Security Metrics That Matter

Category: Concepts & Methodology

Why Traditional Metrics Fall Short

Security teams measure reaction speed: MTTD (Mean Time to Detect), MTTR (Mean Time to Respond). These all assume the attack is already happening. A SOC can resolve 1,000 alerts a week and still miss the domain an attacker registered yesterday.

Malanta's New Metrics

Exposure Correlation Index (ECI)

How much of your external footprint overlaps with real adversary reconnaissance or staging? If ECI rises, attackers are seeing too much of you.

Mean Time to Preempt (MTTP)

How fast do you shut down a threat before launch? Covers takedowns, blocks, configuration fixes. Short MTTP = you move faster than the attacker.

Infrastructure Disruption Ratio (IDR)

What percentage of attacker infrastructure did you dismantle before it could be used? High IDR = attackers wasted their resources without ever reaching you.

Making It Operational

1. See your real external footprint - Know what attackers see
2. Correlate adversary signals - Remove noise, focus on what targets you
3. Track detection and preemption speed - Measure the gap between "they registered it" and "you killed it"
4. Show reduction over time - Quarter over quarter, lower ECI, faster MTTP, higher IDR

Updated on: 26/02/2026