Match the SOC metric with the description. (Not all options apply.)

1. MTTD (Mean Time to Detect) – This metric corresponds to “The average time that it takes for the SOC personnel to identify that valid security incidents have occurred in the network.” It measures the efficiency of the SOC in detecting security incidents.
2. MTTC (Mean Time to Contain) – This metric should match with “The time required to stop the incident from causing further damage to systems or data.” It assesses the speed at which a security team can limit the impact of the incident.
3. MTTR (Mean Time to Respond) – This metric is typically associated with “The average time that it takes to stop and remediate a security incident.” It evaluates how quickly the SOC can address and resolve the incident after it has been detected.

The last description given, “The average length of time that threat actors have access to a network before they are detected and their access is stopped,” is a definition that could be associated with Mean Time to Detect (MTTD) as it involves the detection time, but it could also refer to another metric known as “Mean Time to Identify” (MTTI), which is not listed here. It’s important to note that in some contexts, MTTR can also refer to Mean Time to Recover/Repair, which is the average time taken to recover from an incident and restore services to normal. However, in the context of the options provided, the match to MTTR as explained is the most appropriate.