Internet Application Control
There are now many applications that have access to the internet. A firewall can not create a proxy for all these applications because there are so many. Applications can now tunnel directly over HTTP. We can’t just block HTTP as then we will be blocking everyone accessing the web via browsers as well.
Now firewalls as well as web security gateways have developed ways to control these applications. Application signatures are created to be able to uniquely identify these them.
Applications such as Skype, TeamViewer and LogMeIn are good examples of why application control is crucial. An employee can easily just install TeamViewer on their corporate system. They can then access their corporate documents remotely. Now just because you are blocking inbound access to your firewall will not prevent this type of access due to the way these applications work. Even if you have mechanisms to control who can install applications on your corporate systems, this can still be bypassed because there is a version of TeamViewer that you can run without having to install the application, just like the way Putty works.
There are other reasons why you may want to control applications, such as reducing the amount of bandwidth used up on none productive applications or blocking of illegal downloads.
You don’t have to block the application from accessing the internet altogether, there is ability with some vendors that you can enable traffic shaping on them. For example you can give streaming media a certain amount of maximum bandwidth so staff can still browse YouTube and other media sites but are restricted to a limited amount of bandwidth.
The term "Next-Generation Firewalls" deals with the above problems and have capabilities to monitor and control applications.
For further reading, there's some excellent electronic ebooks available for download from eBooks.com