System Administrators Admit to Disabling Key Network Firewall Features in Response to Complaints about Poor Application Performance
LAS VEGAS, NV — October 28, 2014 — McAfee, part of Intel Security, today published a new report titled Network Performance and Security, exploring the challenges organizations face in deploying security protections while still maintaining an optimally performing network infrastructure. Issued at McAfee’s FOCUS 14 conference, the report uncovered that an alarming number of organizations are now disabling advanced firewall features in order to avoid significant network performance degradation.
As part of the report, 504 IT professionals were surveyed, with 60 percent stating that the design of their company’s network was driven by security. However, more than one-third of respondents admitted to turning off firewall features or declining to enable certain security functions in an effort to increase the performance of their networks.
“It is unfortunate that turning off important firewall features because of network performance concerns has started to become common practice,” said Pat Calhoun, General Manager of Network Security at McAfee, part of Intel Security. “At McAfee we believe this is unacceptable. Companies simply should not have to make that kind of trade-off.”
According to the report, the most common features disabled by network administrators include deep packet inspection (DPI), anti-spam, anti-virus, and VPN access. DPI, the feature most frequently disabled, detects malicious activity within regular network traffic and prevents intrusions by blocking offending traffic automatically before any damage occurs. It is essential for robust threat defenses, and is a key component of next generation firewalls, which now represent 70 percent of all new firewall purchases1.
“When I hear about people turning off security they paid for because of performance decreases -- this upsets me so much,” said Ray Maurer, Chief Technology Officer at Perket Technologies. “I get a bad feeling knowing I had to remove security in the name of performance. I have a hard time sleeping because it is not a matter of if a network will be compromised, but when.”
Many organizations choose to turn-off DPI because of the high demands it places on network resources, yielding upwards of a 40 percent degradation of throughput, according to third-party research firm, Miercom2. McAfee Next Generation Firewall, however, with DPI enabled sustained one of the highest firewall throughputs in Miercom’s testing. Overall, McAfee Next Generation Firewall sustained much higher throughput performance with security features enabled when compared to other products in this class. Competing products tested exhibited an average of 75 percent or more performance degradation for DPI, anti-virus and application control when enabled2.
According to Calhoun, “With the number of confirmed data breaches climbing more than 200 percent in 2014 over the previous year, it has never been more critical for organizations to embrace the advanced protections available to them with next generation firewalls3. At McAfee, we make it possible to deploy security technology to its full potential, without sacrificing usability or productivity.”
To read Miercom’s Throughput and Scalability Report for McAfee Next Generation Firewall, visit: www.mcafee.com/ngfw
About Intel Security
McAfee is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence, Intel Security is intensely focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. Intel Security’s mission is to give everyone the confidence to live and work safely and securely in the digital world. www.intelsecurity.com.
 Gartner finding cited in “Next Generation Firewalls and Employee Privacy in the Global Enterprise,” SANS Institute, September 21, 2014. http://www.sans.org/reading-room/whitepapers/legal/generation-firewalls-employee-privacy-global-enterprise-35467
 Verizon, 2014 Data Breach Investigations Report (DBIR). http://www.verizonenterprise.com/DBIR/2014/
Note: McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Other names and brands may be claimed as the property of others.