I agree with Stephen, but also would like to add that I think it's important to evaluate which attack vectors the solution will block. Oftentimes I see people do testing with only known malware samples. One should test with known samples, unknown malware 0days, as well as…