Mean Time To Detect (MTTD)

15th December 2021 | Cybrary

Mean Time To Detect (MTTD), also known as Mean Time To Identify (MTTI), is one of the main key performance indicators in Incident Management. MTTD refers to the mean (average) amount of time it takes for the organization to discover or detect an incident. The MTTD formula is shown below:

MTTD formula

A shorter MTTD means that users suffer from IT disruptions for less time than with a longer MTTD. Incident detection can come from people, such as end-users reporting a software outage, or from systems monitoring and management tools. Generally, IT organizations strive to detect an issue before an end-user does, to minimize the disruption it causes, but this is not always possible. The beginning of an issue should be recorded by affected IT equipment and the software programs that run on it. For example, a security intrusion could be tracked to a password entered on the breached system at a specific time. The MTTD KPI can help show if IT monitoring technologies collect sufficient data and cover the probable sources of incidents.

What does this mean for an SMB?

SMBs should strive to have the lowest possible MTTD, the best way to do this is to have strong cybersecurity measures in place. In order to stay secure, your company needs to take proactive measures to reduce its chances of being compromised by cyberattacks. CyberHoot recommends the following best practices to avoid, prepare for, and prevent damage from these attacks:

Adopt two-factor authentication on all critical Internet-accessible services
Adopt a password manager for better personal/work password hygiene, to house unique 14+ character passwords for every account
Require Governance Policies (WISP, Password, Acceptable Use, Information Handling, Incident Response, and VAMP)
Follow a 3-2-1 backup method for all critical and sensitive data
Train employees on cybersecurity skills they need such as strong password hygiene and how to spot and avoid phishing attacks
Test that employees can spot and avoid phishing emails by testing them
Document and test Business Continuity Disaster Recovery (BCDR) plans
Perform a risk assessment every two to three years

Start building your robust, defense-in-depth cybersecurity plan at CyberHoot.

To learn more about the Incident Response Process and Policy, watch this short video:

Sources:

TechTarget

BMC

SentinelOne

Additional Reading:

SaaS Solution Risks and Challenges

Vulnerability Scanning

CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:

Blog
Cybrary (Cyber Library)
Infographics
Newsletters
Press Releases
Instructional Videos (HowTo) – very helpful for our SuperUsers!

Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.