Endpoint protection & misconceptions
#1 – Agentless is not really agentless
While it’s true that with agentless products you don’t install the vendor’s components on the endpoint itself, the vendor’s server still utilizes existing OS functionality and built-in “agent” to perform the security tasks that are usually implemented in a dedicated agent. This means that the endpoint’s resources are still used yet there are issues and limitations surrounding agentless products.
#2 – Agentless products sufficiently secure the endpoint
“Things you see from here, you can’t see from there” is more than true when thinking about agentless products since they are limited in many functionalities and capabilities that are only available from the endpoint itself, from running in kernel mode and manipulating processes’ execution in real-time to preventing sophisticated and evasive attacks before they actually damage the endpoint.
#3 – EDRs/NGAMs are the best solution to protecting endpoints
We’ve already covered in the past the problems that machine learning and AI based products face and why they won’t be solved anytime soon so next-gen anti-malware products aren’t immune to failures and won’t necessarily provide the cover endpoints need. Since EDRs usually hide a NGAM or (even worse) signature-based antivirus engine behind them so they suffers from similar issues. EDRs are considered post-infection tool so they might help understand what happened, but not necessarily prevent it in the first place.
#4 – Deploying an(other) agent is a pain/impossible
One of the biggest issues with endpoint protection remains the deployment. The reason is that most products are heavy, complex and contain dozens & hundreds of components that increase the chances of failures, crashes and in worse cases, completely destroy the machine (I “fondly” remember spending more than a week reconstructing a complex debugging environment due to a very destructive deployment…), though it’s not the case with certain vendors and solutions.
#5 – Big/Known vendors provide enough coverage/protection
A Symantec VP already said that the AV is dead back in 2014, others admitted AVs detect poorly and there’s a reason big vendors buy or cooperate with small, innovative vendors. More so, the industry is beginning to understand the need to shift focus to prevention (which Deceptive Bytes has been doing since day one)
If you’d like to learn more about Deceptive Bytes and how we help organizations prevent advanced threats, just contact us or request a demo
{je_post_disclaimer}
Don’t Miss a Thing
Sign up today and we’ll send an email when new posts come out.
We collect and use this information in accordance with our privacy policy.
Related content

Winning the Cyber War Preventing Ransomware with Deceptive Solutions
Hen Lamay
10/07/2025
Receive high-fidelity alerts as threats are forced to uncover their presence when checking the environment prior to...

Operation Midnight Hammer: Mastering Deception in Warfare and Cybersecurity
Hen Lamay
26/06/2025
Receive high-fidelity alerts as threats are forced to uncover their presence when checking the environment prior to...

Deceptive Bytes mentioned in Gartner’s research on Top Use Cases in Preemptive Cyber Defense
Avi Lamay
18/11/2024
Receive high-fidelity alerts as threats are forced to uncover their presence when checking the environment prior to...
