I wouldn't call it BS per se, but it's primarily incremental improvement in easy to deploy tech, eg FireEye, Cylance, etc. There's little adoption of things that could provide a real barrier in the long term (application whitelisting, U2F/FIDO) because they impact the business.
No-one has a great answer to application security, pretty much everything is incremental improvement.
