End-point-security is an information security concept that basically means that each device (end-point) is responsible for its own security.
Traditionally, firewalls, central virus scanners and other intrusion detection or intrusion prevention devices were held responsible for securing an end-point. However with the SSLVPN, the intrusion prevention systems in the perimeter become ineffective as SSLVPN can be controlled at the two end points one being the desktop and the other outside the user control in the internet space.
End point security places the onus of security on the device itself. Real-life examples of this happening can be best seen with Broadband users' increasing use of desktop firewalls, spam and antivirus software.
A variant of the End point security is the on demand end point of security. In this concept the server sends ActiveX or java component which does the following in the client pc's :
Profiling of the client environment from perspective of firewall, antivirus, patches etc.
memory protection program to create virtual desktop whose memory is different from that of the host system.
deletes all data on exit.
Another look at endpoint security should include computer level tools that provide administrative control over the use of memory devices. Controlling the use of memory sticks, SD cards and other flash drive type memory devices. A quick test for the small business owner is to take one of these small, in size yet big in memory, storage devices to a client workstation on their network and see what kind of information an employee can take. Consider Outlook data, Word doc's, pdf's and information from the companies accounting & customer data bases. If employees are allowed to load company data onto memory sticks to take outside the office, is that information protected? Endpoint security also includes the protection of a businesses network from employee memory devices that may unknowingly contain malware.