Five security vendors--Cisco Systems, Check Point, IBM, McAfee, and Symantec--have spent more than $3.7 billion over the past two years acquiring companies and products to support their vision of holistic threat management. This frenzy stems from the spurious notion that your entire infrastructure, your applications, your policies, your processes, and your people can mesh into a unified threat management framework that will ward off intruders, malicious insiders, petulant auditors, and ignorant users.
It's a compelling vision and an ideal goal. It's also impossible.
Threats change, new compliance initiatives emerge, companies launch new businesses that entail new risks, and startups create innovative alternative products. As vendors spend billions of dollars to snap up new capabilities and stitch them together, the market continues to fragment.
Consider Symantec's Endpoint Protection Software, launched with great fanfare in September. Version 11, a complete overhaul of the vendor's host security software, tightly integrates a set of disparate functions--including malware blocking, a personal firewall, host intrusion prevention, application control, and device control--into a single agent.