Historically, security has been a best-of-breed market. By that, I mean customers would buy the leading product in each category and integrate the products into a cohesive whole. But now, are best-of-breed information security tools still the right approach? Even for small and medium-sized businesses (SMBs), which by definition are time-, resource- and money-constrained?
In 1997 McAfee Inc. did a series of acquisitions, both in the networking and security space, and dubbed itself Network Associates. It was really the first security aggregator, though Axent followed that model until Symantec Corp. acquired it. The thinking was that by building a broad product line, customers would buy all the products, and growth and market domination would follow.
A decade later, we can safely say that experiment didn't work out. A few years ago, McAfee spun off pieces of the business and went back to its name and heritage. Symantec has struggled with the Axent products for years, though it keeps buying stuff and integrating it. Customers didn't want integration.
But things have changed. There are a lot more attacks and a lot more security technologies to deal with, and it's not like SMBs have bigger budgets or more resources, right? So you need to do more with less.
Many of the security technologies have also matured. There used to be a big difference between the leading and the 10th-place firewall. Now there isn't. Mature technologies tend to become functionally comparable, and that's where we are in many security sectors. Technical differentiation is gone. All the products can do the job. Which means the value proposition needs to change.
Now integration makes more sense. Wouldn't it be great to enforce a single policy? That would be the Holy Grail, eh? Do you want to always manually aggregate data to get a simple report about what's going on? Maybe dropping a couple hundred grand on information security tools could make that problem go away. Is it still novel to run 10 security agents on each desktop? Of course not.
But that doesn't mean best of breed is dead. So here are a few thoughts on how to know if it remains the choice for you.
Of course, the last two were a bit tongue-in-cheek, but the reality remains that there will be some situations where it makes sense to buy best-of-breed information security tools, just not as many as there used to be, especially for an SMB.
Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about The Pragmatic CSO at www.pragmaticcso.com, read Rothman's blog at http://blog.securityincite.com, or reach him via email at mike.rothman (at) securityincite (dot) com.