0Pricing
Cyber Security Academy · Lesson

SOC Metrics: MTTD and MTTR

Measuring detection and response speed.

Why Metrics Matter

A SOC without metrics is flying blind. Metrics tell you whether the team is detecting threats faster, responding quicker, and improving over time.

The two headline metrics are MTTD (Mean Time To Detect) and MTTR (Mean Time To Respond/Resolve). They quantify the two most important questions: How fast do we see threats, and how fast do we stop them?

Mean Time To Detect (MTTD)

MTTD measures the average time between when an attack begins and when the SOC detects it.

A low MTTD means attackers have less dwell time inside the environment. Every hour of undetected access lets an attacker move laterally, escalate privileges, and stage data for exfiltration.

Reducing MTTD usually means better detection coverage, tuned rules, and richer telemetry.

All lessons in this course

  1. The SOC and Its Tiers
  2. Alert Triage Workflow
  3. Playbooks and Ticketing
  4. SOC Metrics: MTTD and MTTR
← Back to Cyber Security Academy