As customers wake up to the fact that AV alone is not going to save them from blended threats, security vendors are dashing out to ensure their systems will support as many complementary products as possible - firewalls, AV, content management systems, PKI and encryption technologies.
Barely a day goes by without my inbox being invaded by press releases about some security vendor partnering with another to build a "comprehensive protection strategy". It seems to be the latest fad.
"AV has lost a bit of its stigma, not because its importance has diminished, but because AV and security have converged," says Ray McIntyre, McAfee channel sales manager, Australia/NZ. Still, most of the hacks come in via viral attacks. "It's relatively easy to protect a perimeter - a firewall or an SMTP or HTTP gateway - but how do you protect down to the desktop?"
The unexpected outcome of this, according to Danielle Errera, Symantec's director of channel operations, is that AV has reverted from being a highly commoditised product into a non-commodity item. "AV has definitely changed over the last two years. It is still integral to a security system but alone it won't save an organisation from attack. Blended threats like Code Red and Nimda have primarily caused this change in mindset."
Tim Smith, national business manager of security at Dimension Data, says the integration of technologies has become one of the most contested areas in security at the moment. "What we're seeing is AV being a plug-in to a complete content management solution. Clearswift [formerly Mimesweeper] was one of the first to take this approach; they came out and said, we're not an AV company, so we'll provide an API and allow as many products as possible to integrate with our solution'," says Smith.
Arthur Argyropoulos, CEO of managed security provider Zento, says this blending of best-of-breed technologies is the only sensible approach. "It's dangerous to go to a vendor that professes to do it all. Typically what happens is that they do it all but none of it really well."
By and large, the channel is supportive of the security vendors' efforts at strategic alliance because it assists their own efforts to sell security as a complete package. "Our main thrust in the past 12 months has been to provide a total security solution to customers rather than a point solution," Smith says.
He is not afraid of vendors stealing the SI function of tying the systems together. "In a lot of respects [the integration efforts of vendors] have actually enhanced what we do. The vendors have confirmed that [the bits of software] will work together, they've taken some of the pain away, but things don't just magically plug in. There's still a certain amount of integration required."
What's more, it is still up to an experienced integrator to protect the interests of the customer; to decide, for example, whether it is better to run the security applications as separate entities, spreading the load, or all on the one box.
Still, with security all thrown into the mix together, the number of active vendors is causing confusion. Especially fuzzy, says Smith, is how one brand differentiates from another. Brand recognition is taking a bit of a beating as mindshare among customers is scattered and tugged in alternate directions. The market leaders have the most to lose from this exercise and are working overtime to maintain their position.
For channel players with multi-vendor environments, this competitive playground has spawned some effective bargaining tools. "The best way to manage a multi-vendor environment is to consider the customer's requirements as paramount," says Argyropoulos. "If a customer has a certain product installed we will usually put forward the pros of maintaining the status quo against any additional features that exist in a competing product. That way the vendors have to step up to the plate to meet their competitor's offer." Based on deals brokered under such circumstances, customers will often relinquish their original selection.
Cost is still at the forefront of purchasing decisions and in this respect sweeteners make the difference. With workers shuffling files back and forth from their home PCs, the fact that full-time employees are allowed to install the AV software on their home PCs, without having to purchase additional licences, is a plus. Symantec quietly phased this feature out at the end of last year, mostly because it was difficult to regulate and because the corporate product is not designed for the home user, according to Errera. On the surface, the cost may only be the difference between $65 and $40, but when multiplied by 100-500 employees this becomes a yearly expense of $2,500-$12,500.
Meanwhile, most will agree that AV providers are on a fairly even playing ground technically speaking. More often than not, any serious technical glitches arise via a network infrastructure problem rather than a stability issue with the software - like a Linux box hanging off the system that no-one ever knew about, for instance. "One product may be better at the gateway than the desktop but you can pretty much adjust AV suites to suit whatever environment the customer has," says Argyropoulos.
Smith on the other hand, says there are subtle differences when it comes to managing the signature updates from a central point, or how easy it is for the signatures to flow down to the server and the desktop. "It's not that one product is more technically advanced than the other, it's just easier to deploy," he says.
Still, Smith concedes that the really vital factors are not about the technical stability of the software, but about how quickly a vendor can put together a preventative patch after a virus has been spotted in the wild.
"I tend to scan every AV vendor's Web site for tips and warnings because some will catch things quicker than others, but the 24x7x365 support is a comfort," says one IT administrator, who has just moved over to the Sophos platform. He says the presence of a follow-the-sun base in Australia is even more encouraging.