Open in app

Sign in

Write

Sign in

Dwell Time In Cyber Security

Shruti Patel
2 min readAug 19, 2020

Do you know how much time an attacker spends on information gathering about the target??……..a lot. That is why reconnaissance is the most important stage of pre-attack.

But have you ever thought that after compromising something how much time attacker spend into the target’s network before they leave or caught?? This leads us to Dwell Time.

Dwell time is the time from the point of infiltration to the point of detection.

This is a term that you’ll hear often in incident response, threat hunting, and maybe even threat intelligence.

Dwell Time represents the length of time a cyber attacker has free reign in an environment from the time they get in until they are eradicated.

Attackers spend this time to understand network, know vulnerabilities and launching exploits. Lengthy Dwell Times give attackers more opportunity to access private data and observe and record user and network behavior as well as to plant secondary malware or APTs. It is a top concern for all organizations since the issue impacts brand reputation and legal repercussions.

Research shows that attackers spend an average of 200 days inside a network before being eradicated . Imagine the damage an attacker could inflict over that period of time. If attackers can be contained in less time and subsequently have access to less enterprise surface area, they will burn through more resources to get what they want.

How it is measured??

This can only be assessed by tracing the threat back to its origin. Determine when and where the compromise came from, in addition to tracing those lateral movements. It is determined by adding Mean Time to Detect (MTTD) and Mean Time to Repair/Remediate (MTTR) and is usually measured in days. It is sometimes referred to as the breach detection gap.

How to reduce it??

The goal should be to reduce dwell time as much as possible, providing the attacker the least amount of opportunity to achieve lateral movement and remove critical data from your organization.

Steps for reducing it is given below:

1. Fundamentals security controls.

2. Thorough monitoring and Meeting the challenges

3. Alert rules

4. Incident response plans

5. Actionable Prediction of Human Behavior

6. User Awareness

Thank You……

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Dwell Time
Cybersecurity
Threat Hunting
Threat Intelligence

Shruti Patel
Shruti Patel

Written by Shruti Patel

44 Followers
15 Following

Cyber girl

Responses (1)

Write a response

What are your thoughts?

Raj Upadhyay

Aug 22, 2020

very informative article.

More from Shruti Patel

See all from Shruti Patel

Recommended from Medium

Lists

Spell AI Automation
An image by the author.
iPhone displaying the new intelligent Siri

Tech & Tools

23 stories409 saves

Medium's Huge List of Publications Accepting Submissions

414 stories4678 saves

Staff picks

827 stories1648 saves
Robot hand touching human hand

Natural Language Processing

1977 stories1620 saves
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams