Mean time to detect (MTTD) and mean time to respond (MTTR) are two of the most important cybersecurity KPIs. Speed of detection and response is crucial to limiting the time attackers are in your environment before they are eradicated. Unfortunately, bringing down MTTD and MTTR continues to challenge SecOps teams.
MTTD and MTTR differ for every organization, but let’s see what recent studies show:
The longer the dwell time the more chance of data exfiltration, financial loss or other damage, so reducing it is a good step in the right direction. But reducing MTTD and MTTR depends on variables such as visibility, staffing, alert volume and technology – familiar and persistent themes. As of July 2020, the U.S. has less than half of the cybersecurity candidates it needs to keep up with demand. Many organizations that are able to find the skilled staff they need have trouble retaining them though.
One study says 16% of organizations receive 100,000 or more daily alerts. Another finds that 27% of cybersecurity professionals say their security products generate high volumes of security alerts, making it difficult to prioritize and investigate security incidents. This alert fatigue makes retaining top talent an additional challenge.
A further complication is that business leaders often focus on risk reduction and the bottom line while SecOps teams want to reduce complexity to make detection and response more efficient. The right EDR solution can bridge the two camps and help reduce MTTD and MTTR when it offers:
Learn more about these critical capabilities and the benefits of EDR by downloading a new white paper from SentinelOne and Nuspire, “Top Ways to Shorten Cybersecurity Remediation Cycles.” It’s a quick read that explains how business and SecOps goals can be met without additional resources.