What is the first thing that comes to your mind when you hear the words “tech refresh?”
For example, do you think about an antiquated technology that is not integrated needing a fresh lease of life? Or is it just getting new technology to solve a problem that the predecessor failed at solving? Or is it part of a much larger attempt to transform security to become an enabler for business transformation? Answering this simple question could take many possible directions -it really depends on who you ask.
If you ask a member of your Security Operations Center (SOC), they may see a tech refresh as a shift in capabilities, an advancement of existing technology. They may also see it as the introduction of an entirely new way to address an emergent or existing problem. No matter what the approach is for a tech refresh, it must concur with the larger initiatives in an organization–building greater agility by moving to the cloud, supporting work from anywhere, streamlining interactions with customers, partners, suppliers. If today’s solutions can’t deliver on these needs—your security strategy needs a paradigm shift. A smart tech refresh should help accelerate your business and protect your future. Not only should it create bridges for your solutions to work together, but also help you take advantage of the investments you have today and will make tomorrow.
In the SOC, the most important focus areas revolve around visibility, detection, and response. When viewing a product, one has to consider the function of that product. Is it reporting that something bad is happening, or is it something that will help me respond to bad situations? Most importantly, of course, is integration. The mark of a great product is one that leapfrogs your security to new heights. Would you rather have fewer “bells and whistles” in a product if it integrates more smoothly with your existing setup?
In the Cisco 2020 Security Outcomes Study report, 4,800 respondents were asked for their views about these questions. When looking at integration, 10.5% of the respondents rated that as the second leading indicator of success.
From the chart above, “Proactive tech refresh” is the top indicator of success. A recurring theme in the report’s statistics shows that proactive tech refresh, well-integrated tech, timely incident response, and prompt disaster recovery significantly contribute to nearly every outcome.
Considering Integrations as a critical component of your tech refresh comes in more than one form. It can be the introduction of an entirely new product or building bridges within your existing environment. One of the greatest advantages of smooth integration is that it simplifies the SOC team’s overall experience and maximizing the value of the technology. This is also an advantage to the business side; the sunk cost of the original technology is not entirely thrown away. It starts to become evident that proactively refreshing technology and a well-integrated technology stack will make or break the success of a security program.
To effectively adopt these practices, one needs a platform that can simplify adoption and integration of new tech, as well as delivering outcomes such as visibility, simplicity, and efficiency to simultaneously drive stronger security outcomes. At Cisco we’ve engineered a head-start for you with our SecureX platform. By integrating both Cisco and third-party technologies, Cisco SecureX ensures that it will fit in with the journey and vision for your security program.
When boiled down to its essence, InfoSec is all about risk mitigation, and risk is based on probability and impact. The biggest challenge is that we can only derive metrics from past incidents, as we do not know what the adversary is thinking. One could liken it to a game of chess, where all the pieces are visible on the board, but one never knows what the opponent is going to do. There are so many variables at play, however, that does not make the task insurmountable, as past metrics play an important role in the ability to detect and respond to current, or future events. This is where the art of security ochestration resides. Can this “art” be automated?
Yes, in some areas, the analyst’s art can certainly be automated. The various steps required to implement security controls from the endpoint to the cloud can be merged into an “orchestration of actions” that adds speed and efficiency to what once was a manual act, sometimes requiring more than one person to accomplish. This allows you to get off the hamster wheel of repetitive tasks and allows you to maximize your productivity. With SecureX, you can build playbooks to run time/trigger-based automated workflows that allow you to define the Service Level Agreement. You can automate critical security workflows that free up your teams across the full lifecycle to go from discovering an alert, to taking a response action quickly. And by moving faster with enhanced collaboration, the analyst can now use the time more effectively.
When addressing incident response, again, the respondents indicated similar priorities for success: Proactive tech refresh, prompt recovery, and well-integrated tech appearing at, or near the top of the list.
The SOC is a busy, and oftentimes, stressful place. Actions that take place to protect an organization require quick thinking, as well as quick actions. The information in the Cisco 2020 Security Outcomes Study report indicate that there is more involved with success than just slapping together a disparate group of products that are not well integrated. This lack of vision serves to slow an operation, rather than adding efficiency. With an integrated platform, you can unify your security, simplify your operations, and maximize the potential of each of your solutions.
To explore how organizations in different countries and regions are successfully achieving each security outcome, visit cisco.com/go/SecurityOutcomes
As you contemplate your next technology purchase, or are looking to establish a more consistent refresh cycle, consider looking at integration as a key element for your security strategy. Every decision brings you one step closer to getting meaningful visibility and enhancing efficiency through automation. It should help you realize desired outcomes while lowering overhead.
We at Cisco believe that making technology work together should not be a constant struggle that requires hard-to-find expertise. With an ecosystem of over 170 third-party technology integrations, SecureX is a cloud-native, built-in platform experience within our Cisco Secure portfolio. When connected to your infrastructure, SecureX is integrated and open for simplicity, unified in one location for visibility, and maximized for operational efficiency. This combination of features secures your network, users, endpoints, cloud edge, and applications. It radically reduces the dwell time and human-powered tasks involved with detecting, investigating, and remediating threats to counter attacks or securing access and managing policy to stay compliant.
“SecureX will not only work with your Cisco products, you can also put different kinds of feeds in it. If you have a different kind of firewall, if you have a different kind of antivirus, you can get the same intel within the same dashboard. You don’t need to have just Cisco products. You can have a Cisco product and you can have other products and still use the dashboard to put everything together.” – IT Central Station
The SecureX platform experience allows you build the integrations needed to simplify your architectures and create an almost plug-and-play setup that lets you adopt future innovations, whether it is on account of a net-new need, or your organization adopting a proactive tech refresh strategy. Cisco is not just saving practitioners time spent on integrating new technologies but enabling your team to build workflows spanning your infrastructure (Cisco or not), that advance your security maturity.
Today, 10,000 organizations globally are placing their trust in Cisco’s platform approach to security banking on building blocks like SecureX threat response. And the on-going improvements and validation for our cloud-native platform approach with analytics and automation built in is why we already deliver the industry’s broadest Extended Detection and Response (XDR) approach. For more information visit our SecureX page for the latest updates.