What is mean time to resolve (MTTR)?

Mean time to resolve (MTTR) is the average time it takes to resolve a cyber incident. It’s important to note that incident resolution is not the same as threat containment, especially considering how advanced persistent threats (APTs) can often avoid detection or lie dormant in systems for long periods of time, with bad actors patiently waiting for the right time to (re)emerge. 

As a first step, containment encompasses the immediate actions taken to limit the spread or impact of an incident — for example, isolated affected systems and disabling compromised accounts. Resolution, on the other hand, extends to incident investigation, forensic analysis, vulnerability assessments, and full mitigation, including system restoration. This latter process can take weeks to complete and requires advanced incident response, recovery, and often, restoration expertise.

In Netenrich

Enhanced by artificial intelligence and powered by Chronicle SecOps, Netenrich MDR helps organizations enhance their ability to detect, respond to, and mitigate cyber incidents, consequently reducing MTTR, minimizing the impact of security incidents on their business, and ensuring higher resilience in the future. 

Netenrich MDR applies advanced data engineering, detection engineering, and response engineering capabilities to facilitate faster threat detection. The service continuously monitors an organization’s infrastructure for signs of malicious, suspicious, or anomalous activity, leveraging numerous threat intelligence feeds to identify indicators of compromise (IOCs) and mapping them to the MITRE ATT&CK framework. By automating response actions through playbooks and workflows, Netenrich MDR can also help organizations contain and mitigate threats more efficiently — for example, quarantining infected systems, blocking malicious IP addresses, or applying security patches to vulnerable systems — while reducing manual effort.