Building SOCs is, and will always be, one of our core offerings. 20 years ago, our SOCs used disparate monitoring capabilities and mostly relied upon security analysts to correlate the information across multiple screens and platforms.
In more recent times, Security Information Events Managers (SIEM) have enabled high level reporting of events from a single pane of glass. We still don't see the SIEM or even SOAR as panaceas, but recognise their invaluable contribution to effective analysis within a SOC.
The gathering of security events and the analysis of them is just a part of running a SOC, there are many other areas which must be considered, our consultants have been integral in the building of many SOCs from small businesses, through large enterprises with 100s of thousands of users, to Managed Security Service Providers who monitor numerous clients.