Security software suites are big and recent acquisitions suggest they're getting bigger. These suites typically include antivirus, anti-malware, and software firewall capabilities -- all of which used to sell separately.
Vendors such as CA, McAfee, Symantec and Trend Micro offer security software suites for the PC, but vendors' all-in-one approaches cover email and messaging, endpoint security and compliance among other areas.
Buyouts help fuel suite expansion. Trend Micro's 2009 purchase of Third Brigade led to the release of Deep Security 7, which includes intrusion detection/prevention, a firewall and log inspection. Symantec, meanwhile, aims to bulk up its compliance offerings through the purchase of Gideon Technologies, slated to close this quarter.
Security consultants and resellers generally view the evolution of suites in a positive light. But some professionals didn't view security software suites as favorably a few years ago.
Moving from best of breed to massive security software suitesFor Bill Edwards, chief information security officer at Vigilant LLC, it was "best of breed at all times" during the late 1990s and early 2000s. Information security around the Internet was new in that era, he noted. But suites, he said, have since matured. New York-based Vigilant offers onsite and managed IT security services.
"Overall, I see the development of suites as a good thing," added Jon Gossels, president of SystemExperts Corp., an IT security consulting firm based in Sudbury, Mass.
Gossels points to the benefits of product integration and lower total cost of ownership as among the suites' key selling points. The full security software suites also offer the advantages of a common interface, consistent reporting and easier management, he said.
"If I were setting up a large production environment, I would try to avoid having a million point solutions," Gossels added.
A role for best of breed
That said, the best-of-breed approach remains the go-to solution for some buyers.
Michelle Drolet, chief executive officer at Towerwall Inc., an IT security services firm in Framingham, Mass., said her customers still tend to lean toward best of breed. The reason: Customers don't see the integration advantages of suites outweighing the ability to own -- or at least the perception of owning -- the creme de la creme.
Drolet, however, said she believes the suite approach makes sense, noting that Trend Micro's new Enterprise Security Suite covers endpoint, servers, e-mail, SharePoint, spam, spyware, phishing and more under one console.
Prem Iyer, practice director for Information Security at Iron Bow Technologies, a Chantilly, Va., solutions provider, said the suite decision boils down to customer priorities. "What is more important to them at the end of the day: lower TCO and integration ... or best of breed in particular technology areas?"
Customer environments don't necessarily go one route or the other. Many enterprises that buy suites also supplement them with point solutions. A particularly stringent security requirement may compel a customer to go beyond the suite.
"There are certain instances where a best-of-breed point solution may make sense for a particular agency, separate from their overall "suite" approach," Iyer said. "An example, would be specific high-level encryption requirements where the most secure technological solution -- using AES [Advanced Encryption Standard]-256 or better -- may be a 'mission requirement' and trump an encryption product, which is one of many features in a larger suite."
"There are some customers that will sacrifice ease of administration and lower total cost of ownership to have a specific solution that is customized for their security needs," said Skip Foote, vice president and strategic business area leader of C4ISR (also known as Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance) at American Systems Corp. , a consulting, IT services and managed services firm in Chantilly, Va.
In addition, a particular security software suite may have gaps or weaknesses in coverage, which call for point solutions.
Iyer pointed to database security as an example. He said some vendors lack this feature in their suites, while others have attempted to cobble together a solution via acquisition.
"I haven't seen or been impressed with enterprise vendors in this space," he said. "They haven't come up with a solution that addresses that concern right now."
The upshot: Suites can deliver integration and management advantages, but many organizations may still need to reinforce those offerings with point solutions.
"We have to remember [that] not one company can be all things to all people," Drolet said.