A full 81% of respondents said they had shut down functionality in a security product because it was slowing down the network, according to the survey of nearly 500 network security, IT, and C-level executives.
In addition, 90% of respondents said that they were often forced to make tradeoffs between security and network performance.
“Many companies, in order to make certain performance levels, were turning off security. That is a dangerous trend”, said Jim Freeze, vice president of marketing for Crossbeam.
“There is this balance that companies find themselves trying to make because of the security architecture they have deployed. You want high levels of security but you can’t have security interfere with performance of the network. In many cases, based on the appliance infrastructure that companies are deploying, what they find is that when they turn on all of the security functionality that they want…it brings the network to its knees”, he added.
In addition, the survey found that 93% of respondents believe that security hardware vendor data sheet performance metrics are misleading, with 58% affirming that they simply do not trust the performance metrics. More than 60% of respondents admit they have been forced to purchase additional hardware for a security solution to address the disparity between what vendors claimed their products could do and the reality.
“Most vendors on their data sheets will put down what their performance levels are in ideal conditions, and quite frankly, situations nobody actually operates under”, said Freeze. “We commissioned this survey to try and provide some quantitative data about challenges that companies were having regarding what was being claimed [by vendors] and what was actually being delivered”, he added.
The survey found 42% of respondents did not test the security solutions they were evaluating under real-world traffic loads. Among those that have conducted real-world tests, many of the basic security functions, such as intrusion prevention capabilities enabled with recommended policies, were not included.
Short-term thinking is also an issue for IT security professionals. Over half of those surveyed said that they only evaluate their performance needs less than a year to 24 months in advance.
“A lot of companies do their planning based on what they need in the next year or two years in terms of infrastructure to support performance because I think what companies are increasingly finding is that they are underestimating the amount of bandwidth and the kinds of applications running across their network. As a result, they put an infrastructure in today that they hope lasts three or four years…But they find within a year to 18 months, they need to upgrade the network because it can’t keep up with performance”, Freeze said.
Most survey respondents are not using the full capabilities of their next-generation firewalls, and many are only using the minimum features. According to the survey, stateful firewall remains the core function being used (91%), followed by NAT (73%), IPSEC/VPN (71%), and IDS/IPS (65%).