Cybersecurity In-Depth


Cisco's Helen Patton on the Security Outcomes Study

The latest installment of Edge Chats steps through the Security Outcomes Study and the activities that security practitioners believe lead to positive results with a security program.

There is often a tendency to assume that security problems can be solved by technology, but in actuality, the solutions require balancing people, process, and tools. In this latest Edge Chat, Helen Patton, advisory CISO at Cisco, talks about how security and privacy professionals can see incremental improvement in their organization's security by paying attention to one of the components. "If you had two of those things, or if you had all three...really, it added together for a much better outcome," Patton says.

That was just one of the findings out of Cisco's latest Security Outcomes Study.

The Cisco Security Outcomes Study is a global survey of more than 5,000 security and privacy professionals in 27 different markets about the kind of activities that lead to positive security results -- the "outcomes." The goal of the survey was to understand what activities lead to positive results coming out of security programs. Examples include enabling the business, being efficient, and managing risk.

The survey also found that organizations with a well-maintained integrated technology stack, typically found it easier to perform other security activities, such as incident response, threat detection, disaster recovery, and business continuity. A good security program "is very dependent on the quality of your technology stack," Patton says. 

Most organizations can't do a rip-and-replace to get the technology stack to support the security program. Instead, they should take a risk-based approach and first roll out the components that give visibility across the technology stack and business processes, Patton says. Once there is visibility, then the security team can focus on areas such as threat intelligence and business continuity planning.

"It is more a matter of just continuing to do a technology refresh on whatever schedule you have," Patton says.  "When those things [technology refresh] do occur, making sure that you're replacing things with integrated cloud-based technology security solutions that will give you that ability to detect and respond really quickly."