This first-of-its-kind study examines data from more than 1,600 FireEye network and email appliances in real-world settings. The FireEye devices were part of more than 1,200 “proof-of-value” trials in actual deployments, where they sat behind other defensive layers but were not set to block malicious activity. That unique vantage point revealed a deeply flawed defense-in-depth model.

The study gets its title from France’s famed Maginot Line — the technically impressive 940-mile border defense that Germany simply bypassed with a novel blitzkrieg style of warfare. Like the Maginot Line, today’s cyber defenses are fast becoming a relic in today’s threat landscape. Organizations spend billions of dollars every year on IT security. But attackers are easily outflanking these defenses with clever, fast-moving attacks.

Key findings include:

  • Nearly all (97 percent) organizations had been breached, meaning at least one attacker had bypassed all layers of their defense-in-depth architecture.
  • More than a fourth of all organizations experienced events known to be consistent with tools and tactics used by advanced persistent threat (APT) actors.
  • Three-fourths of organizations had active command-and-control communications, indicating that attackers had control of the breached systems and were possibly already receiving data from them.
  • Even after an organization was breached, attackers attempted to compromise the typical organization more than once per week (1.59) on average. 

Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model 

Complimentary Report


Just how (in)effective are today’s defense-in-depth deployments? Unfortunately, industry testing bodies offer little help for organizations looking to assess their defenses. Controlled laboratory settings rely on samples of known threats and assumptions about cyber attacks, which may be outdated or incomplete. They cannot replicate the unpredictable, constantly evolving nature of real-world attacks.

The only true test of a product is in a real-world setting. That is precisely what this report provides. In this report, we present a first-of-its-kind analysis of real-world data from more than 1,217 organizations in 65 countries across more than 20 industries. It reveals a defense-in-depth security architecture that is deeply flawed.

1 Gartner Says Worldwide Security Market to Grow 8.7 Percent in 2013,” Gartner press release, June 11 2013.

Download the Report

© 2018 FireEye, Inc. All rights reserved. Privacy Policy. FireEye on Facebook    FireEye on Twitter    FireEye on LinkedIn    FireEye Blog: Malware Intelligence Lab