- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
Enterprises continue to pay too much for security software -- while the software vendors aren't doing enough research to keep up with fast-changing threats on the Internet, a Gartner analyst said Monday.
Security vendors are maintaining high profit margins on firewalls and antivirus software, products which are commodities these days, said Neil MacDonald, a research vice president at Gartner, during a presentation at the company's IT Security Summit in London.
Buyers should take advantage of the competitive environment in the antivirus software industry to negotiate better prices for such products, he said. (Compare antivirus products)
"I know it's hard to switch but you have to seriously enter the negotiations," he said. "Let the vendors know that you are not afraid to switch."
Security vendors have maintained a pricing scheme that contradicts the rest of the IT industry, MacDonald said. Typically with software or hardware, prices go down year after year with the introduction of new and better products. In some cases, however, security software often loses its effectiveness as new threats emerge, while prices stay high.
"Why in antivirus year after year do we pay more for something that gives us less?" MacDonald asked. "It's insanity. Why is information security immune from the trends of the IT industry?"
For the last 18 months, MacDonald has been researching adaptive security, a concept that envisions having different security products communicate with one another and evaluate threats in a more contextual way. MacDonald argued that security products should work together like the human body's immune system, where different defensive mechanisms work in concert with each other.
These days, a security product is often designed to address a single security aspect, such as fortifying Web applications, protecting endpoint devices or preventing network intrusions. Vendors have taken advantage of how organizations deal with a security problem by offering single products, a model that makes security overly complex, MacDonald said.
Vendors need to create security technology that is less rigid and can change when businesses modify their processes. Ideally, those products would able to apply certain security policies in certain situations, a concept MacDonald labeled as adaptive.
"Vendors are holding us back from enabling this vision," MacDonald said. "The vendors are delivering us too many unconnected point products with too much complexity."
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (7)
So my question is???By Anonymous on October 1, 2008, 5:03 amWhy does Microsoft have billions of dollars for R&D to first put Netscape and now VMware out of business. But, can't deliver a secure OS to their paying customers....
Reply | Read entire comment
Enterprises overpay for anti-virus softwareBy Anonymous on September 30, 2008, 4:27 pmThey should seriously consider getting a WatchGuard Firebox to put at the gateway. They can limit the kind of traffic allowed using application layer 7 filtering...
Reply | Read entire comment
Security Companies are Evolving Beyond Point ProductsBy ckensek on September 30, 2008, 4:03 pm The title of this article is somewhat inaccurate. Security companies stop a lot more than viruses. Viruses are just a small subset of threats companies have...
Reply | Read entire comment
Absolutely the value or crown jewels of products like that are tBy david.oberry on September 30, 2008, 1:19 pmAbsolutely the value or crown jewels of products like that is the back-end research that goes on to make them effective. The real problem is that very few of these...
Reply | Read entire comment
perhaps a misunderstandingBy Anonymous on September 30, 2008, 12:51 pmIn my observation anti-malware software has an added paradigm that other COTS-type products do not, that is, a service element which requires additional labor above...
Reply | Read entire comment
View all comments