I recently ran across an article titled \u201cCisco Report Finds Organizations Relying on Automated Cyber-Security.\u201d It got me thinking about what we are doing these days and must continue to do in this area.The report is Cisco\u2019s 2018 annual cyber security report, which showed that cyber criminals are increasingly evading security technology with encryption.\u00a0 Cisco used survey data from 3600 CISO\u2019s to complete the report. Some facts worth noting; 36 % of companies stated they rely on automation to mitigate cyber threats. According to Cisco's analysis of over 400,000 malicious binary files, approximately 70 percent made use of some form of encryption. The report stated that defender sandboxes are even being defeated.Flashback: I still remember in 1997, the OS was Windows NT 4 and the Word Concept Macro Virus damaged Normal.DOC templates or hackers simply defaced a web site, versus the advanced persistent threats now used to target and take whatever the adversary wants. \u00a0We have come a long way!Long before advanced antivirus, when I was systems admin for the Shuttle Space program, we used Microsoft SMS (Systems Management Server) to deploy a new virus signature update monthly. Can you imagine? We are now doing real-time updates! \u00a0The good news is that, during all these elevated threats, many organizations are now relying on automation, as well as machine learning and artificial intelligence, for their cyber-security operations."If you want to make use of a lot of security data quickly, you have to make use of a fair amount of automation," according to Martin Roesch, Chief Architect in the Security Business Group at Cisco. Roesch also noted that more organizations are using more products from more vendors than ever before.Regarding the use of technology to mitigate cyber threats, Ira Winkler states in his recently published book, Advanced Persistent Security:\u201cWe address the arrogance within the industry that believes that implementing advanced technologies is the best way to improve security programs.\u00a0 Rather we must look at a much higher level to carefully evaluate our business sectors place in the threat landscape and map real world threats our business will encounter considering the Protection, Detect and Respond model as it applies to the cyber kill chain.\u201dThe bottom line here is to look at the real risk to your business and its data. One size doesn\u2019t fit all. For example: We would not apply the same security controls to a public school district as we would to the NSA. Both have unique threats and one is public and one concerns national intelligence and it\u2019s not so public. Both have different assets, and each will be targeted by various groups for different reasons. \u00a0What types of systems are targeted? Devops is developing non-hardened systems fast. Among the different types of security concerns analyzed in the annual Cisco report is the issue of exposed development systems. Franc Artes, architect in the Security Business Group at Cisco, said that devops servers \u2013 including MongoDB, CouchDB, Memcache and Elasticsearch \u2013 were left wide open by organizations in 2017, enabling potential attackers to easily extract information.Cisco's 2018 report also examined the issue of cybersecurity alerts and how organizations respond to them. Cisco found that 93 percent of organizations had at least one security alert in 2017, and only 56 percent of alerts were investigated. Of the 56 alerts that were investigated, Cisco reported that only 34 percent were considered to be legitimate.Receiving alerts is one thing. Being able to detect real threats is another.A key metric that Cisco tracks for itself is the time to detection (TTD) for threats. \u201cIn 2016, Cisco reported that its annual median TTD for new threats was 14 hours. That figured improved significantly in 2017, dropping down to 4.6 hours.\u201dCisco is very focused on the time to detect malware with their technology. All of this helps Cisco improve its cloud-based systems to collect more data and learn faster, narrowing the gap between cybercriminals once again. At least for the moment.The final recommendations from Cisco\u2019s 68-page report are:Regular patching to mitigate known threatsReview and practice security response proceduresTesting restoration proceduresRegular data backups are also good security best practicesOverall, Cisco's advice is for organizations to be more prepared for security incidents before they happen with proper testing and policies.