In its Q1-2019 Forrester Wave™ report, Forrester Research recognized FireEye as the undisputed industry leader in the Cybersecurity Incident Response Services category. Our unique synthesis of digital forensics, human intelligence (HUMINT) and a global machine learning network generates innovations such as dwell time, a critical global measure of the state of cyber security.
Dwell time is calculated as the number of days an attacker is present on a victim network, from first evidence of compromise to detection.
FireEye first introduced the concept of dwell time in the 2011 edition of its annual M-Trends report, which summarizes learnings during the year, including how adversaries have evolved, what they target, and how they attack, as well as their tools, tactics and procedures (TTPs). The report helps readers better anticipate and reduce the impact of inevitable attacks.
Dwell time is a great measure of industry progress. In 2011, the global median dwell time was 416 days. Our data indicated that the average attacker had access to a network or system for longer than a year before they were detected.
But times have changed. The global median dwell time in 2018 is 78 days, down from 101 days in 2017. Now the average attacker is going undetected on a network or system for less than three months. The reduced dwell time is evidence that organizations are continuing to improve their detection capabilities, but having an attacker in an environment for more than a month means there is room for improvement.
M-Trends 2019 is packed with more than just statistics:
For full details, read the 10th anniversary M-Trends 2019 report.
This blog was brought to you by our partner, FireEye. Don’t miss FireEye’s presentation – From Noise to Answers: Driving Outcomes With A Threat Focused Approach – on Day 1 at 3:00pm in Grandroom A.