Interface objects segment your network to help you manage and classify traffic flow. An interface object simply groups interfaces. These groups may span multiple devices; you can also configure multiple interface objects on a single device.

Firepower management Center Configuration Guide, Version 6.5

Lots of words but what does that really mean?

Essentially with Interface Zones, you can add the interface information to the Cisco Firepower Access Control Policy and Access Control Pre policy.

Most networks are a mess

-NETWORK GODS

It is best to not make security zones the bed rock of your access control policy.

In our environment it was best to only use a security zone for our outside interface. This is the only point where were we know exactly what traffic is expected. On the out side of the externafl interface is public routable networks (non iso27blah) and every other interface any traffic has the potential of passing.s

Extensively using security zones can make debugging a mess.