A SOC is able to execute its mission precisely because the adversary does not know where or how monitoring and response capabilities operate. SOC operators must assume that a compromise will happen at some point; therefore, it must operate in a non-trust environment while at the same time protecting critical information assets. The following figure from the Zimmerman manual (2014) shows the architecture of a protected SOC.
Zimmerman, C. (2014). Ten Strategies of a World-Class Cybersecurity Operations Center. The Mitre Corporation.