That was the assessment offered today by Art Coviello, president of RSA Security Inc., at the company's annual security conference, which is being held in San Francisco this week. RSA is EMC Corp.'s security division.

Delivering a keynote address Tuesday morning, Coviello said the trend by vendors such as Microsoft Corp., Oracle Corp., Cisco Systems Inc. and EMC to integrate security functions into their core technologies is diminishing the need for add-on products from pure-play security vendors. RSA itself was one such stand-alone vendor until it was acquired by EMC last year.

"Our industry is ripe for a transformation" Coveillo said. "The transformation I am talking about will bring an end to the stand-alone security industry within two to three years." With the exception of two or three vendors, the value of stand-alone security vendor is "over," he added.

Factors driving the trend include the continually changing nature of threats and regulations that require companies to demonstrate better controls and hold them accountable for data losses, he said. "The reality is that we have not implemented information security at all," Coviello said. "We focused on the perimeter around the information but rarely protected the information itself."

In the near future, companies will need to implement more "information-centric" security models focused on mitigating business risk and financial losses rather than on "perfect security," he said.