You've heard of the Defender's Dillema: "Defenders have to get it right every time. Attackers only have to get it right once."
Did you know this is a lie?
I think it was @Soinull who created the idea of the Attacker's Dilemma: defenders have many chances to defend across the entire kill chain. To be successful, attackers have to evade all the defenses in their chosen chain.
The Defender's Dilemma really only makes sense if you think of an "attack" as a single atomic thing, which of course it is not. Attacking a complex system will always be easier than defending it. The key to defender success is exploiting the home ground advantage.
Forget the Defender's Dilemma and recognize that we have a lot of chances to succeed. We may not have the resources to take them all, but by choosing wisely, we can make an attacker's job MUCH harder while giving ourselves the best chance of success.
How do they get to their goal and exfiltrate their target without tripping a single one of our detection ‘landmines’?
1. Focus on the criminal’s activities rather than the tools and exploits
2. Use the attacker’s needs and techniques against them
3. Balance prevention, detection, and response appropriately
4. Invest in your people over your tools