The threats we see on a daily basis include attacks specifically designed to skirt around traditional antivirus defences. Ransomware is a multimillion Pound industry, and before an attacker launches a ransomware campaign they confirm that the AV doesnt see their attack, and makes sure they also exploit widely used applications such as PDF readers and Web browsers.
The attackers can also buy Exploit systems with support online. So they dont need to know the technical elements before they launch.
I recently created a Demonstration video showing zero day threats against Palo Alto Networks Traps. This is an advanced endpoint protection product and in my eyes the best replacement for traditional endpoint AV. The key is not to what we know is a threat, but we must know what is good, threat and most importantly unknown. Consilium can deploy this in the traditional on-premise ESM Server as well as a managed service for smaller organisations.