.svg)
.svg)
What metrics are important?
There can be disparities between a security tester's priority metrics regarding vulnerabilities and those of the wider organisation. So, which metrics are actually the most important?
There can sometimes be illusions in the security tester's perspective on what the important metrics are. Usually, it's things like how many high or medium risk vulnerabilities there are. However, the majority of mature organisations are really interested in mean time to detection and mean time to response over the priority level of the vulnerabilities themselves.
Looking at mean time to detection, this focuses on making sure that the time taken between the inevitable introduction of a vulnerability into a system and its detection is as small as possible. This is incredibly valuable in being able to then kick off the processes that businesses should have in place in order to triage, treat and manage vulnerabilities within that lifecycle.
This then brings us on to mean time to response, measuring the length of time between a vulnerability being acknowledged and subsequently addressed. Addressed does not necessarily mean fixed, it can mean mitigated through some compensating control or even just being accepted.
Regardless, making sure that organisations have a way of measuring whether or not they are capturing enough information, whether they have the tools, whether they have the processes, whether or not they have the technologies in order to address the detected vulnerabilities- these things remain paramount.
.svg)
Get a Free Trial From Cytix
Haven’t tried Cytix yet? Try our free trial to see how it works.
Get a Free Trial
.svg)
.svg)
Start Detecting Vulnerabilities Others Miss Today
- Detect Vulnerabilities Faster
- Patch Vulnerabilities Faster
- Be more compliant
.
28 Apr
2024
How do you understand performance over time?
.svg)
In order to get to grips with the performance of your software or product over time, you really need to be taking incremental measurements of your cybersecurity.
.
21 Apr
2024
Will there come a day where there are 0 vulnerabilities to find?
There's a growing potential for AI to remove many sources of vulnerabilities, but does that mean we're going to see a day where code is being written without any vulnerabilities being introduced into systems?
.
21 Apr
2024
How do you work out MTTR (Mean Time to Response)?
MTTR is all about looking at where you're handing your information over to the people who are responsible for fixing the vulnerabilities. Once it's handed over, the process has begun. So, we know where the timer starts, but where does it end? When have we determined that the response period is finished?
