Organizations choose network performance over advanced security features, concludes McAfee
McAfee, part of Intel Security, published on Oct. 29 a new report titled Network Performance and Security, exploring the challenges organizations face in deploying security protections while still maintaining an optimally performing network infrastructure.
Issued at McAfee’s FOCUS 14 conference, the report uncovered that an alarming number of organizations are now disabling advanced firewall features in order to avoid significant network performance degradation.
“When I hear about people turning off security they paid for because of performance decreases — this upsets me so much”
As part of the report, 504 IT professionals were surveyed, with 60 percent stating that the design of their company’s network was driven by security. However, more than one-third of respondents admitted to turning off firewall features or declining to enable certain security functions in an effort to increase the performance of their networks.
“It is unfortunate that turning off important firewall features because of network performance concerns has started to become common practice,” said Pat Calhoun, General Manager of Network Security at McAfee, part of Intel Security. “At McAfee we believe this is unacceptable. Companies simply should not have to make that kind of trade-off.”
According to the report, the most common features disabled by network administrators include deep packet inspection (DPI), anti-spam, anti-virus, and VPN access. DPI, the feature most frequently disabled, detects malicious activity within regular network traffic and prevents intrusions by blocking offending traffic automatically before any damage occurs. It is essential for robust threat defenses, and is a key component of next generation firewalls, which now represent 70 percent of all new firewall purchases.
“When I hear about people turning off security they paid for because of performance decreases — this upsets me so much,” said Ray Maurer, Chief Technology Officer at Perket Technologies. “I get a bad feeling knowing I had to remove security in the name of performance. I have a hard time sleeping because it is not a matter of if a network will be compromised, but when.”
Many organizations choose to turn-off DPI because of the high demands it places on network resources, yielding upwards of a 40 percent degradation of throughput, according to third-party research firm, Miercom. McAfee Next Generation Firewall, however, with DPI enabled sustained one of the highest firewall throughputs in Miercom’s testing. Overall, McAfee Next Generation Firewall sustained much higher throughput performance with security features enabled when compared to other products in this class. Competing products tested exhibited an average of 75 percent or more performance degradation for DPI, anti-virus and application control when enabled.