Bargain hunting was all the talk of the 451 Group event this week in Boston, where one security pro quipped that vendors should be paying customers to install their software and where anyone remotely smelling of money became suddenly quite popular with other attendees looking to sell things.

"There's a sale on right now, I don't know if anybody's noticed?" said Nick Selby, the chief security guru for 451 Group, which in keeping with the money talk theme dished out phony $1 million bills to attendees as incentive for them to evaluate speakers. "I've never seen such a fantastic opportunity to pick up stuff," he added later, referring to security start-ups whose rock bottom valuations make them relative steals.

Network access control and anti-data leakage are among market segments in which companies and technology assets are already flying off shelves. Selby said the market for standalone companies in those security areas will be kaput by the end of next year, with companies either falling by the wayside or merging/being acquired by others. With respect to NAC, Selby said the technology is getting sucked into identity and access management and NAC vendors are looking to get bought by vendors in the IAM market. (Compare NAC products.)

Such consolidation has happened big time on the anti-data leakage front, where Selby said the number of vendors has been slashed from about 40 to a dozen in the past year as antimalware companies gobble them up. (Catch up on this year's biggest tech M&A deals.)

Bargains are of course also to be had for customers in light of the down economy, Selby said. He asked panelist Grady Summers, chief information security officer at General Electric, about this, and Summers replied – tongue in cheek, we think – that anti-malware vendors should be paying customers to put their agents onto their machines given the prime real estate this represents.

Summers also urged customers during negotiations to make sure they aren't just dealing with the No. 1 company in any market segment (Selby earlier in the session made mention of GE booting Symantec in favor of Sophos on the desktop). Summers further called on vendors to listen to his needs instead of hyping him to death: If a vendor could solve his particular data leakage need, for example, he said he'd buy the product tomorrow.