There are three traditional approaches to endpoint security

1. Client-side software suites
2. Proxies
3. Full tunnel VPNs

These have typically resulted in significant performance impacts, management headaches, or bad user experiences.

As more and more applications are moving into the cloud and more and more users are moving off-premise a fundamentally new approach is required. According to well-known analyst John Pescatore "The Next Generation Firewall will follow the same pattern - extending to NGFW as a service (or what we used to call 'In the Cloud Firewalling' before the cloud term got ripped away from the Internet carriers) to inject the same firewall policy between the users and the Internet and in between the cloud-based services we consume that used to be inside the data center."

The solution... Next generation endpoint security

...a new approach to managing and securing remote endpoints while offering security and performance that traditional firewalls do not offer….. Unlike traditional approaches to endpoint security this solution ties application, user and content-based policies to roaming users through a persistent thin client that can be pre-installed or installed on demand.

It is similar to a VPN as remote traffic is sent over a secure tunnel. However, unlike typical VPN deployments, which direct traffic to a few geographically centralised gateways, the thin client automatically connects to the nearest corporately-managed next-generation firewall deployed at a hub, branch, or in a private cloud.

This solution results in faster throughput, easier management and better protection. It enables organisations to secure all remote endpoints under their full security policy without the need for different software applications.