As employees need to use any application that they feel will help them do their jobs, organizations need to strike a balance between productivity and minimizing risk. Some applications can slip through open ports as firewalls drill deeper into data payload to verify application type. Applications that find resistance can learn to hop around, searching for other open ports. Others use SSL/TLS to obscure payloads. While many applications are legitimate programs using firewall traversal to overcome home and hotspot network hurdles, some exploit these "pinholes" and send greyware, botnets, and Trojans into the network via the application.
When a user opens an application that is trying to access the Internet, McAfee Next Generation Firewall utilizes application control to examine and ensure each application’s activities are accurate, complete, and functioning at an optimal level. Next Generation Firewall leverages full user and application identification, and security enhanced with additional controls, including domain names, location, TLS matches, URL categories, and zones. The overall goal of application control on Next Generation Firewall is to ensure that each aspect of a given application is complete, accurate, and valid so data traveling through the network and between applications remains protected, private, and secure.