Is your cyber “Great Wall” really just a Maginot Line?

Perimeter defenses are more likely to end up with a great wall that looks impressive but which is easily skirted by malicious actors.

Last updated: September 15, 2025

An avatar of the author
BlueCat
Concrete coastal gun bunker with long cannon, illustrating static, fortress-style perimeter defenses like the Maginot Line
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article argues that traditional perimeter defenses are insufficient because breaches and sophisticated phishing enable attackers to operate inside networks. It advocates for increasing internal protections by monitoring internal traffic, limiting device access, and applying DNS-based security policies to detect and disrupt malware behaviors like lateral movement and command-and-control. BlueCat’s client-facing DNS security approach reframes the perimeter to a granular, inside-the-network defense that intervenes on malicious DNS activity and isolates compromised devices to reduce attack surface and operational impact.

Why are perimeter defenses like firewalls no longer enough according to the article?

The article explains that perimeter defenses assume the internet can be cleanly separated from a trusted internal network, but repeated breaches show this is not true. Sophisticated phishing can compromise individual endpoints with a single click, allowing malware to operate inside the network where perimeter controls have limited visibility. As a result, relying primarily on perimeter walls can leave organizations exposed to lateral movement and stealthy command-and-control activity that bypasses those external defenses.

How does DNS security help detect and stop malware once it is inside the network?

DNS security monitors internal DNS queries and applies security policies to identify the low-level tactics malware and malicious insiders use, such as beaconing and establishing command-and-control. Because malware almost always uses DNS to establish and maintain a foothold, a client-facing DNS system can flag suspicious queries, question their validity, and intervene before attackers reach critical assets. This focused monitoring of DNS traffic helps to root out threats that operate under the radar of traditional security stacks.

What operational changes does the article recommend for redefining the network perimeter?

The article recommends shifting attention inward by implementing tools that monitor internal traffic, restrict what devices can access, and apply DNS-based policies to isolate compromised devices. Instead of assuming a single external boundary, organizations should create granular internal perimeters that wall off affected endpoints, scrutinize their DNS activity, and limit access to critical data. These measures reduce the attack surface and enable faster intervention against the kinds of internal, damaging breaches common today.

Perimeter defenses seem to be the default for every security system. From the Great Wall of China to medieval castles to proposed “border walls”, we assume that the best defenses are those which separate “us” from “them”.

Cybersecurity is no different. Perimeter defenses continue to be the primary focus for most cybersecurity stacks. The standard assumption in all of this is that the wild, unruly internet can be separated from the fully trusted internal network.

Breach after breach has shown that this simply isn’t the case. If CISOs think they’re building a cyber Great Wall, they’re more likely to end up with the Maginot Line – a perimeter defense that looks impressive (and probably costs a lot of money), but one which is easily skirted by malicious actors.

The importance of internal network protections

Today’s cybersecurity environment requires equal (if not more) attention to what lies inside the network boundary. With phishing attacks becoming ever more sophisticated, it only takes one errant click for malware to spring up on an endpoint device. It’s important to have tools in place to monitor internal traffic and limit what devices can access, reducing the attack surface when a device is compromised.

The role of DNS

At BlueCat, we use DNS security to turn wall-based cyber defenses into more sophisticated, counter-insurgency style defenses. DNS security assumes that your network is either already breached or will be soon. Through constant monitoring and application of security policies to internal network traffic, BlueCat’s client-facing approach to DNS security helps to root out the malware which is already acting under the radar.

Lateral movement, beaconing, establishing command and control – malware almost always requires DNS to establish a foothold on the network. Malicious actors assume (correctly) that most cybersecurity administrators aren’t paying attention to DNS – they consider it “plumbing” or part of the network team’s responsibility. This is where a client-facing DNS security system pays dividends, identifying the low-level tactics of malware and insiders, intervening before they find what they’re looking for.

Redefining the network boundary

Perhaps it’s time to rethink where the cybersecurity perimeter really lies. The increasing use of DNS in malware shows that the best “perimeter” defense really lies inside the network. Being able to wall off compromised devices, question the validity of DNS queries from those devices, and apply security policies which restrict access to critical data – these create a more granular level perimeter where today’s most damaging breaches tend to occur.

Learn more about BlueCat’s DNS security systems here.

Published on: October 15, 2018

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

BlueCat and Cisco graphic stating “Get DDI data from BlueCat in Cisco Cloud Control” for AI-driven network operations
Blog

BlueCat DDI data boosts Cisco Cloud Control AI-driven operations

BlueCat’s integration with Cisco Cloud Control provides AI agents with access to trusted DDI data for network investigation and remediation.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more