APTs easily bypass your existing security tools
APTs exploit the gaps in existing security tools. Rule-based security tools - like firewalls and intrusion detection systems must know a threat before it can be detected. APTs are unknown; which means APTs can evade these tools. APTs also bypass sandboxes, infect IoT and BYOD devices; where endpoint security cannot be installed, and attack SCADA networks. Log management solutions like SIEMs are difficult to deploy, analyze events after the fact, and generate high levels of false positives. Security solutions which rely heavily on NetFlow and/or IPFIX protocols are also ineffective against APTs, because these data protocols lack sufficiently detailed network traffic metadata for effective security.