Where does traditional threat detection have gaps?
Attackers have access to the same detection technology that you use! They test against off-the-shelf detection tools, building evasive attacks that bypass your defenses.
Threats get through your current detection and prevention stack. A key reason that malicious activity is missed is that threat detection solutions are “point-in-time” and can only detect the state of an object or action at a specific instant — when the file is written or an executable is run, for example. The knowledge needed to detect new attacks is often not available at a specific time of inspection.
Third-party exposures may be opaque. Developers of software used by vendors in your supply-chain do not reveal all the elements of their software, so even publicly-known vulnerabilities may not be apparent without deeper investigation.
Current threat analysis processes rely on humans under time constraints who will occasionally misjudge. Current processes do not support revisiting prior judgments.
The actual files – the essential telemetry details – are lost. By the time you discover you have missed an attack, the malware has been able to clean itself up and cover its tracks.