Having It All: Performance and Security

Untitled Document

Internet security software is supposed to run unobtrusively in the background. In reality, however, it often hogs CPU cycles and memory. This is no small concern for many businesses, particularly those that use shared servers to run other applications such as e-mail and file sharing. For these organizations, security and poor performance or memory footprint bottlenecks go hand in hand. This, in turn, creates IT and management headaches as well as hassles for end users.



This history of sluggishness runs counter to the way business is conducted today. In this global, highly interconnected, information-driven world, businesses and consumers demand not only easy and secure access to uncompromised data, but also the ability to keep pace with the speed of business. Indeed, long wait times caused by security program processing can impede user productivity and negatively affect the bottom line.

Clearly, businesses should not have to choose between security and performance. And they may no longer have to. A growing number of security vendors are stepping up to this challenge and finding innovative ways to improve the performance of their solutions without sacrificing the protection they provide. Better yet, independent tests indicate that these solutions are succeeding.

As a result, businesses interested in maintaining a secure and highly productive workforce have more options than ever before in selecting effective protection tools that won't slow them down.

Minimizing the performance impact of security solution response times increases user acceptance of security programs and reduces the desire to disable those programs. Installing a low-impact solution enables organizations to potentially postpone investments in new client hardware while improving the user experience.

Reduced boot time and memory footprint

Many organizations deploy endpoint security solutions that provide multiple layers of protection against malware on laptops, desktops, and servers. These solutions can provide a wealth of powerful security technologies, including antivirus, antispyware, firewall, intrusion prevention, and device and application control. This multi-dimensional approach can present a formidable defense against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and mutating malware and spyware.

Unfortunately, booting up a system with some or all these technologies has up to now taken several minutes, which in the business environment can often seem ponderous and a nuisance. However, updated endpoint security solutions are emerging that dramatically reduce boot times.

For example, one endpoint security solution that formerly took 400 seconds to boot on a 256-MB RAM system was cut to 100 seconds; on 2-GB RAM systems, the same solution cut boot time from 80 seconds to a mere 10 seconds. These reduced boot times reduce the impact the application has on normal machine operations and enable end users to work faster.

In a November 2008 report, the Tolly Group, an independent IT testing organization, compared the performance of several popular endpoint security solutions. The study found that the base start-up time for a system without a solution installed was 27 seconds. The Tolly Group compared the various solutions and found that some took only 35 or 36 seconds to start up, while others took more than a minute. That range -- 22 percent longer to 267 percent longer -- indicates that endpoint security solutions can either be a minor hindrance or cause noticeable delays.

Another performance concern for endpoint security solutions is its memory footprint. From a performance standpoint, the less memory an application uses, the better. Here again, security vendors are making improvements to their endpoint security products. One memory-efficient solution shrank its footprint while the client is running from 80 MB to only 30 MB -- a 63 percent decrease that frees up that much memory for other business-related tasks.

High performance for everyday tasks

Maintaining a small memory footprint without negatively impacting performance is critical, yet it is difficult for virtually any security product to keep resource use low when that same system must also perform intensive tasks such as scanning.

For example, endpoint security solutions typically inspect and scan each file that is opened or written to a hard drive. By comparing every file to known viruses and other threats, the solutions help identify and block harmful content such as malicious scripts.

In fact, so critical are these capabilities, that expert organizations such as Virus Bulletin routinely test the effectiveness of antivirus products and award products, with perfect detection scores earning a prestigious VB100 designation. Consumers and businesses in turn can use these scores as way to identify solutions that provide the greatest protection against malware. The scores can also help customers compare different software providers and find those with multiple VB100 designations, which indicate a history of effective protection.

Such careful and accurate scanning is a boon for protection but can have a serious impact on everyday activities such as opening other applications or documents. For example, The Tolly Group found that endpoint security solutions can slow the opening of Microsoft Word documents by 23 percent to as much as 129 percent and Microsoft PowerPoint documents by 11 to 33 percent. Computers running the solutions can slow the launch of Microsoft Internet Explorer and opening a Web page by 8 percent to as much as 48 percent.

A notorious timewaster rightly blamed on endpoint security solutions is the time they need to scan large archives as those archives are decompressed. The Tolly report found that while the baseline time for decompressing a 1-GB archived text file was 339 seconds -- roughly 5 and a half minutes -- some endpoint security solutions needed 10 minutes or even 13 minutes to accomplish the task.

Slow scan times that add seconds to opening each document may not seem like much, but quickly pile up minutes -- and frustration -- when employees use common programs frequently. For these reasons, endpoint security vendors are now enhancing their offerings to speed up times for performing these tasks, with noteworthy success.

For example, one consistent VB100 winner now downloads items twice as fast and can download and deploy program updates four times faster than the industry average. Some solutions can scan decompressed archives in only seven minutes. These improvements help maintain user productivity by ensuring that users can do common activities quickly and efficiently.

Another encouraging note is that vendors are finding ways to make their software actually improve upon the performance of the baseline operating system. One product actually made its host computer open a 1.2-MB Word document 2 percent faster than if the computer had had no endpoint security solution installed at all. To open a 10-MB PowerPoint document, that same product was 4 percent faster.

Operational efficiencies

Enhanced endpoint security solutions are also now helping reduce administrative effort and ensuring more streamlined operations, improving organizational performance. Solutions that provide a full range of security technologies integrated into a single agent and a centralized management console offer a more consistent approach to endpoint security. This, in turn, helps simplify administration and eases operations by enabling capabilities such as single software updates and policy updates, unified and central reporting, and a single licensing and maintenance program.

Furthermore, because these solutions require only a single agent and a management console, they operate with an organization's existing security and IT investments. For example, a number of integrated solutions now work with competitors' antivirus products, firewalls, intrusion prevention technologies, and network access control (NAC) infrastructures. In addition, many also work with leading software deployment, patch management, and security information management tools.

While yesterday's security approaches prompted organizations to view lower performance as the price paid for increased protection, next-generation technologies are setting a new standard that eliminates that tradeoff. With optimized performance and integrated threat protection technologies delivered on a manageable platform, these solutions help ensure that businesses have the productive and protected workforce they need to succeed today and in the future.