We can say, “Oh, there’s no damage done.” It’s like a honeypot and then we mitigate the damage. The idea is to don’t rely on the firewall, intranet, or anything, but instead verify each access as if assume breach, assuming each component has already been breached.