Mark Twain once commented that “reports of my death have been greatly exaggerated”. And so it might prove for standalone security products. At last week’s RSA Conference, Art Coviello predicted that vendors of such products would disappear within three years. As President of RSA, he’s always guaranteed a plum platform at the Conference to promote his latest views. And he does have a point. Users do prefer broader, integrated solutions. And having been absorbed by EMC, RSA can vouch for the fact that bigger vendors are keen to respond to this market demand.
But the fact remains that not many integrated solutions deliver the most effective solution. Even established technologies such as IPS are far from commodities. They vary tremendously in their capability and effectiveness. And if you look ahead, you can see a raft of specialist, unique security technologies in the R&D pipeline.
Expecting big vendors to maintain a comprehensive portfolio of the latest, best-of-breed security solutions is likely to remain wishful thinking. Perhaps that’s what Art was really thinking when he said that “instead of working to perfect security we should be working to reduce business risk”. Because the main difference between business risk management and security is that the former generally operates at a higher level and rarely bothers to delve into the finer details of a technology solution. And with new attacks of increasing sophistication on the cards, it would be a fatal mistake to assume that all security products are equal.