Infocyte Release Notes, September 2019: Dwell Time Dashboards
This post was last updated on August 10th, 2021 at 05:59 pm
One of the key value propositions of our managed detection and response (MDR) platform and the reason why proactive cyber security has evolved as a commonplace practice is the need to control (and reduce) dwell time. Dwell time signifies the amount of time threat actors and malicious activities go undetected in an environment.
Infocyte drastically improves the security hygiene of customers and partners by providing insights into this — and other — key and impactful security performance indicators. Case in point, we recently released new dashboards give users a heads-up display of:
- Hosts/systems/servers, plus those inspected
- New vulnerabilities and risks by type
- New threats found by type
- Active assets by OS
- And more
Now, in addition to these KPIs, we’re introducing new visualization within our platform that highlights the overall Mean Dwell Time, Mean Detection Time, and Mean Response Time to identify malicious objects within an environment; as well as, highlights the trend of those KPIs over time.
Why Dwell Time Matters
Small and mid-sized businesses are having difficulty in maintaining a low Dwell Time within their environment primarily because security is not their core business. Infocyte’s Mid-Market Threat and Incident Response Report highlights that small and mid-sized business are seeing an average Dwell Time of over 460 days. This is concerning and indicates malicious activities are lingering in environments for more than a year.
These malicious items are simply lying in wait, perhaps dormant, and most certainly are leveraged by threat actors to breach the customer’s environment and inflict damage. The problem is that this key metric (Dwell Time) is not front-and-center for the customer to see and understand; therefore, how can they improve?
Key Features and Capabilities
The main Dashboard, visible upon logging into our MDR platform, now hosts a Dwell Time section that provides KPIs and trend data over a rolling 6-week period. The KPIs are:
- Mean Dwell Time
- Mean Detection Time
- Mean Response Time
Detailed Dwell Time Statistics
The Dashboard and section for Dwell Time links directly to the details page of Dwell Time and provides a visualization breaking down the Longest Dwelling Objects that are impacting your Dwell Time KPI, along with the timeline of the dwelling object. The items listed within the details page will also link directly to the object overview.
Controlling Dwell Time and Dwelling Objects
Dwell Time is directly impacted by the items identified within the Alerts section of Infocyte’s console. This ensures only identified items (non-whitelisted or items excluded by flagging) will directly impact the Dwell Time performance indicator. The customer can impact their Dwell Time in a couple of ways:
- The first method is by properly by investigating the findings, responding to the findings, and setting the threat level accordingly. As the customer (or MSSP partner) works the objects in Dwell Time, the Mean Response Time also improves.
- Another method allows customers to control Dwell Time by setting weighted flags as an exclusion technique. In some cases, objects identified by Infocyte may not be of concern to the security team and they may not want these items to impact their Dwell Time KPI. In this case, you can leverage flags to exclude the object. Flags (pre-defined or customer defined) with a weight below 8 will Exclude the object from impacting Dwell Time.
Note: Working an object within Dwell Time may not show improvements to your overall Dwell Time KPI for up to an hour after the action is taken.
Exporting the Dwell Time Object List
The Dwell Time Object List can be exported to a CSV by interacting with the export icon within the Dwell Time Details Page.
Get a Closer Look at our Dwell Time Dashboards
Request a demo to see our new Dwell Time Dashboards in action!