Although it can be used for good, there is a chance that it could also be abused for bad ends. Domain fronting, a TLS evasion technique that can go around URL filtering databases and enable data exfiltration, can now be detected by firewalls with Threat Prevention.
Domain fronting attacks can be stopped by setting up a proxy server and configuring it to intercept all TLS communications.