Every device that connects to a network creates a security risk. There are many forms of defenses designed to protect these endpoints including anti-virus, firewalls, HIPS, endpoint detection and response (EDR), and other forms of access control. Most of these solutions require installed agents to manage authorizations and authentication, track device activities, and detect and remove viruses and malware. Despite the efforts applied to endpoint protection and EDR solutions, it is inherently insufficient. Even if you could find every endpoint, manage every agent, and keep every device consistently patched, there are fundamentally too many attack vectors to keep up with.