Security software is mandatory for enterprises facing an Internet community of aggressive hackers and criminals. But enterprises shouldn\u2019t feel locked into deals with their security vendors, a Gartner analyst said.Under the right circumstances, switching vendors may make financial sense, said Peter Firstbrook, research director with Gartner. And with security vendors making a gross profit margin of 60 percent, enterprises may have more leverage when renegotiating deals, he said. "These guys [security vendors] are pretty fat and happy right now," said Firstbrook, who spoke at Gartner\u2019s IT Security Summit in London Tuesday. "They\u2019ve got a very healthy profit margin. Don\u2019t feel sad for your antivirus vendor or your antivirus sales rep."Oddly, the antivirus security software market is mature, but software costs aren\u2019t going down, Firstbrook said. The major security vendors aren\u2019t worried about losing clients because customers believe that changing products would be costly, he said.Before switching, IT managers should think about the complexity of rolling out new software. The companies best situated to make a change are those confident in their abilities to distribute software, test new products and educate users, Firstbrook said.When slugging it out in negotiations, enterprises can do several things to ensure they get the best deal. First, companies should get quotes from a number of vendors and not be afraid to play one vendor off against another, Firstbrook said.Perpetual licenses are good, but organizations should remember that they can negotiate a price only once. Enterprises should also aim for rich packages that include home user licenses and some support, Firstbrook said.Licenses for desktops and e-mail security services should be calculated on a per-seat basis, but server license costs should be based on number of CPUs, Firstbrook said. Companies should not increase their seat count merely to meet a vendor\u2019s price list.Gartner expects an increasing number of security functions to be incorporated into single software packages, Firstbrook said. "I think that over time, vulnerability assessment, patch management, software configuration management will all merge with our antivirus software so we have one view of the security status of a PC, and if it\u2019s broken we can update it," Firstbrook said.-Jeremy Kirk, IDG News Service (London Bureau)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.