Drive Vulnerability Management Success with MTTR and MTTD Tracking

Automate KPI Tracking with Gutsy

Jacob Graves | August 5, 2024

Managing vulnerability management programs can be hard, even in the simplest environments. In today’s cloud native world, you often have multiple overlapping vulnerability management tools to detect across an ever changing cloud environment. The old adage says “You can’t manage what you can’t measure,” but what should you be measuring? And how can you have one consistent source of measurement when you have many varied sources of data across your teams?

Gutsy now provides automated KPI tracking for your vulnerability management programs, giving you out-of-the-box measurements for the most common KPIs for today’s vulnerability management teams. Next we’ll look at some of the most important metrics to help VM leaders get the most out of their teams and tools.

Automate KPIs to reduce MTTR and MTTD

Mean Time to Detect

One key indicator of performance in vulnerability management is “mean time to detect,” or MTTD. This is the amount of time that it takes to identify the presence of a vulnerability in your environment.

Gutsy automatically computes MTTD across your estate according to the tool that identified the vulnerability first. This is especially useful for organizations with multiple overlapping tools where any of the tools could have been the first to actually detect the vulnerability.

Then, Gutsy can draw your attention to the riskiest parts of your environment where you’re taking the longest time to detect vulnerabilities.

This helps VM leaders to focus their remediation efforts on the places where they can have the greatest impact.

These are great spots to look at updating and reforming processes. Gutsy’s process explorer provides an extra layer of knowledge so that you can understand where this time is being spent and how to change the process to prevent these delays in the future.

Gutsy’s process explorer for vulnerability remediation and reduced MTTR and MTTD — Gutsy provides an extra layer of knowledge that illustrates where time is being spent, and which processes to change to prevent delays.

Mean Time to Remediate

Another indicator is “mean time to remediate,” or MTTR. This metric not only shows how efficient your vulnerability management program is, but also how long risks are allowed to live in your environment. The quicker you can remediate vulnerabilities, the less time your organization is at risk of being compromised by an attacker exploiting that vulnerability.

Gutsy pulls the data from your different tools and enriches it from sources like NVD, then continuously calculates your MTTR and reports it by criticality. Then, you can measure how your teams are adhering to their SLAs, which are generally determined by vulnerability severity.

Finally, using actions, you can create guardrails to alert teams to vulnerabilities at risk of missing these SLAs to drive your developers to follow your VM processes within your documented time frames.

Gutsy MTTR dashboard example — Dashboards clearly show where guardrails are needed to alert teams to vulnerabilities at risk of missing established SLAs.

Prioritizing SLA Violations

After you’ve looked at MTTD and MTTR, you need to understand which vulnerabilities are violating your defined SLAs. If teams have already missed their SLAs, you need a way to identify and take action on these issues. VM leaders need a simple place to measure these violations so they can drive teams to take action immediately and remove this outstanding risk from the organization’s environment.

Gutsy helps you focus on the vulnerabilities that have the greatest impact in your unique environment. This is a quick way to see what requires your urgent attention to drive teams to follow your vulnerability management processes.

We take into account not just the CVSS score, but also the reach of the vulnerability by reporting how many hosts have been affected across all the scanners in your organization. From here, you can dive deeper to get more information about the hosts and further target your response.

prioritizing SLA violations: dashboard view for vulnerability management teams — Prioritize SLA violations so you can focus on the vulnerabilities with the greatest impact to your unique environment.

Most Vulnerable Operating Systems

Understanding where your vulnerabilities are clustered helps security leaders to make informed decisions about their technical landscape. One great indicator of risk is seeing where vulnerabilities are present across your estate, regardless of what tool detected the vulnerability or where the virtual machine lives.

dashboard image — Aggregate, normalize and de-duplicate your vulnerability scan data to prioritize protecting your most vulnerable systems.

Gutsy aggregates, normalizes, and de-duplicates your vulnerability scan results to provide reliable metrics on vulnerabilities across your environments.

Vulnerability management leaders can quickly identify the riskiest operating systems in their estate, then click in to see detailed information in the Gutsy data fabric. This lets leaders drive teams to focus on the parts of their infrastructure that will benefit the most from patching and remediation.

Learn more

[Article] Artificial Intelligence can Actually Help Vulnerability Management

[eBook] Beyond Detection: Mastering Vulnerability Management with Process Mining

See a short demo