Wednesday, Sep 9, 2020
BY: Team Nuspire
Mean time to detect (MTTD) and mean time to respond (MTTR) are two of the most important cybersecurity KPIs. Speed of detection and response is crucial to limiting the time attackers are in your environment before they are eradicated. Unfortunately, bringing down MTTD and MTTR continues to challenge SecOps teams.
MTTD and MTTR differ for every organization, but let’s see what recent studies show:
- 56% of breaches took months or longer to discover.
- 53% of organizations detected threats within 24 hours, 28.8% in 2 to 30 days and 13.5% in 1 to 6 months.
- 67% of organizations moved from detection to containment within 24 hours and 31.3% in 2 to 90 days.
- 33.1% of organizations moved from containment to remediation within 24 hours and 62.7% within 2 to 90 days.
The longer the dwell time the more chance of data exfiltration, financial loss or other damage, so reducing it is a good step in the right direction. But reducing MTTD and MTTR depends on variables such as visibility, staffing, alert volume and technology – familiar and persistent themes. As of July 2020, the U.S. has less than half of the cybersecurity candidates it needs to keep up with demand. Many organizations that are able to find the skilled staff they need have trouble retaining them though.
One study says 16% of organizations receive 100,000 or more daily alerts. Another finds that 27% of cybersecurity professionals say their security products generate high volumes of security alerts, making it difficult to prioritize and investigate security incidents. This alert fatigue makes retaining top talent an additional challenge.
A further complication is that business leaders often focus on risk reduction and the bottom line while SecOps teams want to reduce complexity to make detection and response more efficient. The right EDR solution can bridge the two camps and help reduce MTTD and MTTR when it offers:
- Continuous monitoring and scanning
- Integrated threat intelligence
- Static and dynamic machine learning
- Automated workflows
- Endpoint isolation
Learn more about these critical capabilities and the benefits of EDR by downloading a new white paper from SentinelOne and Nuspire, “Top Ways to Shorten Cybersecurity Remediation Cycles.” It’s a quick read that explains how business and SecOps goals can be met without additional resources.
- Verizon, 2019 Data Breach Investigations Report.
- SANS 2019 Incident Response Survey. August 2019.
- Security Magazine, New Research Shows U.S. Cybersecurity Talent Shortage. July 15, 2020.
- CISO Benchmark Study. February 2020.
- ESG blog, Security Point Tools Problems. January 30, 2019.