Attackers are constantly tweaking their techniques to avoid detection, and many of them use valid credentials with trusted tools already installed in a network domain, making it difficult for organizations to spot core security threats early on.