Time-to-mitigation (TTM) is a metric, one of the core numbers a thorough DDoS test is built to measure. It is the elapsed time from the first malicious packet reaching the edge to the moment scrubbing fully engages and clean traffic resumes. TTM aggregates several stages: detection latency, the decision to divert, propagation of the diversion (BGP convergence or DNS TTL expiry), and the scrubbing path warming up. The entire interval is when the origin stays exposed.
Why it matters in DDoS testing
TTM is the single number that separates a stack that detects attacks from one that survives them. A test measures it directly under a controlled attack onset, then breaks it down stage by stage so the slowest contributor is visible: a long DNS TTL, slow detection thresholds, or a manual approval step in the cutover. An always-on path drives TTM toward zero at a steady-state cost.
How TTM feeds into a resilience score is covered in DDoS resilience testing.