This first-of-its-kind study examines data from more than 1,600 FireEye network and email appliances in real-world settings. The FireEye devices were part of more than 1,200 "proof-of-value" trials in actual deployments, where they sat behind other defensive layers but were not set to block malicious activity. That unique vantage point revealed a deeply flawed defense-in-depth model.
Key findings include:
- Nearly all (97 percent) organizations had been breached, meaning at least one attacker had bypassed all layers of their defense-in-depth architecture.
- More than a fourth of all organizations experienced events known to be consistent with tools and tactics used by advanced persistent threat (APT) actors.
- Three-fourths of organizations had active command-and-control communications, indicating that attackers had control of the breached systems and were possibly already receiving data from them.
- Even after an organization was breached, attackers attempted to compromise the typical organization more than once per week (1.59) on average.