- David Sprott (CBDI Forum) discusses whether the industry is now "Crossing the Chasm".
- Phil Wainewright (Loosely Coupled) thinks we are now entering the "Acceleration" phase. (He tells us we're still some way short of the "EndGame" phase, and then provides evidence that this phase has already started!)
This merger can also be understood from a technological perspective, as an statement about the viability of stand-alone security products. The technological logic of the merger is to integrate security products into management platforms. The same logic can be seen in CA's acquisition of Netegrity. It is also implicit in IBM's Tivoli brand, which covers a collection of security and management products.
This reflects a growing recognition of the complexity and dynamic nature of security requirements. While many stand-alone security products do an excellent job at guarding against a specific class of threat, what is needed is an agile security architecture capable of rapidly mobilizing a range of effective responses to newly emerging threats.
Let's return to the economic perspective. Security attacks are designed to achieve the maximum penetration for the minimum effort. Many attackers are motivated not by technical ego but by results (criminal or political). If a given style of attack ceases to be effective, we can expect a new style of attack to appear. If the attackers are more agile than the defenders, then this gives them a natural advantage. Against an agile attacker, it is not wise to invest all your resources in fixed defences.