Cisco performed a Security Outcomes Study examining 25 IT security practices and looked at how they affected security program outcomes. Of the 25 security practices, 5 stood out from the rest.
These Top 5 Security Practices are:
- Proactive Tech Refresh
- Well-Integrated Technology
- Timely Incident Response
- Accurate Threat Detection
- Prompt Disaster Recovery
Here’s a look at how your company can maximize all 5 of these key IT security practices.
1) Proactive Tech Refresh
The organization should have a proactive tech refresh strategy to stay up to date with the best available IT and security technologies. On average, 39% of security technologies used by organizations are considered outdated. Almost 13% of respondents claim that at least 8 out of 10 security tools they use are showing their age.
Newer, cloud-based architectures are much easier to refresh regularly to keep pace with the business. The outcome most strongly correlated with a proactive tech refresh strategy was enabling the security program to keep up with the demands and growth of the business. In fact, that was the strongest practice-outcome combination across the whole study.
2) Well-Integrated Technology
Security technologies should be well integrated and work effectively together. Well-integrated security technologies that work effectively with the broader IT infrastructure contribute to the likelihood of success for all program outcomes.
According to respondents, the most common motive for integrating security technologies is to improve the efficiency of monitoring and auditing. Organizations that source mainly from a single vendor double their chances of building an integrated tech stack. Integrated security technologies are 7x more likely to achieve high levels of process automation.
3) Timely Incident Response
Incident response capabilities should enable timely and effective investigation and remediation of security events. Nearly all (about 92%) of organizations with strong people, processes, and technology achieve advanced threat detection and response capabilities. That’s a 3.5x performance increase compared to SecOps programs that don’t get any of those factors right.
Organizations with internal threat detection and response teams enjoy a mean time to respond (MTTR) that’s less than half that of outsourced models (about 6 days vs. 13 days). Those with hybrid staffing models land in the middle (about 8 days), with MTTRs that aren’t quite as quick as those of internal teams but much faster than those of their mostly outsourced counterparts.
4) Accurate Threat Detection
Threat detection capabilities should provide accurate awareness of potential security events without significant blind spots. Organizations that make extensive use of threat intelligence are nearly 2x as likely to report strong detection and response capabilities compared to those with a lower level of usage.
Recurring activities that could potentially improve threat detection programs are:
- Testing and updating detection rules and use cases
- Proactively hunting for signs of malicious activity
- Engaging in red and/or purple team exercises
Organizations that conduct these activities at least once a week see a roughly 30% lift in performance levels compared to those that perform them annually or less frequently.
5) Prompt Disaster Recovery
Recovery capabilities minimize the impact security incidents have on business functions and ensure the resiliency of these functions. Organizations with board-level oversight of business continuity and disaster recovery are the most likely (11% above average) to report having strong programs.
The probability of maintaining business resilience doesn’t improve until business continuity and disaster recovery capabilities cover at least 80% of critical systems.
Organizations that regularly test their business continuity and disaster recovery capabilities in multiple ways are 2.5x more likely to maintain business resiliency. Companies that make chaos engineering a standard practice are 2x as likely to achieve high levels of resiliency.
Following the Fab 5 Security Practices
Working with the right technology partner can simplify the process of optimizing the top 5 security practices. For example, Cisco Secure is built on the principle of better security, not more. It delivers a streamlined, customer-centric approach to security that ensures it’s easy to deploy, manage, and use – and that it all works together.
As a Cisco Premier Certified Partner, Dynamix Group can work with your company to help you follow IT security best practices using leading solutions.
Find out more about how to improve your IT security practices. Reach out to Dynamix.