Glossary

SOC (Security Operations Center)

A Security Operations Center (SOC) is the team and facility responsible for continuously monitoring an organization's security posture. SOC analysts triage alerts from EDR, SIEM, and cloud security tools; investigate suspected incidents; and execute the initial response. SOCs run 24×7 in shifts or with rotating on-call schedules.

In depth

A mature SOC has tiered analysts (Tier 1 / 2 / 3), defined runbooks for common alert types, agreed escalation paths, and measurable performance metrics like MTTR. SOC operations typically span detection, triage, investigation, containment, eradication, recovery, and lessons learned.

SOCs vary widely in size — from a single security engineer at a startup to several hundred analysts at a Fortune 500 — but the core challenge is the same: route the right alerts to the right people at the right time, and reduce dwell time as far as possible.

SOC and PocketSOC

PocketSOC is built specifically for the on-call SOC workflow. The on-call SOC use case describes how portal-managed credentials, group-based push routing, and on-call schedules combine to wake up only the right analyst — and let them respond from a phone instead of getting to a console.

EDR →

Endpoint Detection and Response (EDR) is a category of security software that continuously monitors endpoints — laptops, servers, and workstations — for malicious activity.

SIEM →

A Security Information and Event Management (SIEM) platform centralizes logs and security events from across an organization — endpoints, network devices, cloud services, identity providers — and runs detection rules against the combined feed.

MTTR →

Mean Time to Respond (MTTR) is the average elapsed time between when a security alert is generated and when the SOC takes a meaningful response action.

Incident Response →

Incident response (IR) is the structured process of preparing for, detecting, containing, eradicating, recovering from, and learning from security incidents.

Alert Fatigue →

Alert fatigue is the condition where SOC analysts become desensitized to security alerts because the signal-to-noise ratio is too low.