One of the client has asked me if i would be paying for such a expensive license for MX which is Advance Security License. Does it mean i can have Machine without antivirus behind MX. Becasue Advance license does has AMP.
Endpoint AV and gateway security are complementary technologies, they are two layers of defense, not meant to substitute for each other.
As an example:
You need an endpoint AV because it’s easy to hide traffic from a network gateway. For example, if a virus uses a password protected ZIP file (or encryption) to download its payload, or even HTTPS , a gateway cannot detect that threat, but an endpoint AV can easily see the infected file as it’s being unpacked.
And an endpoint AV is potentially weak because a virus running on the endpoint can attempt to disable the endpoint AV, but because such a virus does not compromise your MX, it cannot disable protection on the MX.
Amen to what these two gentlemen said! Never ever try to concentrate on one single solution when it comes down to security. This is completely going to fail big time, hopefully the reasons already mentioned are already enough.