"The pursuit of 'perfect security' is a waste of time and resources," Coviello contended. "I am not advocating products with holes. What I am saying is that the digital world brings with it inherent risks. We need security that aligns with the value of the information we need to protect."

Such a transformation won't happen if we continue using security products that are bolted on top of the infrastructure, he said. Instead, "integrating security into products and making them more secure is becoming the norm for IT infrastructure vendors," Coviello said. "The pace is only going to accelerate" in the next few years.

Coviello's comments came even as the number of stand-alone security vendors exhibiting products at the RSA conference crossed the 300 mark this year -- 100 more than in 2006. A "vast majority" of the companies, however, are "information infrastructure companies" -- not pure play security vendors, Coviello said.

"You will see fewer and fewer stand-alone vendors," in the future, he said. "If I am proven wrong in the timing, I will not be proven wrong in the need for security to be woven into the fabric of the network," he said.

Scott Crawford, an analyst at Boulder, Colo.-based Enterprise Management Associates, said it remains to be seen how extensive any industry consolidation could be over the next few years. But it does seem unlikely that the security industry will see many large pure-play security vendors in the future.