Nick Selby, research director for analyst firm The 451 Group, said the processing requirements of McAfee's and Symantec's products had become huge, and that considerable numbers of businesses had switched to second tier vendors.
Those second tier vendors - of which Selby named AVG, BitDefender, Kaspersky and Sophos - were becoming popular because of their lower processing requirements.
"We are seeing the rise of a second tier of architecture vendors which are giving a hard time to the Symantecs and McAfees," said Selby.
"Endpoint security is entering a new phase of craziness. People have been putting so many clients on endpoints, and 90% of the CPU has been going through signatures. Some of these smaller guys are taking up less processing power."
Selby illustrated his point with a reference to General Electric, which swapped out Symantec for Sophos on thousands of desktops.
"They said the service is better," said Selby, who was speaking at his company's Enterprise Computing Strategies Summit in London today. "It wasn't just about the cost per seat."
Selby also outlined the difficulties businesses face in identifying the perimeter to their network. "Every endpoint that could leave the building, and indeed every endpoint in the building, is a great threat."
He described the concept that everything within the enterprise is safe as "quaint" and said that theory would only hold in "the most staid or small enterprise."
Speaking at the same conference, the director for IT R&D at banking giant Credit Suisse warned enterprises to pay more attention to application vulnerabilities.
"Network-centric defences are last year's war," argued Chris Swan. "80% of vulnerabilities are in applications, not in infrastructure, but we're spending 80% of our money on what's happening in the network."
He added: "Most of it [application vulnerabilities] are [due to] naive errors, rather than malice."