For a large part of the last two decades, I have been designing, developing, and deploying firewalls. Initially, the industry was happy with 5-tuple, port-based stateful firewalls. In the mid-2000s, next-generation firewalls were born, and they included other dimensions such as users, groups, and applications. URL filtering and threat and data protection techniques evolved and became integral add-ons to the next-generation firewall. But as applications moved to the cloud and employees logged in from anywhere, these next-generation firewalls soon became ineffective, requiring the third wave of evolution—the cloud-generation firewall.
So, why is there a need to replace next-gen firewalls aside from being regarded as a "last-generation" solution? And what can replace them? We're going to answer this question from the point of view of security and network operations teams.