Tyson, Chicken Rancher 🐓2d ago
Richard Bejtlich

Oh snap. My single most important cybersecurity metric deteriorated again.

In the M-Trends report for calendar year 2024, Mandiant’s global median dwell time metric worsened from 10 to 11 days. In the newest report, released today, for calendar year 2025, that metric worsened again, from 11 to 14 days.

In other words, organizations are taking even longer to detect and respond to intrusions. 10 days was already still too much, in a world where teams need to detect and contain in an hour to be effective.

I’m not a doomer. We made amazing progress since 2011, when median global dwellers time was over 400 days. But, two bad years in a row has never happened. Before last year, the metric had always improved!

It’s possible Mandiant is just dealing with ever tougher cases. I have to dig into the full report.

Mar 24 at 10:32pmWeb
Show threadJerry 🦙💝🦙2d ago
@taosecurity I know the reason cited is growing sophistication, but I wonder whether there are any specific aspects of that which are driving the increase...
Show threadRichard Bejtlich2d ago
@jerry right-o.
Show threadDave Wilburn 2d ago

@taosecurity @jerry

I wonder how much of that might also be a change in the proportion of the breaches that are destructive ransomware. Those sorts of breaches tend to bring mean-time-to-detection down because of how obvious they are to defenders once they engage in actions-on-intent, and also because the adversaries are focused on getting the job done quickly so they can switch to the next victim.