Automation doubled the performance of security operations (SecOps) programs that lacked strong staffing resources — and this might be the key to solving the skills and talent shortage facing the industry, according to Cisco’s latest global study. 

Cisco surveyed more than 5,100 security and privacy professionals across 27 markets for its second-annual Security Outcomes Study. It also analyzed the most effective security practices identified in last year’s report more closely to find success factors.

One of the key findings in this year’s study was that security programs with both a strong team and major threat detection and response automation capabilities reported better SecOps success (more than 95%). Even for those less experienced security teams, over three-quarters of them could get robust security results through high levels of automation.

Automation is not limited to “fancy” technologies such as artificial intelligence and machine learning. Routine incident response and recovery processes also lend themselves “really well to automation,” said Wendy Nather, head of advisory CISOs at Cisco.

The more routine work organizations can automate, the more time security teams have to focus on harder challenges, she added.

In addition to automation, organizations in the study attributed better security postures to two emerging security strategies: zero trust and secure access service edge (SASE) architectures. 

Organizations that claimed to have mature zero trust and SASE implementations were 35% more likely to report strong security operations than those with nascent deployments, the study found.

To create a zero-trust environment, organizations need all of their different technology areas and operations to work together in a way that also fits into their incident response strategies, Nather said. 

Cisco surveyed 4,800 security practitioners to examine 25 general security practices and 11 different outcomes for last year's Security Outcomes Study. That survey asked respondents about practices they employ to build a successful security program and ranked these based on their strength of correlation with respondents claiming to have a highly successful security program. 

According to the results, the top five practices were proactively refreshing outdated technology, well-integrated security technologies, timely incident response, prompt disaster recovery, and investing in accurate threat detection capabilities.

“You're going to be in the top 80% if you only do those five top practices,” Nather said. 

However, organizations consider, on average, 39% of security technologies they use to be outdated. And companies are more than twice as likely to refresh cloud-based architectures than on-premises technologies, this year’s study found.

The next best practice in the top five is to integrate security capabilities. Organizations with integrated technologies were seven times more likely to achieve high levels of process automation, and they self-reported more than 40% stronger threat detection capabilities.

While respondents said they preferred to use technologies that can integrate out of the box, the study found that the reported SecOps success rate showed the opposite. “What actually worked better was for groups that worked with a single preferred vendor,” Nather said. 

These results also provided data to help Cisco focus its offerings on “the areas that are going to make the biggest difference for our customers,” she added. To this end, Cisco will keep building on its SecureX platform to offer all pre-integrated security capabilities in one platform, according to Nather.

Cisco made the platform available in 2020. SecureX integrates its network, endpoint, cloud, and application security products, as well as threat intelligence from Cisco Talos, in a cloud-native platform. The platform provides extended detection and response capabilities and integrates with Cisco's Umbrella SASE platform and its Duo zero-trust security platform. 

“Integration is a big driver for us, and especially now that we know that what really works is having integration from a single-preferred vendor,” Nather said.