IT Support Key Metrics: What are Mean-Time-To-Detect (MTTD) and Mean-Time-To-Respond (MTTR)?
In cybersecurity, a critical metric of the success of IT security management is the response time. In the event of a attacker incident, time is of upmost importance. The remedial actions need to be fast in order to prevent further damages. In the case of malware attacks such as ransomware, a fast response time is needed to prevent the malicious software from spreading further in the company’s network and affecting all of its systems. In the event of a data leak, the source of the leak must be identified quickly in order to prevent more information from being leaked. Also, end users must be contacted in a timely manner in these situations.
Consider the scenario where a piece of wormable malicious software enters a company’s network at 8:00am in the morning. Wormable malware is particularly dangerous due to the fact that it can spread itself throughout a network of unprotected computers once it gains initial access. If it takes 3 hours for the company to detect the malware, and then another hour to react and take preventative measures, the virus would have significantly more time to infiltrate and spread itself than if reaction and response time were within the first hour. A malware attack which would otherwise have been isolated to a single machine may now affect several devices on the company network. Low MTTD and MTTR are essential metrics to determine your company’s preparedness against cyberattack.
To keep track of an IT organization’s success in responding to incidents in a timely manner, two standardized metrics are used.
MTTD, or Mean Time to Detect, is the average amount of elapsed time it takes to detect a security incident. The shorter the time to detect an incident, the faster that remedial actions can be taken. Calculating the average MTTD is simple – take the difference between the time that the incident occurred, and the time that the IT team was notified of the issue. For example, if an incident occurred at 12:15pm, and the IT team was notified of the issue at 12:25pm, then the time to detect (TTD) would be 10 minutes. To calculate MTTD, take the average TTD over a period of time. Mean time to respond, or MTTR, is the total time that it takes to rectify the IT situation, or mitigate the threat once it has been detected. Calculating MTTR is similar to calculating MTTD, except the resolution time is compared to the time that the incident occurred.
Minimizing MTTD and MTTR are critical aspects of optimizing IT support efficiency. Learn more about IT security and network best practices to keep your business protected from cyberattack in our cybersecurity guides here.
Give us a call at +1 888 366 4443 or email us at firstname.lastname@example.org for a consult on strategies to improve your organization’s cybersecurity.