I think it's unacceptable for a business to be told "It's literally impossible to know what is being communicated outbound from your endpoint. We can only do heuristics."
Hot take. I mean, with TLS decryption, the company does control the endpoint, or at least what the endpoint trusts on a network layer. But people here are crying about that.
Better to monitor all devices for unusual network behaviour, and monitor the endpoints themselves with antivirus.