There's no such thing as infallible security, and preventing every single security breach is impossible.
But when a breach does happen, the steps an organization takes next will largely determine the damage they suffer, and how the business recovers. A security team's first reaction is often to move to eject the attackers. But is that always the right strategy? Especially when it comes to advanced threats, there is a case for biding your time, and gathering intelligence.