Reducing the Time an Intruder Spends in the Network
IT security pros need to consider metrics such as dwell time, or reducing the time a threat is in a network, which helps strengthen overall security posture.
31% of respondents are still very confident about their security posture, but 65% are only somewhat confident.
28% of respondents said the security metrics they use to communicate are effective whereas 65% said the metrics are only somewhat effective.
Executives rely on quantitative metrics while breaches occur.
63% of respondents said they have experienced breaches that resulted in the lost or compromised data this past year.
Executives are not confident about their security posture because of the way they measure it; most count alerts and incidents, which does not shed light on the real security posture.
“Using quantitative metrics—like counting breaches, totaling response times, and calculating downtime—does not help when breaches are a constant,” the report states.
Rather than measure dwell time, more organizations measure cost of incidents (39%) and reduction in vulnerabilities (39%). These are not as important as how long the threat, attacker or attack vector exists inside an organization and actions taken once past defenses.
Only 33% of those surveyed measure dwell time, the elapsed time from initial breach to containment. If you limit the time a threat exists, damage to the enterprise will be minimized.
Attackers spend an average of 229 days inside a network before they are discovered. The cost of the average breach: $5.85 million in the United States.
Reduce the time a malicious threat acts from within. This will greatly reduce potential damage, speed of mitigation and contain exposure.