In this second report covering the post-antivirus (AV) era, we discuss how a layered approach to endpoint security can help decrease the risk of attack significantly beyond what antivirus alone can achieve. A growing number of security professionals are considering replacing their third-party AV tool with one or more alternatives to traditional blacklist-based virus protection, but nothing available today offers protection broad and deep enough to cover all potential avenues for attack on the endpoint. Security professionals must layer their security controls to reduce the endpoint attack surface to a manageable level while remaining mindful that these technologies will affect employee experience and their ability to win, serve, and retain customers.