When security experts talk about modern cybersecurity strategy and the real results of cyberattacks, they often talk about dwell time. But this metric, which has become all-important, sometimes takes a backseat to analysis about cost – although it really shouldn’t.
Dwell time represents the number of days that a threat “lives” in a system before detection or ultimate remediation (the latter benchmark is often used, as in this definition from Armor Defense Inc.) It’s the amount of time a cyberattack careens around like a pinball in a system before it is neutralized. And it’s a big indicator in terms of the effect of security vulnerabilities.
Last year, the Ponemon Institute, in a study backed by Arbor Networks, measured the average dwell time for attacks in key industries. Ponemon is a big name in enterprise data and trend analysis, and its findings on dwell time are still very relevant to what’s going on in the business world right now.
A summary of the study shows that analysts found that the average dwell time for surveyed attacks, the average number of days that a threat stayed latent before discovery and eradication, was 98 days for financial services firms, and 197 days for retailers. These numbers were immediately followed by statistics on company efforts to circle the wagons and, eventually, to reduce that dwell time statistic.
“The big takeaway from our research is that more investment is needed in both security operations staff and in security tools, which can help companies efficiently and accurately detect and respond to security incidents.” Dr. Larry Ponemon, the Institute’s Chair and Founder, said in a study report. “The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable.”
Those types of testimony are only part of what has motivated leaders in the enterprise cybersecurity world to undertake dramatic new efforts to create network protection tools in the last year or so; most business leaders have an instinctual understanding of the necessity, just by looking around at the state of the business world. In a rapidly innovating world, security remains one of the biggest obstacles to advancement.
Dwell Time and Cost
Although Ponemon has not released similar dwell time studies in 2016, a newer study, the 2016 Cost of Data Breach report (undertaken with IBM Security) shows business audiences what a data breach might cost – and the numbers seem to show a link between that cost, and the dwell time attached to the threat. This piece from Guardicore shows off some of the corresponding data points nicely – for instance, Ponemon found that above a key 100-day marker, data breach costs nearly doubled (specifically, increased by about 72%). The piece also breaks down some of the arguments for the correlation between longer dwell times and more damage. For instance, by resolving issues quickly, a company keeps things out of the press, and by cutting off access early, firms limit the number of records compromised.
Reducing Dwell Time – And Much More
SentinelOne’s pre-emptive threat resolution models do more than just cut down on dwell time through early detection – in many cases, they eliminate the threat altogether, whether that’s by identifying new Trojan viruses, alerting clients to suspicious behaviors around a network node, or spotting a likely attacker by identity.
Through sophisticated machine learning algorithms and precision models, SentinelOne takes security beyond the perimeter for robust network analysis and a thick, multi-layered defense against hackers and cyberthieves – and this kind of resource is worth its weight in gold in a business environment where everything that a company works hard for can be lost in a blitzkrieg of illegitimate network activity. Consider how these types of segmented and multi-channel network defense can help executives and others to rest easy and move forward confidently in the always-connected digital age.
Learn more about what’s happening in the financial industry with our latest whitepaper, “Financials Institutions Must Adopt Advanced Protection – or Lose Billions.”