SOC provider glossary

A Security Operations Center is a centralized facility or team responsible for monitoring, detecting, analyzing,...

A Managed Security Service Provider is a third-party company that provides outsourced monitoring and management of...

Managed Detection and Response is a cybersecurity service that combines technology and human expertise to perform...

SOC as a Service is a subscription-based model where a third-party provider delivers full security operations...

Managed SIEM is a service where a third-party provider deploys, manages, and monitors a SIEM platform on behalf of...

Managed EDR is a managed service that provides outsourced monitoring, investigation, and response for an...

Extended Detection and Response is a security approach that collects and correlates data across multiple security...

A Virtual Chief Information Security Officer is an outsourced security executive who provides strategic security...

SIEM is a security solution that aggregates and analyzes log data from across an organization's IT infrastructure...

SOAR refers to technologies that enable organizations to collect security threat data, automate responses to...

Endpoint Detection and Response is a cybersecurity technology that continuously monitors end-user devices to...

Network Detection and Response is a security solution that monitors network traffic in real time, using behavioral...

Incident Response is the organized approach to addressing and managing the aftermath of a security breach or...

Digital Forensics and Incident Response combines the disciplines of investigating cyberattacks to determine what...

Threat hunting is the proactive practice of searching through networks and systems to detect and isolate advanced...

Detection engineering is the practice of designing, building, testing, and maintaining threat detection rules and...

A false positive is a security alert that incorrectly indicates a threat or malicious activity when none actually...

Mean Time to Detect is a key SOC performance metric that measures the average time elapsed between the onset of a...

Mean Time to Respond is a key SOC performance metric that measures the average time from when a security threat is...

User and Entity Behavior Analytics uses machine learning and statistical analysis to establish baseline behavior...

Cloud Security Posture Management is a category of security tools that continuously monitor cloud infrastructure...

A Cloud-Native Application Protection Platform is a unified security solution that combines cloud security posture...

A Cloud Workload Protection Platform is a security solution designed to protect workloads — including virtual...

Identity and Access Management is the framework of policies and technologies that ensures the right individuals...

Privileged Access Management is a security discipline that controls and monitors access for accounts with elevated...

Identity Threat Detection and Response detects and responds to identity-based attacks like credential theft,...

Zero Trust is a security framework that requires all users and devices — whether inside or outside the network...

Data Loss Prevention encompasses the strategies, tools, and processes used to prevent sensitive data from being...

An endpoint is any device that connects to a network and can serve as an entry point for threats, including...

The attack surface is the total sum of all points — including software, hardware, network endpoints, APIs, cloud...

Threat intelligence is evidence-based knowledge about existing or emerging cyber threats, including context,...

MITRE ATT&CK is a globally recognized knowledge base and framework of adversary tactics, techniques, and...

Vulnerability management is the continuous process of identifying, evaluating, prioritizing, and remediating...

Penetration testing is an authorized simulated cyberattack performed against an organization's systems to evaluate...

A red team is a group of security professionals who simulate real-world adversary tactics, techniques, and...

A blue team is the defensive security team responsible for maintaining an organization's security posture,...

A purple team is a collaborative security exercise or function where red team (offensive) and blue team...

Security posture refers to the overall strength and effectiveness of an organization's cybersecurity defenses,...

A compliance framework is a structured set of guidelines, standards, and best practices — such as SOC 2, HIPAA,...

Cyber insurance is a specialized insurance product that helps organizations mitigate the financial impact of cyber...

Log management is the practice of collecting, storing, normalizing, and analyzing log data generated by systems,...

A breach warranty is a financial guarantee offered by some MDR providers that pays out a specified amount...

The threat landscape is the full scope of current and emerging cyber threats facing an organization or industry,...