Security study finds a few best practices can have a big impact on threat protection
Cisco Systems Inc. just released one of its largest-ever cybersecurity studies, providing a detailed view into the top five security practices proven to be most effective for organizations. Cisco claims that those adopting the top practices can propel their security programs ahead of 79% of other organizations.
“Security Outcomes Study Volume 2” not only explores key areas, but also offers actionable recommendations for cybersecurity pros. In the first volume of the study, Cisco examined 25 general security practices and tested how each practice correlates with different program-level outcomes. Cisco uncovered that across the 25 security practices it analyzed, five stood out from the rest: technology refresh, threat detection, disaster recovery, incident response and security product integration.
For the second study, Cisco and Cyentia Institute surveyed 5,123 SecOps professionals — responsible for both security and information technology operations — across dozens of industries and hundreds of organizations of all sizes from 27 countries. The respondents shared best practices for updating and integrating their security architecture, detecting and responding to threats, and dealing with disasters.
Considering 39% of security technologies used by organizations are antiquated, proactively refreshing outdated technology is at the top of the list of key security practices. Cisco’s new study found organizations with modern, consolidated, cloud-based architectures are more than twice as likely to have strong tech refresh capabilities than those using outdated, distributed, on-premises systems.
This is a problem I see accelerating over the next few years. Cloud, hybrid work, mobility and other trends have reshaped IT. Businesses cannot protect themselves by putting Band-Aids on legacy security technology that was designed for a completely different IT operating model. Businesses have modernized app development, infrastructure and the network, and they need to do so with security.
The belief that frequent upgrades help security is proven out in the survey data. Organizations that upgrade IT and security technologies quarterly are 30% better at keeping up with their business than organizations upgrading every few years. The main drivers for refreshing security technologies are vendor-led (determined by providers), proactive (based on a predetermined schedule) or reactive (in response to an incident). Nearly 66% of organizations that sync with vendor refresh cycles report strong capabilities.
The reactive approach to upgrades does put businesses at risk because it is often akin to closing the barn door after the horses have escaped. A good example of this is zero trust. In this recent SiliconANGLE post, I discussed how that technology could have minimized the damage from Log4j. Zero trust has been available for a while and companies that were proactive are likely in a better place than ones that were not.
Having well-integrated security technologies is the second most important security practice cited by the respondents. The biggest reason for integrating security technologies is to improve the efficiency of monitoring and auditing. Although automation is a less common reason for tech integration, the data shows well-integrated technologies enable better automation of security processes. In fact, integrated security technologies are seven times more likely to achieve high levels of process automation.
More than three-quarters of professionals surveyed in the study would rather buy integrated solutions than build them. Sticking with a preferred vendor is about twice as likely to achieve well-integrated security technologies as a hands-off approach. Furthermore, organizations with highly integrated systems for identifying critical assets and risks are more than 41% better at threat detection and response.
Developing threat detection and incident response capabilities are third and fourth on the top five list of key practices. According to the study’s findings, most (92%) organizations with strong people, process and technology — the “p-p-t” pinnacle — achieve advanced threat detection and response capabilities. This translates into 3.5 times greater performance for threat detection and response over organizations that lack p-p-t.
Organizations that conduct threat detection/response activities such as testing and updating, as well as proactively hunting and engaging in team exercises at least on a weekly basis, experience 30% greater performance compared with those that do them annually or less. Additionally, organizations that make extensive use of threat intelligence are nearly twice as likely to report strong detection and response capabilities compared to those with lower usage.
Modern architectures offer many benefits to cybersecurity programs, which is why investing in threat detection capabilities is extremely important. Specifically, zero trust and secure access service edge or SASE technologies provide the capabilities organizations need for more robust detection and incident response. Organizations with mature implementations of zero trust or SASE are approximately 35% more likely to report strong SecOps than those with undeveloped implementations.
Cisco recommends organizations look for cloud-based security solutions and ensure their purchasing decisions include tech integration capabilities. On top of that, organizations cannot overlook p-p-t. The combination of all three will help them achieve superior threat detection and response. Choosing the best-skilled people for SecOps, or using automation if employing highly-skilled professionals isn’t possible, is crucial. Although the report’s finding show the value of certain technologies, they should run in unison, not separately from other security functions, to ensure business continuity.
One could look at the Cisco recommendations as a bit self-serving, but both are things I have advocated for some time. With businesses become more distributed, on-premises security technology is very difficult to scale up, particularly to home workers. The cloud lets businesses deliver corporate grade security everywhere, including to home workers.
The acceptance of integrated systems is growing and it’s not just Cisco pushing that concept. Palo Alto Networks Inc. and Fortinet Inc. have both aggressively expanded their portfolios to provide security platforms. Security pros should be looking at security buying now as “best of suite” versus “best of breed” and make a platform decision.
Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this column for SiliconANGLE.
Image: FLY:D/Unsplash
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU