The job of a network administrator isn’t easy. Maintaining the software and hardware systems that comprise an enterprise’s network requires a deep understanding of the infrastructure and assets in the network as well as the data that is transmitted along the networks. This is especially true in government – where potentially sensitive data is transmitted along networks and security is paramount. But there’s a paradox here; administrators are finding an inherent conflict between their mandate of making networks as efficient as possible and ensuring the security of the networks themselves.
These findings were highlighted in a recent study that was released this year at Intel Security’s FOCUS in Las Vegas. The study, titled Network Performance and Security, found that network administrators were actually disabling firewall features in their bid to maintain network performance.
Traditional firewalls, which are pervasive across government agencies, sometimes have an adverse effect on performance because of the high demands they can place on network resources. The report found that network administrators were turning off firewall protections like anti-spam, anti-virus and deep packet inspection (DPI), which can degrade network throughput performance by up to 40%.
This is a big problem, especially in government. Ensuring optimal network speed and efficiency is vital, but agencies that leave themselves vulnerable with disabled firewalls will find that attacks are inevitable. With the sensitivity of data that government agencies have on ongoing projects, citizens or employees, this is not an acceptable risk.
So what’s the solution to this tradeoff? The report finds that next-generation firewalls (NGFWs), which are designed to give more intelligence on individual events along a network in real time, can provide better protection without sacrificing network performance. Next-generation firewalls combine the functionality of traditional firewalls with DPI, reputation-based software detection, intrusion prevention systems and application awareness. NGFWs are content- and context-aware and define their actions based on user identification. With advanced persistent threats on the rise, network security is critical – and only NGFWs are capable of having DPI, content/context awareness and other security functions enabled without degrading network throughput.
CIOs and CISOs increasingly recognize the network performance benefits that next generation firewalls can provide and are increasingly purchasing them; they represented 70% of overall firewall purchases last year. This should be a wakeup call to government agencies that the trade-off between performance and security is a false one.