When I was still at Gartner I wrote a blog post entitled “One agent to rule them all and through a console bind them” (here) in which I discussed the evolution of desktop management technologies and the convergence of security and operational agents resulting in an epic battle between good and evil or more accurately a bunch of security and operations vendors spending a lot on marketing and R&D. Near the end of 2006 and shortly after announcing that I was leaving Gartner as a security analyst I made a bold prediction that stand-alone AV would be dead, D-E-A-D, by the end of 2007 (here). Well my prediction has come true as Gartner has officially declared a new category “Endpoint Protection Platform” in the latest Information Security Hype Cycle for 2007, this followed an earlier announcement that the Personal Firewall Magic Quadrant and the Anti Virus Magic Quadrant would be collapsed into a single Endpoint Securty Magic Quadrant. According to the 2007 Information Security Hype Cycle Gartner defines EPP as “the convergence of desktop security functionality into a single product that delivers antivirus, antispyware, personal firewall and other styles of host intrusion prevention (for example, behavioral blocking) capabilities into a single and cohesive policy-managed solution.” To be clear and also to ensure that Kurt Wismer doesn’t freak out and write horrible things about me let me repeat exactly what I said at the end of 2006 – so don’t be ranting Mr. AV
AV becomes part of a converged security client, offering multiple capabilities including anti-spyware, personal firewall, and intrusion prevention as the foundation, which I have talked about (here). Of course this has already begun and the AV guys are shoving more and more technologies onto the desktop, including data leak prevention, end-point policy enforcement, patch and configuration management. They bundle it under some uber-agent, while the individual executables are fighting to claim your system resources. They offer some half-baked management console, slap a new coat of paint on some recent acquisitions, and complain anytime Microsoft attempts to improve their security if it in anyway affects their sacred AV cash cow.
Enterprises will still need to invest and deploy AV, but more out of a sense of fear than because they believe it is offering value. Organizations with mature IS departments, ones that are type A in their technology acquisition and process development, have already realized that AV is dead and are looking to strategically address client security in a new world. It includes a signature component, like AV, but it certainly will not be the cornerstone of end-point security for very much longer.
So what should organizations do today:
1. Spend less, demand more. Consolidate infrastructure management and spending for multiple point solutions into a converged platform. Do not pay the same price for AV this year that you paid last year, ask for more security and operations function, but do not pay more. Demand more cow-bell! (here) – driven by IT demands to reduce costs, improve operational efficiency and operationalize security, centralized management and administration become one of the key evaluation criteria.
2. Rip out your incumbent if they aren’t providing value, do not be afraid to tell McAfee and Symantec to take a walk if they are unable to deliver an endpoint protection platform with enterprise scalable central management, rumor has it that Symantec may actually deliver something at the end of 2007, but who knows. I did a study at Gartner and the costs of switching out an incumbent AV vendor is far less than people realize. I know my current company (here) can do it for your entire enterprise in about 5 minutes.
3. Security and operations are converging at the desktop and servers, look for operations vendors to provide more security functions. They have stronger systems management, centralized administration and scalability than the traditional security vendors, unless they acquired an operations vendor, in which case you will have to wait for the integration dust to settle.
This is technology evolution, this is innovation, this is the market driving change in how vendors address endpoint security, this is how it is all supposed to work right? Well we still have a long way to go as the Hoff points out in his post on Endpoint Security Software Sprawl (here) but this is a positive step forward in addressing an ever increasing flood of disparate agent technologies.
Disclaimer: I am the CTO of BigFix (here), an enterprise software vendor that happens to offer an endpoint protection platform, among other solutions. BigFix essentially provides an extremely enterprise scalable, single server, single agent solution for real-time visibility and control across operational, security and compliance domains allowing organizations to eliminate multiple disparate agents into a single policy driven platform. This doesn’t make my predictions or this post wrong, no, in fact I think it shows my ability to analyze market requirements and align myself with an organization that clearly shares my strategic vision (my Mom isn’t the only person who says nice things about me, sometimes I say nice things about myself)