Best of breed vs. big security: What's best for SMBs?

Aggregated security products have been the trend recently, but best-of-breed security tools are making a comeback. How do you know which is the best option for your organization? Expert Mike Rothman gives his thoughts.

Historically, security has been a best-of-breed market. By that, I mean customers would buy the leading product in each category and integrate the products into a cohesive whole. But now, is best of breed still the right approach? Even for small and medium-sized businesses (SMBs), which by definition are time-, resource- and money-constrained?

More from Mike Rothman
Managed security services -- an SMB option

Email encryption: Five steps to success

In 1997 McAfee Inc. did a series of acquisitions, both in the networking and security space, and dubbed itself Network Associates. It was really the first security aggregator, though Axent followed that model until Symantec Corp. acquired it. The thinking was that by building a broad product line, customers would buy all the products, and growth and market domination would follow.

A decade later, we can safely say that experiment didn't work out. A few years ago, McAfee spun off pieces of the business and went back to its name and heritage. Symantec has struggled with the Axent products for years, though it keeps buying stuff and integrating it. Customers didn't want integration.

But things have changed. There are a lot more attacks and a lot more security technologies to deal with, and it's not like SMBs have bigger budgets or more resources, right? So you need to do more with less.

Many of the security technologies have also matured. There used to be a big difference between the leading and the 10th-place firewall. Now there isn't. Mature technologies tend to become functionally comparable, and that's where we are in many security sectors. Technical differentiation is gone. All the products can do the job. Which means the value proposition needs to change.

Now integration makes more sense. Wouldn't it be great to enforce a single policy? That would be the Holy Grail, eh? Do you want to always manually aggregate data to get a simple report about what's going on? Maybe dropping a couple hundred grand on a security information management product could make that problem go away. Is it still novel to run 10 security agents on each desktop? Of course not.

But that doesn't mean best of breed is dead. So here are a few thoughts on how to know if it remains the choice for you.


  • You still like the knobs. It's OK. I won't tell anyone. There are some administrators who want or need control. They are not going to cede the responsibility of integration to anyone else. So they continue to buy best of breed and keep on keeping on. There is nothing wrong with this, if that's what you're into.


  • You have very specific requirements. Perhaps it's a very specialized application or a detailed policy that you've built into your content filter. In some cases, the amount of work required to move to an integrated solution defeats the economic advantages. In that case, stick with a best-of-breed product.


  • Your brother-in-law is CEO of a best-of-breed company. How uncomfortable would Thanksgiving be if you unplugged the standalone antispam gateway and outsourced it, or achieved the same result with a unified threat management box? Not worth risking the candied yams.


  • You root for the underdog. If Cisco Systems Inc. or Symantec represent a Darth Vader-like character to you, then you probably aren't looking for an integrated solution. You wouldn't be able to sleep at night, knowing that you chose the Empire over the Resistance.

    Of course, the last two were a bit tongue-in-cheek, but the reality remains that there will be some situations where it makes sense to buy a best-of-breed product, just not as many as there used to be, especially for an SMB.

    Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about The Pragmatic CSO at, read Rothman's blog at, or reach him via email at mike.rothman (at) securityincite (dot) com.


Read more on IT for small and medium-sized enterprises (SME)