Endpoint security: Is the future in software suites?

Symantec, McAfee others push suites over stand-alone products

Symantec, McAfee and Trend Micro remain market leaders in endpoint security in an era when the race is pointed toward security-software suites that combine antimalware, network access control and systems management functionality

Is corporate endpoint security turning into a "suite" spot?

The market's top two players, Symantec and McAfee, continue to win about 40% of the highly fragmented corporate endpoint security market, now at about $3 billion, while distant third Trend Micro at about 6% suddenly finds itself neck-and-neck with Sophos, the antimalware vendor that acquired endpoint encryption firm Utimaco late last year.  

But the race to win the corporate customer is shifting from stand-alone antivirus-style products to burgeoning software suites that combine antimalware, network access control, and now systems management.  (Read about NAC challenges facing security software suite vendors.)

Though dozens of competing vendors craft products for specific security and systems management functions — and many IT managers strongly argue they prefer it that way and fret about vendor lock-in — there's some cause to think the future may be dominated by endpoint suites.

"The trend for endpoint is primarily that it has been moving to suite solutions," says IDC security analyst Charles Kolodgy. "There's a move to incorporate much more than security into the endpoint suites — configuration control, patch management and other systems management capabilities."

IDC research for the corporate market shows stand-alone antimalware sales stalled in 2007, dropped to $1.14 billion last year and is expected to fall to $1.05 billion this year. But the category IDC calls "security suites" is quickly rising, from $637.7 million in 2007 to a predicted $1.21 billion this year.

While Symantec and McAfee already have their own systems management software — Symantec acquired Altiris and McAfee has McAfee Remediation Manager — to integrate into the endpoint agent, Trend Micro last month elected to team with a partner, somewhat as it has done with Third Brigade on host intrusion detection.

Trend Micro is joining forces with BigFix to come up with the Endpoint Security Platform — based on the BigFix management console that Trend Micro will offer under its own brand.

"BigFix has best-of-breed client patch management and security configuration; we have antivirus and Web protection," says Ron Clarkson, Trend Micro's director of enterprise endpoint security." The company views the alliance as strategically important to compete with McAfee and Symantec in the larger corporate market.

Trend Micro's Endpoint Security Platform is expected out later this quarter, along with a new version of its long-running OfficeScan that will be able to integrate systems management capabilities.

Symantec's souped-up suite in this race is Symantec Endpoint Protection, and McAfee's is Total Protection for Endpoint Advanced.

The appeal in the security suites is a single code base and smaller footprint than having five or six separate software agents, common management, plus somewhat lower cost, Kolodgy says.

According to McAfee CEO Dave DeWalt, the cost-saving is "at least 30%" in buying the integrated endpoint suite vs. McAfee's separate software products. DeWalt says a third of McAfee's installed base in the enterprise market has shifted to the Total Protection suite, with the various security and systems management functions supported by McAfee's ePolicy Orchestrator management console.

Suite nothings?

The fact that endpoint security vendors are packing ever-more functionality into endpoint agents does give some IT professionals pause.

The Sophos Endpoint Security and Control product, which packs in antimalware, desktop firewall, NAC and more, is fine, says Peter Clark, director of information security at Jordan's Furniture based in Avon, Mass., even as he acknowledges the furniture chain isn't using the NAC component yet.

But Clark, and Ethan Peterson, Jordan's network engineer, say they question whether it would be an advantage to also pack in systems management.

"When a vendor tries to do everything, it doesn't always work out," Peterson notes, adding, "In some cases stand-alone has better value for the product, and it's nice to have separation of security and systems management."

Care New England Health Systems, which includes three hospitals, makes use of Kaspersky's anti-malware/desktop firewall software on 4,000 workstations, mostly Windows XP, says Keith Lee, end-user services manager there. He says he's more inclined to look for "best of breed" versus combining many separate security and systems management into one single software agent.

Josh Corman, principal security strategist for the IBM Internet Security Systems division, says he's heard customers call the endpoint suites "suite nothings."

"With the big suites, some feel they're giving up choice and they're afraid of vendor lock-in," Corman says.

The push to pack more into the security endpoint is bringing in a wave of change in both the systems management market and the security market over the next years, according to IDC.

IDC predicts the worldwide corporate endpoint security market will hit $4.41 billion by 2012. The security suites are expected to comprise almost half of this market by then, eclipsing stand-alone antimalware and other categories such as endpoint threat management, which will be in sharp decline.

Learn more about this topic

Trend Micro, BigFix integrate antimalware, systems management wares

Symantec details grand product integration plan

Sophos concludes $314 million Utimaco buy

Trend Micro buys data-leak prevention firm Provilla

Clear Choice tests: Kase Kbox systems management

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in