Historically, security has been a best-of-breed market. By that, I mean customers would buy the leading product in each category and integrate the products into a cohesive whole. But now, is best of breed still the right approach? Even for small and medium-sized businesses (SMBs), which by definition are time-, resource- and money-constrained?
In 1997 McAfee Inc. did a series of acquisitions, both in the networking and security space, and dubbed itself Network Associates. It was really the first security aggregator, though Axent followed that model until Symantec Corp. acquired it. The thinking was that by building a broad product line, customers would buy all the products, and growth and market domination would follow.
A decade later, we can safely say that experiment didn't work out. A few years ago, McAfee spun off pieces of the business and went back to its name and heritage. Symantec has struggled with the Axent products for years, though it keeps buying stuff and integrating it. Customers didn't want integration.
But things have changed. There are a lot more attacks and a lot more security technologies to deal with, and it's not like SMBs have bigger budgets or more resources, right? So you need to do more with less.
Many of the security technologies have also matured. There used to be a big difference between the leading and the 10th-place firewall. Now there isn't. Mature technologies tend to become functionally comparable, and that's where we are in many security sectors. Technical differentiation is gone. All the products can do the job. Which means the value proposition needs to change.
Now integration makes more sense. Wouldn't it be great to enforce a single policy? That would be the Holy Grail, eh? Do you want to always manually aggregate data to get a simple report about what's going on? Maybe dropping a couple hundred grand on a security information management product could make that problem go away. Is it still novel to run 10 security agents on each desktop? Of course not.
But that doesn't mean best of breed is dead. So here are a few thoughts on how to know if it remains the choice for you.
- You still like the knobs. It's OK. I won't tell anyone. There are some administrators
who want or need control. They are not going to cede the responsibility of integration to anyone
else. So they continue to buy best of breed and keep on keeping on. There is nothing wrong with
this, if that's what you're into.
- You have very specific requirements. Perhaps it's a very specialized application or a
detailed policy that you've built into your content filter. In some cases, the amount of work
required to move to an integrated solution defeats the economic advantages. In that case, stick
with a best-of-breed product.
- Your brother-in-law is CEO of a best-of-breed company. How uncomfortable would
Thanksgiving be if you unplugged the standalone antispam gateway and outsourced it, or achieved the
same result with a unified
threat management box? Not worth risking the candied yams.
- You root for the underdog. If Cisco Systems Inc. or Symantec represent a Darth
Vader-like character to you, then you probably aren't looking for an integrated solution. You
wouldn't be able to sleep at night, knowing that you chose the Empire over the Resistance.
Of course, the last two were a bit tongue-in-cheek, but the reality remains that there will be some situations where it makes sense to buy a best-of-breed product, just not as many as there used to be, especially for an SMB.
Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about The Pragmatic CSO at http://www.pragmaticcso.com, read Rothman's blog at http://blog.securityincite.com, or reach him via email at mike.rothman (at) securityincite (dot) com.
This was first published in February 2007