Internet security software is supposed to run unobtrusively in the background.
In reality, however, it often hogs CPU cycles and memory. This is no small concern
for many businesses, particularly those that use shared servers to run other
applications such as e-mail and file sharing. For these organizations, security
and poor performance or memory footprint bottlenecks go hand in hand. This,
in turn, creates IT and management headaches as well as hassles for end users.
This history of sluggishness runs counter to the way business is conducted
today. In this global, highly interconnected, information-driven world, businesses
and consumers demand not only easy and secure access to uncompromised data,
but also the ability to keep pace with the speed of business. Indeed, long wait
times caused by security program processing can impede user productivity and
negatively affect the bottom line.
Clearly, businesses should not have to choose between security and performance.
And they may no longer have to. A growing number of security vendors are stepping
up to this challenge and finding innovative ways to improve the performance
of their solutions without sacrificing the protection they provide. Better yet,
independent tests indicate that these solutions are succeeding.
As a result, businesses interested in maintaining a secure and highly productive
workforce have more options than ever before in selecting effective protection
tools that won't slow them down.
Minimizing the performance impact of security solution response times increases
user acceptance of security programs and reduces the desire to disable those
programs. Installing a low-impact solution enables organizations to potentially
postpone investments in new client hardware while improving the user experience.
Reduced boot time and memory footprint
Many organizations deploy endpoint security solutions that provide multiple
layers of protection against malware on laptops, desktops, and servers. These
solutions can provide a wealth of powerful security technologies, including
antivirus, antispyware, firewall, intrusion prevention, and device and application
control. This multi-dimensional approach can present a formidable defense against
even the most sophisticated attacks that evade traditional security measures,
such as rootkits, zero-day attacks, and mutating malware and spyware.
Unfortunately, booting up a system with some or all these technologies has
up to now taken several minutes, which in the business environment can often
seem ponderous and a nuisance. However, updated endpoint security solutions
are emerging that dramatically reduce boot times.
For example, one endpoint security solution that formerly took 400 seconds
to boot on a 256-MB RAM system was cut to 100 seconds; on 2-GB RAM systems,
the same solution cut boot time from 80 seconds to a mere 10 seconds. These
reduced boot times reduce the impact the application has on normal machine operations
and enable end users to work faster.
In a November 2008 report, the Tolly Group, an independent IT testing organization,
compared the performance of several popular endpoint security solutions. The
study found that the base start-up time for a system without a solution installed
was 27 seconds. The Tolly Group compared the various solutions and found that
some took only 35 or 36 seconds to start up, while others took more than a minute.
That range -- 22 percent longer to 267 percent longer -- indicates that endpoint
security solutions can either be a minor hindrance or cause noticeable delays.
Another performance concern for endpoint security solutions is its memory footprint.
From a performance standpoint, the less memory an application uses, the better.
Here again, security vendors are making improvements to their endpoint security
products. One memory-efficient solution shrank its footprint while the client
is running from 80 MB to only 30 MB -- a 63 percent decrease that frees up that
much memory for other business-related tasks.
High performance for everyday tasks
Maintaining a small memory footprint without negatively impacting performance
is critical, yet it is difficult for virtually any security product to keep
resource use low when that same system must also perform intensive tasks such
For example, endpoint security solutions typically inspect and scan each file
that is opened or written to a hard drive. By comparing every file to known
viruses and other threats, the solutions help identify and block harmful content
such as malicious scripts.
In fact, so critical are these capabilities, that expert organizations such
as Virus Bulletin routinely test the effectiveness of antivirus products and
award products, with perfect detection scores earning a prestigious VB100 designation.
Consumers and businesses in turn can use these scores as way to identify solutions
that provide the greatest protection against malware. The scores can also help
customers compare different software providers and find those with multiple
VB100 designations, which indicate a history of effective protection.
Such careful and accurate scanning is a boon for protection but can have a
serious impact on everyday activities such as opening other applications or
documents. For example, The Tolly Group found that endpoint security solutions
can slow the opening of Microsoft Word documents by 23 percent to as much as
129 percent and Microsoft PowerPoint documents by 11 to 33 percent. Computers
running the solutions can slow the launch of Microsoft Internet Explorer and
opening a Web page by 8 percent to as much as 48 percent.
A notorious timewaster rightly blamed on endpoint security solutions is the
time they need to scan large archives as those archives are decompressed. The
Tolly report found that while the baseline time for decompressing a 1-GB archived
text file was 339 seconds -- roughly 5 and a half minutes -- some endpoint security
solutions needed 10 minutes or even 13 minutes to accomplish the task.
Slow scan times that add seconds to opening each document may not seem like
much, but quickly pile up minutes -- and frustration -- when employees use common
programs frequently. For these reasons, endpoint security vendors are now enhancing
their offerings to speed up times for performing these tasks, with noteworthy
For example, one consistent VB100 winner now downloads items twice as fast
and can download and deploy program updates four times faster than the industry
average. Some solutions can scan decompressed archives in only seven minutes.
These improvements help maintain user productivity by ensuring that users can
do common activities quickly and efficiently.
Another encouraging note is that vendors are finding ways to make their software
actually improve upon the performance of the baseline operating system. One
product actually made its host computer open a 1.2-MB Word document 2 percent
faster than if the computer had had no endpoint security solution installed
at all. To open a 10-MB PowerPoint document, that same product was 4 percent
Enhanced endpoint security solutions are also now helping reduce administrative
effort and ensuring more streamlined operations, improving organizational performance.
Solutions that provide a full range of security technologies integrated into
a single agent and a centralized management console offer a more consistent
approach to endpoint security. This, in turn, helps simplify administration
and eases operations by enabling capabilities such as single software updates
and policy updates, unified and central reporting, and a single licensing and
Furthermore, because these solutions require only a single agent and a management
console, they operate with an organization's existing security and IT investments.
For example, a number of integrated solutions now work with competitors' antivirus
products, firewalls, intrusion prevention technologies, and network access control
(NAC) infrastructures. In addition, many also work with leading software deployment,
patch management, and security information management tools.
While yesterday's security approaches prompted organizations to view lower
performance as the price paid for increased protection, next-generation technologies
are setting a new standard that eliminates that tradeoff. With optimized performance
and integrated threat protection technologies delivered on a manageable platform,
these solutions help ensure that businesses have the productive and protected
workforce they need to succeed today and in the future.