MTTD (Mean Time to Detect) indicates how long it takes on average to discover a security incident. The clock starts when the incident actually occurs and stops when your monitoring, SIEM, or other detection mechanisms identify it. Industry reports show that many organizations have an MTTD exceeding 200 days. The shorter the MTTD, the less damage an attacker can cause, since they have less time to spread through the network and exfiltrate data. Automated detection rules, threat intelligence feeds, and regular log analysis are the most effective levers for reducing MTTD.