When picking a security or IT management tool to get a specific job done, conventional wisdom among Microsoft Windows administrators always leans toward using the best product, not necessarily the easiest or cheapest.
But that rule may be changing, particularly as threats grow in number and sophistication. IT managers have taken on so many security tools that some of them are willing to sacrifice "best of breed" for ease of use. Some analysts are discovering that IT departments have a growing interest in all-in-one security products that can protect and manage multiple security threats.
"There are just too many point solutions to address all the threats that exist," said Natalie Lambert, an analyst at Forrester Research, in Cambridge, Mass. "Companies are looking for ways to deploy products with more functions rather than have multiple products that seem to grow in number year over year."
Earlier this year, Forrester released research that said the future of IT security lies in comprehensive endpoint security products with network access protection capabilities. The research, and subsequent report titled "Client Management 2.0," was based on interviews with 20 large enterprise shops. It said that those kinds of tools will be the ones that IT managers choose to provide security while making IT management easier and less expensive.
"Customers are certainly fed up with multiple products and agents," said Nick Selby, a security analyst with The 451 Group, a research company based in New York. "The nature of threats used to be pretty simple. They were viruses, and they had largely been dealt with. But it's getting more complex now with more threats, like Trojans, and drive-by downloads when users go to legitimate Web sites," he said.
Plugging the all-in-one product gap
Many of these comprehensive endpoint security products will be coming from some of the usual suspects, such as Symantec Corp., Microsoft, McAfee Inc. and Sophos Plc.
Symantec, for example, will have Endpoint Security 11.0, which is in beta and scheduled for its first release in September. Endpoint Security 11.0 is expected to fight against viruses and spyware with a single software agent.
Symantec is also offering its customers the option of including the company's Network Access Control 11.0, code-named Hamlet, which includes a single management console. The company will change the name of its Anti-Virus 10 to Endpoint Security 11.0, said George Myers, endpoint security director at Symantec.
And another option is coming from Microsoft that will have a package of security applications. The software, code-named Stirling, will be out in mid-2009. Microsoft based the product on the its Forefront Server for Exchange and Forefront Server for SharePoint products.
A product that does it all also breaks an IT cardinal rule
Some IT administrators say comprehensive product offerings would make securing and managing their networks much easier.
"IT has traditionally focused on best-of-breed, but in the last year I've seen a lot support for a single product with a single agent -- from myself and others in this industry," said Jeff Jenkins, vice president of information security with First American Corp., a financial services company based in Santa Ana, Calif.
With 44,000 employees, a comprehensive product would simplify management as well as reduce costs, Jenkins said.
Some say comprehensive security tools are worth a look, although they do go against one of the cardinal rules of IT, which is to not put all your eggs in one basket. "If there were something like a silver bullet that covered all the bases and was easy to administrate, I would definitely consider it," said Vivienne Flores, an IT developer at Freightliner LLC, a truck manufacturer based in Portland, Ore. "There is a huge combination of things to watch with users, and every time there are additional products put on the desktop, it doesn't mean that there are additional resources in the form of administrators to manage it all."
Indeed, there will always be plenty of IT managers who refuse to adopt all-in-one tools for the simple reason that they don't believe one product can do every job well.
"One of the toughest things [about] security is from a buying standpoint because certain companies are really good at one technology, but maybe not at another," said Ronny Serrano, a technical services manager at Hearts On Fire, a Boston-based diamond wholesaler. "As a company, you can't be everything to everyone and be good at it all."