There's a lot of discussion in infosec circles on the usefulness (or not) of traditional packet filtering firewalls against today's attacks. Those of us in the industry have long since known that for a firewall to detect modern attack vectors, they need to be application-aware in some way, as with web app firewalls, or proxy-based firewalls.

I also often argue that even traditional packet filtering is still relevant. Traditional packet filtering firewalls allow you to enforce the principal of least privilege at a network level. If systems on the public internet should never be able to route packets to your HR database, then well... enforce it with a firewall.

Ever tried to detect and respond to a so called "slow and low" attack or an APT that occurred over a sustained period of time, leveraging multiple attack vectors? Having an archive of firewall logs to mine from can make or break you.

These are just two examples of how a traditional...