Abstract
Encrypted traffic is becoming a pillar of security and privacy in enterprise networks. According to Google Transparency Report, over 95 percent of internet traffic is encrypted with the use of Hypertext Transfer Protocol secure (HTTPS), Transport Layer Security (TLS) 1.3 and Quick UDP Internet Connections (QUIC). Although encryption safeguards confidentiality and integrity, it has also introduced new blind spots to the conventional security solutions. Encrypted channels are used to hide command-and-control (C2) traffic, issue malware and extract sensitive data without their notice.
To make the issue even harder, the opponents have sophisticated avoidance methods including traffic fragmentation, tunneling, and polymorphic malware. These strategies are specifically formulated to circumvent inspection systems. Conventional firewalls and intrusion detection systems (IDS) are not sophisticated enough to deal with such threats.
Next-Generation Firewalls (NGFWs) came to overcome these shortcomings. They are a combination of deep packet inspection (DPI), intrusion prevention systems (IPS), application awareness, and user identity tracking. Nonetheless, doubts still surround their capability of balancing good threat detection and network performance especially in the encrypted traffic, as well as malware that evades.
This paper aims to evaluate the performance of NGFW in such a state. It will make comparisons between vendor solutions, examine detection capabilities, and suggest an AI-based augmentation framework.
Faculty Advisor/Mentor
Safdar Bouk
Document Type
Paper
Disciplines
Cybersecurity
DOI
10.25776/s2nr-xw22
Publication Date
11-10-2025
Upload File
wf_yes
Included in
A Comprehensive Evaluation of Next-Generation Firewall Effectiveness Against Encrypted and Evasive Threats in Enterprise Networks
Encrypted traffic is becoming a pillar of security and privacy in enterprise networks. According to Google Transparency Report, over 95 percent of internet traffic is encrypted with the use of Hypertext Transfer Protocol secure (HTTPS), Transport Layer Security (TLS) 1.3 and Quick UDP Internet Connections (QUIC). Although encryption safeguards confidentiality and integrity, it has also introduced new blind spots to the conventional security solutions. Encrypted channels are used to hide command-and-control (C2) traffic, issue malware and extract sensitive data without their notice.
To make the issue even harder, the opponents have sophisticated avoidance methods including traffic fragmentation, tunneling, and polymorphic malware. These strategies are specifically formulated to circumvent inspection systems. Conventional firewalls and intrusion detection systems (IDS) are not sophisticated enough to deal with such threats.
Next-Generation Firewalls (NGFWs) came to overcome these shortcomings. They are a combination of deep packet inspection (DPI), intrusion prevention systems (IPS), application awareness, and user identity tracking. Nonetheless, doubts still surround their capability of balancing good threat detection and network performance especially in the encrypted traffic, as well as malware that evades.
This paper aims to evaluate the performance of NGFW in such a state. It will make comparisons between vendor solutions, examine detection capabilities, and suggest an AI-based augmentation framework.