IT Support Key Metrics: What are Mean-Time-To-Detect (MTTD) and Mean-Time-To-Respond (MTTR)?
In cybersecurity, a critical metric of the success of IT security management is the response time. In the event of a attacker incident, time is of upmost importance. The remedial actions need to be fast in order to prevent further damages. In the case of malware attacks such as ransomware, a fast response time is needed to prevent the malicious software from spreading further in the company’s network and affecting all of its systems. In the event of a data leak, the source of the leak must be identified quickly in order to prevent more information from being leaked. Also, end users must be contacted in a timely manner in these situations. To keep track of an IT organization’s success in responding to incidents in a timely manner, two standardized metrics are used.
MTTD, or Mean Time to Detect, is the average amount of elapsed time it takes to detect a security incident. The shorter the time to detect an incident, the faster that remedial actions can be taken. Calculating the average MTTD is simple – take the difference between the time that the incident occurred, and the time that the IT team was notified of the issue. For example, if an incident occurred at 12:15pm, and the IT team was notified of the issue at 12:25pm, then the time to detect (TTD) would be 10 minutes. To calculate MTTD, take the average TTD over a period of time. Mean time to respond, or MTTR, is the total time that it takes to rectify the IT situation, or mitigate the threat once it has been detected. Calculating MTTR is similar to calculating MTTD, except the resolution time is compared to the time that the incident occurred.
Minimizing MTTD and MTTR are critical aspects of optimizing IT support efficiency. Learn more about IT security and network best practices to keep your business protected from cyberattack in our cybersecurity guides here.