Re: Issues with endpoints
That sounds like a prevention idiology. The goal of the report was to highlight the fact prevention by itself doesn't work. When prevention fails, it fails 100% open. Your organiztion needs to know when prevention fails what happened, how it happened, what was taken, and how to respond and you need that information immediately, not months later in a forensics investigation.
All the layers need to exist to protect and organization: prevention, detection, deterrrance, and response. Most orgnaizations only focus on deterrance (policy) and prevention.