Firewalls have been an interesting evolution. They not only provide the most basic protection, but are also able to understand the traffic inspected and look for the applications being used. This may seem insignificant at first glance, but to have a device that can tell if the traffic traversing the firewall is legitimate or not, and be able to mitigate malicious traffic masquerading as legitimate, can be the difference between a breach and a non-event. An example may be the DNS traffic as inspected by a standard firewall, which looks like legitimate DNS traffic, but in reality has DNS packets that are padded with data that is being exfiltrated from the network.

A next generation firewall (NGFW) would be able to detect ...