What is Your Mean Time to Inventory (MTTI)?
Do you even know what this means?
Actually, it means different things to different people, but they are all related.
The first meaning is how long does it take a hacker to identify vulnerable systems after a vulnerability is disclosed? For example, when Microsoft disclosed the Windows Print Spooler attack, how long before hackers start scanning for vulnerable systems? Palo Alto Networks said they have seen scanning start in as little as 5 minutes after a vulnerability is announced, such as in the case of a Microsoft Exchange vulnerability announcement and 15 minutes after the announcement of a remote access vulnerability in a high end consumer networking device.
Businesses often scan for vulnerabilities quarterly or even annually. For them, the MTTI is 3 to 12 months. Credit: WSJ
So, if hackers start looking for your vulnerable systems in 5-15 minutes and you don’t start looking for vulnerable systems for 3-12 months, who do you think it going to win?
Let’s say you are really good and you scan your systems monthly (rare, but some companies do this). Does that help you? It depends on how lucky your are.
Weekly is better but it is still way slower than the hackers.
Take your hacker’s 15 minutes and multiply it by 10. That is a couple of hours.
Multiply it by 100 and and that is just a few minutes longer than a day.
If you multiplied that number by a thousand then, if you scanned for vulnerabilities every single week, then you might be ahead of the game, but it depends where you are in your cycle and where the hackers are in theirs. AND IF YOU IMMEDIATELY FOLLOW UP WITH PATCHING.
And, of course, if you have multiple hackers scanning, then the hackers have the advantage.
Given the number of breaches that we hear about on a daily basis, if businesses want to get ahead of the hackers, they cannot continue to do what they have been doing.
Scanning and patching speeds need to dramatically improve.
Unless ,of course, you want to be the next victim in the news.