Abstract: The rapid development of Information Technology (IT) has altered the appearance of the network perimeter. Data is all around, with users who access it from around the world and from all types of devices. At the same moment, Information Technology (IT) teams are implementing analytics, cloud, as well as automation to quicken the delivery of innovative applications and drive business development. These essential changes have created a threat environment that reveals weaknesses in legacy security technologies, for example, the port-based network security, as well as the different tools and technologies which are not natively incorporated. This concern has driven many enterprises to look for more sophisticated capabilities to improve their cybersecurity. Traditionally, a normal firewall follows preset Web protocols. It does not have the capability to differentiate between different types of Web traffic. This restriction forces the system in order to only permit or prohibit traffic, depending upon a specific set of built-in standards. Therefore, the protection it offers for particular protocols, ports, and IP addresses is no longer sufficient. Businesses need tougher security that is not tied down to preset settings. Modern-day firewalls need more advanced rules to control website access as well as app usage inside the enterprise networks thus the advancement of next-generation firewalls (NGFWs) and Web Application Firewall (WAFW). The main objective of this research paper is to analyze the evolution of next-generation firewalls (NGFWs) and Web Application Firewall (WAFW) and their characteristics. Also, what it is going to take to safeguard the enterprise's environment for the foreseeable future.
Keywords: Next-Generation Firewalls (NGFWs), Web Application Firewall (WAFW), SQL Injection, Cross-site Scripting (XSS), Web Scraping, OWASP Top Ten threats.
| DOI: 10.17148/IJARCCE.2021.10504