Conclusion

Five days is all a knowledgeable threat actor needs to inflict considerable harm on an organization and put IT and IT Security in turmoil. Dwell Time represents a proactive security philosophy and culture that drives unified change across all security operations to achieve a common objective. Unfortunately, most organizations as well as security service providers are falling down when it comes to actually operating by this philosophy. As a consequence, estimates suggest Dwell Times for many organizations to be upwards of 191 days.

Organizations and service providers that drive toward operations centered around Dwell Time – architectures, policies and processes – have an opportunity to make meaningful enhancements to their security posture and maximize the investments made in their current security programs.

Sources Cited

1. “Ponemon Institute’s 2017 Cost of Data Breach Study – United States,” Ponemon Institute – June 13, 2017

2. “Why Dwell Time Continues to Plague Organizations,” Crowdstrike – May 10, 2017

3. “M-TRENDS®: A View From the Front Lines 2017,” Mandiant/FireEye – 2017

4. “Incident Response Automation and Orchestration,” Jon Oltsik, ESG –
September 29, 2016

5. “Cyber Dwell Time and Lateral Movement The New Cybersecurity Blueprint,” Raytheon and Websense – 2015

6. “Dwell Time: THE KEY SECURITY METRIC EVERY COMPANY FEARS,” Armor – October, 2015

7. “Using Metrics to Mature Incident Response Capabilities,” Mandiant/FireEye –
April 9, 2014