Any security Product out-of-box will not give you best security..
Use other features of SEP..like Application and Device control,Firewall and IPS.
Use the best practise documents and design the rules according to your requirement.
If will block Unwanted traffic/Programs in your network.
Still you cannot be 100% secure
User Awareness is also very necessary 6 out 10 sites are infected..So the users should be aware that in office they do not open suspicious websites which they are not aware of and keep their AV up to date.