Introduction
In the security industry, visibility is everything. As the old adage goes, you can’t stop what you can’t see. This is why Palo Alto Networks created the Next Generation Firewall and why Mantisnet is seeing such incredible traction with its cloud-native tools in order to fully instrument control, management and dataplane messaging/traffic at the kernel level. When Palo Alto Networks was created, most firewalls were “stateful firewalls”, and policies were created based on a “5-tuple”, where the 5-tuple was the source and destination address and port, and the protocol (TCP or UDP). What happens though when you have multiple applications running on the same port? How do you stop bittorrent on port 443, but allow HTTPS traffic to legitimate web sites? Thus was born the Next Generation Firewall that could secure any application regardless of what port or protocol it was running on.