Gartner Blog Network

What I Want for Wednesday: Security Vendors Who Dont Need Plenty

by John Pescatore  |  October 1, 2008  |  5 Comments

Maybe in times of plenty “defense in depth” can mean “keep spending on all those other security things and spend on me, too” but we ain’t in times of plenty – it appears that for quite some time we will actually be in the “times of not plenty.” Security in depth needs to mean “replace your old way of doing it with a better way.”

I first heard the best way of saying this from Bryan Palma, who was then the CISO of Pepsi: “I want security vendors to tell me how to spend my first security dollar, not my next security dollar.

Next Generation Firewalls, security switches, and end-point protection platforms are good examples of better security replacing older more expensive approaches.  Barring the return of plenty, the winners over the next few years will follow that pattern.

What do you want? Either from vendors, or from businesses if you are a vendor – or stuff you’d like to see in the blog.  Let me know

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Thoughts on What I Want for Wednesday: Security Vendors Who Dont Need Plenty

  1. Stiennon says:

    What if you could replace the products of 5 or 6 vendors with a single hardware accelerated platform? Wouldn’t that fit the bill? Get the same security (arguably better because easier to manage) for less money.

    I won’t push my favorite technology here even though I have no stake in it but you know what I am talking about.

    Or is “best of breed” at any cost still the mantra?


  2. Next generation firewalls and end point protection platforms are examples of replacing several products with one product, where that one product does *just as good a job* as the separate products. Best of breed isn’t the mantra, but neither is “go with one vendor even if security goes down.

    Hardware acceleration may or may not be required – depends on throughput needs.

  3. Hi, John!

    Well, I completely agree with your point but one thing is very important. Innovations. Lets say a small company have some really innovative product. This innovation improves the older products problems, but not a standalone (usually, small companies can’t make all-the-covering products). So, there will be a time gap when people will have to use more products and spend more money to get more defense until the moment ‘fat cats’ will get it up and integrate into their end-pint platforms. What do you think?

  4. Yes, I agree that there will always be new threats and then new innovative approaches that result in “add me” products. But Internet security is actually a pretty mature space, despite how we like to treat it. I think we are sort of at the point where we were when PCs began to replace and not just augment departmental computing. its feeling like it is time for that type of thing to start happening in security – Microsoft was an eensy beensy company going up against a lot of fat cats. I think that the next few years will be a great time for that to happen in security. It will just take the right combination of innovation, funding and chutzpah…

  5. Yes, I also believe that the next few years will bring up a few new innovations into the Internet/PC security zone. At least, I work hard (as many of the innovators all around the world ) to make it happens.. But , among the “innovation,funding and chutzpah” list you’ve completely missed the “luck”! :))

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.