This isn't so much a conclusion as a battering ram: conventional antivirus clients don't have a hope of spotting such malware because they are designed to look files not traffic.
In an age of targeted malware, lethality becomes harder to assess. So six antivirus clients didn't detect over 26,000 samples reckoned by Palto Alto to be malware, but how many of these were serious as opposed to merely a risky nuisance?
The firm's view seems to be that if security managers have to devote too much time to spotting and remediating common malware they will be drained of resources for detecting the smaller number of extremely serious threats.
"It's not enough to simply detect malware out there that is evading traditional security. Enterprises should come to expect more comprehensive prevention from their vendors," said Palo Alto''s senior research analyst, Wade Williamson.
"That's what the Modern Malware Review is signaling - analysing undetected malware in real networks has enabled us to arm IT security teams with actionable information for reducing their exposure against threats they might have otherwise missed."
Sign up for CIO Asia eNewsletters.