Netronome is building onto their flow-processing platform by layering software over the top. They just announced several “application kits”, including intrusion detection/prevention, SSL, IPsec, and deep packet inspection, but headlining the whole thing with a next-generation firewall application.
They explained a bit of the firewall scene first by pointing out that the firewalls we think of that protect our computers or homes or businesses are a small part of the market. Those are perimeter firewalls, and their primary function is to block unwanted traffic.
But within data centers, the firewall activity is distributed, with each rack having a so-called “core firewall.” These end up doing much more than blocking, including routing and intrusion prevention.
The “next generation” aspect builds on the simplistic model that has been used for blocking to date: ports and sockets. Going forward, users and application identity can also be targeted, allowing more selectivity over how traffic gets filtered.
You can find more about all of their application kits in their release.