What is the difference between a security operations center and an incident response team?

A security operations center, or SOC, is a centralized team that continuously monitors, detects, and triages security events using SIEM, endpoint detection, and other tools during daily operations. The SOC focuses on real-time detection and initial response. An incident response team, or IRT, is activated when a confirmed security incident requires deeper investigation, containment, eradication, and recovery beyond what the SOC handles during routine monitoring.