This document discusses various endpoint security controls that organizations can leverage to protect their endpoints. It recommends that patching and secure configuration deliver significant protection while having the best cost-benefit ratio. Application whitelisting is highlighted as a way to address weaknesses in anti-malware solutions, though it can impact the user experience. USB device control and full disk encryption are also presented as methods for keeping data secure by restricting where it can be used or accessed. The document encourages organizations to evaluate which endpoint security controls are most needed based on their specific threat environment and business needs.