Today ’ s Endpoint Protection ( EPP ) solutions from top security vendors as a whole have gotten really good . Compared with the past , modern EPP tools now stop more malware and more diverse threat types than ever before . Better vendors have incorporated Artificial Intelligence ( AI ), Machine Learning ( ML ) and adaptive heuristics that go far beyond the static and easily circumvented “ virus definition files ” of the past .
Pre-execution detection , on-execution blocking and even post-execution termination are now common capabilities of top EPP products . On balance there are fewer false-positive alerts , faster and more accurate detections and better explanations concerning what was detected and why . But EPP as a product category has fundamental limitations that every security leader should bear in mind . When everything is on the line for your business , you can ’ t lose sight of what goes unseen by Endpoint Protection tools .
Where Endpoint Protection Comes Up Short
Breach prevention via detection and blocking at the very start of every attack would seem to be the ideal state that any InfoSec team would want to achieve , but history dating back to the first computer viruses in the mid-1980s proves that this is an elusive goal . Prevention has never been 100 % and “ perfect security ” will realistically never be achieved . Fileless attacks and browser exploits offer no files to block and many advanced multistage , multi-vector attacks simply unfold in a way that makes them exceptionally difficult if not impossible to prevent . x