When are "point-in-time detection technologies" considered useless?
A. after the attacker has compromised the Internet-facing firewall appliance
B. when a malicious file is not caught, or is self-morphing after entering the environment
C. when the IPS appliance detects an anomaly.
D. when forensics are performed on the malicious payload to ascertain its origin and attack behaviors
