Not necessarily. There are multiplatform packages, some open-source, that address this. So all your machines, Mac, Windows, Linux can all run the same AV, antiintrusion and VPN protocols.
Not so huge an issue any more. Well, unless you want to go with bloatware from, say, McAfee or Symantec.
Being able to use the protocol is one then. Configuration management and enforcement is something else altogether. Ever try to apply Windows domain group policy to a Mac? What kind of tools are there for the centralized management of that kind of hetrogenous OS environment that will scale to several thousand workstations?