A recent study of organizations with "defense in depth" architecture reports that nearly all showed signs of at least one attacker bypassing all layers of security, which led to comparisons in the report between current security designs and the failed French pre-WWII Maginot Line defense plan.
The results are stunning and led to this statement early in the report, "it doesn't matter what types of firewall, intrusion prevention system (IPS), Web gateway, sandbox and endpoint systems make up organizations' Maginot Line (Security); attackers are circumventing them all."
The Study
The report was released this week by security appliance vendor FireEye and includes data gathered and analyzed by Mandiant, the security-consulting wing of FireEye. The study covered data from more than 1600 networks over the six-month period between October 2013 and March 2014. The data was gathered and analyzed by network and email monitoring appliances, which were placed on corporate and educational networks as part of FireEye's "proof of value" trial services.
Each of the trail systems were considered to be hardened networks with "defense in depth" architecture, which is security systems that include firewalls, intrusion detection and prevention systems, as well as antivirus software.
The Results
The results of the study are shocking when considering the interest in privacy and security following the NSA revelations of last year.
According to the report, 97% of all studied networks showed some level of breech despite their "defense in depth" architecture. To make matters worse, nearly 75% of the organizations tested had active command-and-control communications, indicating that external forces had control of the breeched system and were possibly even receiving data already.
However, this should not be considered a static threat, as attacks are continuing and evolving. Included within the report was data detailing that more than 25% of the recorded breeches were perpetrated by organized networks or state-sponsored groups labeled as "advanced persistent threat (APT) actors" by FireEye and Mandiant and that breeched systems received 1.6 attempted new attacks each week after the first successful violation.