The end node problem arises when individual computers are used for sensitive work and/or temporarily become part of a trusted, well-managed network/cloud and then are used for more risky activities and/or join untrusted networks.
[1] End nodes often have weak/outdated software, weak security tools, excessive permissions, mis-configurations, questionable content and apps, and covert exploitations.
Organized cyber-criminals have found it more profitable to internally exploit the many weak personal and work computers than to attack through heavily fortified perimeters.
[7] To eliminate the end node problem, only allow authenticated users on trusted remote computers in safe environments to connect to your network/cloud.
For example, the US Department of Defense only allows its remote computers to connect via VPN to its network (no direct Internet browsing) and uses two-factor authentication.
A less expensive approach is to trust any hardware (corporate, government, personal, or public) but provide a known kernel and software and require strong authentication of the user.