Whether it is a burglar in your home or a hacker in your network, if you can limit the time before they are spotted and stopped in their tracks, you might prevent them from achieving their goal.
So, if we can lower cyber dwell times, also known as meantime-to-detect (MTTD), mean-time-to-respond (MTTR), or a combination of both, it should help in reducing the impact of cyber crime. But while lowering cyber threat dwell times always help, until you lower them to under a few hours or days, many cyber-attacks will still succeed. Often, successful cyber-attacks happen in minutes or hours. Dwell time is less important when criminals go for quick data smash and grabs.
That aside, it’s worth analysing how cyber threat dwell time has lowered over time and what security benefits that has.
Dwell time is down
The reduction in dwell times is largely down to more organisations deploying better internal detection and response controls such as EDR, XDR and SIEM tools. According to Mandiant’s M-Trends report for 2022, median dwell time for cyber threats was down to 21 days in 2021. While that’s only three days lower than 2020’s results, it’s a massive 184 days lower than 2014’s result of 205 days. Lowering dwell time from about seven months to just under a month is certainly progress.
That said, not every group monitoring dwell time shows such rosy results. IBM and Ponemon Research have published their Cost of a Data Breach Report for many years, tracking dwell time related metrics over a long period. According to the 2022 report, the mean time to ident ..
Support the originator by clicking the read the rest link below.
