

A SOC and a VOC should collaborate on a unified platform that integrates vulnerability assessmentdetectioninvestigation, and remediation tools.

A single platform enables organizations to: 

  • Manage different solutions via a single interface, helping security teams both manage the attack surface and block threats 
  • Leverage unified data to facilitate investigations and collaboration between teams
  • Perform a single deployment to optimize resources and compatibility between tools
  • Pool tools on a single agent, limiting the impact on endpoint performance

In a nutshell, by combining Attack Surface Management and EDR into a single platform, you can leverage proactive and reactive security, from vulnerability management to cyber threat response.  


Unifiy SOC and VOC to improve your workspace security. 
Discover HarfangLab’s plans:

All about HarfangLab's plans

More articles

Organise cybersecurity crisis exercise

After the crisis: the importance of investigation

Determining the end of a cyber crisis remains complex, as it is often marked by the cessation of emergency measures…

Read more
3min
Crisis management
IT Hygiene for Cybersecurity

Basic rules for good IT hygiene

The protection of an information system must be constantly adapted to keep pace with changing usage patterns and cyber threats.…

Read more
8min
Methodology
Cybersecurity SOC analysts

Why should organizations care about TDIR?

TDIR (Threat Detection Investigation Response) is a new approach to enhancing the analysis and action capabilities of SOC Managers.

Read more
4min
Methodology
Cybersecurity Metrics

Cybersecurity: choosing an EDR, key points to assess

How do you choose the right solution for your organization to protect your endpoints against threats? What criteria should you…

Read more
7min
Methodology