WASHINGTON, D.C. -- It’s time organizations consider switching from best of breed to “best of need” products when it comes to security, as vendors realize their offerings are becoming commoditized and start pricing them accordingly.

Such was the assessment of Neil MacDonald, vice president and distinguished analyst with Gartner, who spoke at the opening panel of the Gartner’s IT Security Summit here Monday. The summit, which is becoming known as a platform for Gartner analysts to make bold proclamations about the security industry, attracted 2,000 IT professionals and over 100 exhibiting vendors.

“It’s time the security industry grew up and acted like the rest of the information technology industry,” MacDonald told the audience. For example, if he buys a laptop for $1,500 this year and does the same next year, he expects to get more for the same amount of money, thanks to Moore’s Law that says computing power doubles every 18 months even as costs decline. However, an antivirus vendor will sell the same product year over year, but expect customers to pay more. “The security industry shouldn’t be immune from Moore’s Law,” MacDonald says.

Often an emerging security threat, phishing for example, will grab headlines and create some panic, resulting in a new breed of offerings to protect companies. But that won’t necessarily be the case going forward, as vendors realize they can leverage much of their existing threat-protection technology to ward off new concerns. By 2010, Gartner predicts that only 10 % of emerging security threats will require deployment of tactical, best of breed offerings, down drastically from the 80% of threats that required such products in 2005, MacDonald says.

Vendors are starting to get the picture - for example, some of the big anti-virus companies such as Symantec and McAfee are adding anti-spyware to their anti-virus packages at no additional cost – and customers are benefiting.

“With anti-spyware, we were waiting for it from Symantec and deciding whether to go with a stand-alone product,” says Richard Childers, manager of IT program management with Canadian Blood Services, a non-profit blood management organization based in Ottawa with 5,000 employees. Childers chose to wait for Symantec, and he’s glad he did. “It simplifies management to have one console” for the anti-virus and anti-spyware products, he says. “When you get into best of breed, there’s the cost of manageability, it’s easier to consolidate.”