Earlier this year, General Keith Alexander—then head of the National Security Agency—said cybercrime is “the greatest transfer of wealth in history.” Our own cybercrime reports support that assertion: cybercrime costs the global economy anywhere from 300 billion to 1 trillion dollars annually. But the organizations and enterprises standing to lose the most in this theft are actively enabling it by using outdated technologies and purposefully impeding the strength of their first line of defense: the firewall.
This exacerbates an already lopsided race between cybercriminals and security experts. Cybercriminals have the elements of surprise and time on their side. Security experts have neither, and must balance their security effectiveness with the need for network performance. That balancing act, according to several experts we interviewed for our Network Performance and Security Report, reduces firewall effectiveness in order to boost network performance.
The business decision to reduce firewall effectiveness puts companies at risk—and those responsible for the security of their networks know it. But business demands do require a fast and functional network, and many next-generation firewalls do have a strong impact on network performance. To quantify this, we asked Robert Smithers of Miercom to measure the impact firewalls have on network performance and throughput. What Smithers found was shocking: firewalls with only Deep Packet Inspection (DPI) enabled suffered nearly 35% in lost network performance. Firewalls with DPI and Anti Virus enabled suffered a 75% loss. Clearly the more features enabled, Smithers found, the worse a network performed. Given this, it’s understandable why some IT staff eschew security for performance.
But with McAfee Next-Generation Firewall (NGFW) there is a way for companies to both have their cake and eat it too. McAfee NGFW, capable of DPI while supporting a granular policy control, can eliminate the performance-speed tradeoff while defending companies from advanced evasion techniques (AETs) and advanced persistent threats (APTs).
But not all NGFWs are the same. Some deployments may work better on particular networks. Other may not. In order to determine which NGFW is right for your organization, consider these four questions:
- Has your organization identified and analyzed the risks present in its environment?
- What’s does your organization consider an acceptable risk?
- Does your current firewall protect you from these risks?
- Has your organization tested its firewall options onsite?
Today’s businesses cannot afford to take massive, and potentially disastrous, risks by disabling firewall features. They need both security and performance that can scale. To better understand how to balance business demands with security reality, download our “What’s Next: Industry Experts Speak Out: The Network Performance and Security Trade-Off” report today.