This is a question that has long been asked by IT professionals and in the following paragraphs I have tried to summarise the pros and cons to each option.
Reasons and benefits for two layered AV defence (i.e. separate web/email gateways to that on the endpoint)
Content delivered by gateways (such as email/web) is first checked by a totally separate AV provider, delivering true two layered defence against malware and ensures content that reaches end user machines via these gateways has been analysed for malware twice. In short malware that is missed by one vendor should be picked up by the other.
Dis-advantages to separate solutions
Complexity. Typically it is easier to manage solutions from the same security provider (vendor), than trying to manage two or more separate security products delivered by different companies. Complexity and security don’t go well together. The more complex a computer network becomes, the more difficult it is to secure in the first place and the more chance there is of having a security misconfiguration, which may nullify any advantage of having two AV providers in the first place.
Advantages of a single security supplier
Most security vendors provide significant discounts for purchasing more than one product from them, taking multiple security products from the same vendor normally results in less overall cost and in some cases significantly less.
It may be possible to introduce appropriate content rules that block the majority of content that might contain malware anyway (i.e. exe, pif etc.), thus mitigating the risk of using one AV vendor significantly.
Most edge/gateway solutions don’t just rely on Antivirus, many utilise blacklists, URL data, reputation scoring amongst other technologies designed to stop undesirable content reaching the desktop regardless of the AV utilised.
In most cases one vendor means gateway and endpoint solutions that have a similar user interface and are usually easier to operate, mitigating the risk of security misconfiguration due to complexity.
Summary
Security is always a balancing act between absolute protection versus cost, complexity and management. Its Foursys opinion that if your organisation has the resource and budget to cope with multiple AV vendor products at the gateway and endpoint then it is absolutely the case that two AV providers do provide better security than one.
However in today’s world of limited budgets and staffing resource, implementing solutions from the same vendor could actually be more secure in some cases. This is particularly relevant if it reduces overall complexity, thus minimizing the chance of configuration mistakes having taken place. Not to mention that budget saved by using the same vendor in this scenario could result in additional money being available to spend in other areas of IT security (such as Encryption or Intrusion Prevention technologies).
