Customer is not seeing updates for a long time under Pattern Detection which can give a misconception that the updates are not working on CAS
There are other mechanisms that you can purchase additionally to enhance detections in your environment like Cloud Sandboxing, if you feel like On-box Sandboxing isn't enough:
Cloud Sandboxing uses static code analysis that is undetectable by malware authors and cannot be circumvented by VM-evasive behaviors. In fact, due to the years of machine learning accumulated within the technology, the more evasive a program behaves, the easier it is to identify it as a malicious file.
In addition, Cloud Sandboxing uses a behavioral analysis system that monitors files as they run, comparing the behaviors of the program to the behaviors of the billions of malicious samples Symantec has analyzed over the years. As opposed to signatures, Cloud Sandboxing employs behavioral profiles and file reputation data to accurately identify files as benign or malicious.
By performing analysis in the cloud, Symantec Cloud Sandboxing can offer more in-depth processing at a scale and speed that cannot be achieved with an on-premises deployment. You can use Cloud Sandboxing as your sole sandboxing solution, or in conjunction with Content Analysis's on-box sandboxing or other on-premise sandboxing services.