With the raise of new generation antivirus and the swift from the all-users-in-the-office to all-users-outside-the-office we are thinking about redefine our endpoint strategy. I have been reading a lot and some people said that Ngav (crowdstrike, carbonblack, cylance) are an additional layer to a traditional antivirus, while some of these traditional av are moving to a more advanced capabilities that could be similar to the previously named (for example sophos intercept x with EDR). What is your endpoint strategy? Are you adding two layers? Does it worth it or at the moment with one shot you can cover both worlds (for example with Sophos)?