Optiv Cybersecurity Dictionary

What is Dwell Time?

Dwell time represents the length of time a cyberattacker has free reign in an environment, from the time they get in until they are eradicated.


Dwell time is determined by adding mean time to detect (MTTD) and mean time to repair/remediate (MTTR), and is usually measured in days. It's sometimes referred to as the "breach detection gap."


Lengthy dwell times give attackers more opportunity to access private data and siphon funds. It also helps them observe and record user and network behavior, as well as plant secondary malware or APTs. This is a top concern for all organizations, since the issue impacts brand reputation and may have legal repercussions.

Contact Us