Dwell Time

Dwell Time is the amount of time threat actors go undetected in an environment. In other words, when a hacker intrudes into your network or systems, the dwell time is that amount of time from point of entry to the point they are caught or the organization notices they have been breached by this hacker.

In 2017, Mandiant reported that the average dwell time of a threat in a corporate environment was 99 days. As of May 2018 it was up to 101, and that’s just an average. Many organizations have discovered threats that had lurked in their environments years before being discovered. It makes sense that the average amount of dwell time would increase as the amount of cybersecurity threats in general have been increasing. Understanding the importance of cybersecurity and securing your business will help reduce the likelihood of having a hacker sit in your systems for days and months. 

Source: ExtraHop

Additional Reading: Many Ransomware Attacks Can be Stopped Before They Begin

Related Terms: Hacker, Ransomware

What does this mean for an SMB?

Stopping attackers from sitting in your networks and systems starts with having strong governing policies in place to guide your employees in using cybersecurity best practices. Training employees on how to use protective technologies such as a password manager, adopting unique, complex 14+ character passwords, and how to spot and delete phishing attacks, provides the best protection against the most common breach mechanisms. Avoiding these common weaknesses hardens your SMB perhaps much more than other SMB’s, removing the large target on your company.  
 
Other steps SMB’s can take to identify intruders within their environment and to reduce dwell times for intruders in their environment, are to ensure you have good endpoint visibility by deploying technical protections universally to all systems such as next-generation Antivirus, anti-malware, and even DNS-based solutions. Then you must monitor those systems for abnormalities and investigate alerts, carefully and diligently looking for common Tactics, Techniques, and procedures to identify hackers inside your network.

Finally, take pains to backup and encrypt critical data at rest and in motion within your environment to ensure it is protected and available when you need it.

CyberHoot can help train your employees, develop and deploy strong cybersecurity policies, and provide you with dark web exposure reports to your domain’s employees. Phishing tests are available to test your employees on a recurring basis to ensure they stay vigilant and continue to exercise the skills they develop from these best practices.

To learn more about Dwell time and how to reduce it in your environment watch this video.