Not saying that it doesn’t work, but is the cost and stress justified to use it?
In the 20 years I have supported technology and countless systems, I have had less than 20 that had malware that I knew of. Of course, there may have been more that I was unaware of. Of those systems, all of those systems were not managed, nor updated. They were just given to a user and then ignored.
Any unpatched system is going to get compromised. It is just a matter of time. All of those 20 years I religiously installed and configured antivirus systems and endpoint protection systems like Crowdstrike and others. I encouraged companies to scan on the backend, and all of the protection that could be offered was done. It was only systems that were ignored and unmanaged that caused a problem, and the majority of them were at 3 companies where there was insufficient IT management.
Now the average endpoint protection cost is $30 a year. I just did an AI query about this and averaged it. Let’s say your company has 100 users, and you spend $3000 a year protecting them. Is this a good use of money? Yes and no. Yes, you might prevent an unlikely hack, and most likely you have wasted this money.
I investigated what kind of endpoint protection that I should install on my Linux system. Do you want to guess what the result of my research was? Most Linux users don’t use an anti-virus/endpoint protection. They update their system, surf responsibly, have reasonable caution with unknown files, and so on. Now I think that the education of the users will have a more positive investment return than buying the software.
Of course but what if users don’t make good choices? Then endpoint protection is worth it right? Perhaps not. In those 20 years and less than 20 machines just for ease of conversation, reinstalling those machines was easy and took less than half an hour. So all of the money that was spent to protect them failed, and not only did they lose that money, they still had to pay to reinstall the computer to fix the issue.
I believe in defense in depth and making multiple ways to make it hard for hackers to be successful. I have to wonder however if the priorities in the company’s spending are correct. Before you buy endpoint protection, are you sure that every employee knows how to act? Even if you do buy endpoint protection, you still have to remediate and deal with the cost of the infection.
Focusing on defense for security is less helpful than focusing on behavior as proactive security.