Mean time to contain (MTTC) is a metric security teams can use to assess the effectiveness of their tools and practices. It measures the amount of time taken to detect, analyze and contain a security incident. According to Nemertes Research, an enterprise is considered successful if its MTTC is 20 minutes or less. Yet according to IBM’s 2020 “Cost of a Data Breach Report,” the average MTTC for a breach is 280 days — far longer than an efficient 20 minutes.
The takeaway? Threat detection and response needs an update.
Enter observability, where advanced technology stacks deliver improved context of a system’s internal states based on its external outputs. In the context of security, observability tools not only capture and process events and report on incidents across local networks and cloud environments, but also use metrics and technologies to explain why an incident occurred and what resources are at risk.
The concept of observability may sound a lot like visibility and seem to overlap with monitoring. Security teams need to consider the differences among the three approaches as well as the benefits of security observability that make it a strong contender for inclusion in cybersecurity toolboxes.
In this handbook, learn how security observability tools can improve incident detection and response times — and perhaps lower MTTC metrics once and for all. Start by uncovering the differences among observability, monitoring and observability. Then read up on the elements of cloud observability, from control plane observability to container observability. And finally, explore how security observability is achieved, how to decide whether to invest in it and how to deploy and get the most from a security observability tool — purchased or homegrown.
Observability has been called the next big thing in threat detection and response. See how it could benefit your organization.