Works against the casual temperer, but a more determined attacker will simply take time and dissolve the epoxy layer by layer to expose the board, then reverse engineer the components and the circuit, then decap the programmable components and extract the code inside. You need to have more than a plain epoxy potting, as this only slows down the attacker. Even including extra security, like a battery backed SRAM and anti tamper electronics to detect light through the epoxy, a fine flex PCB mesh network to detect tampering, along with encrypting the RAM contents and only having the key in a secure microcontroller, only means they need 5 units to get your firmware image out, or at least enough to figure out your methods and defeat them.
Better is to have a internet connection and a part of the firmware downloaded ( with really good crypto as well, and a private and public key per device per serial number, so getting one does not get all) on power up and held in RAM. That, along with the physical protection measures, will make it more secure.
However in most cases try to make your product low enough in cost that it is better to buy the genuine one, and then only support this and not the pirate versions.