Consolidation is a given in the IT industry, in part because there’s so much money floating around for acquisitions, and in part because organizations often favour suppliers who sell complete solutions or solutions that cover the IP or network stack.

However, Richard Stiennon of argues in a recent blog that there’s an exception: security.

“Solutions are needed for data security, user identity and access management, end point security, server security, network security, and most recently, cloud and mobile device security,” he writes. “No matter how enthusiastic Wall Street may become there will never be a single vendor that dominates in the complete stack.”

He makes a convincing argument.

Any proposed product that binds any two of host, network, and application, will be a market failure, he reasons. His prime exhibits are Symantec and McAfee, who, despite many firewall acquisitions are both mainly known as end-point solution providers.

The reverse is true, Stiennon argues: Check Point Software, known for security gateways and network management, hasn’t made great strides in moving into endpoint security.

The security industry can’t consolidate because of the ever-shifting strategies of attackers, he argues. In short, he’s saying that for the foreseeable future security vendors on the network and the endpoint will be on the defensive. Merging isn’t going to help that. Specializing to focus on staying ahead of attackers will.