Security experts say organisations should use decepetion and decoy data in efforts to kick attackers out of corporate networks.
The vendor-based security professionals said attackers spent big money on maintaining a foothold within networks.
"If you're Google, it doesn't matter how fast you run, the bear wants you," said nCircle chief research officer Tim Keanini.
Mandiant CSO Richard Bejtlich said attackers invested a lot of resources into evading detection once networks were invaded.
"Once they're in your enterprise, they have to be perfectly stealthy," he said. "But that's predicated on someone looking for them."
Bejtlich likened the challenge of spotting attackers to physically defending a bank. The SWAT team doesn't guard the doors each day, but if there's a robbery, they're the ones coming for the crooks.
"You should apply even more pressure once they're in," he said. "They can break in all day long, but if you can catch them and kick them out, that makes it very difficult for them."
The panel suggested taking "active defense" measures that includes deception and decoy data, or "breaking" the hackers' automation – such as inserting delays into scripts they are using – so they can't perform their activities with ease, said Christopher Hoff, chief security architect at Juniper Networks.
The goal was to make a corporate network too expensive to attack.