While Symantec grapples with the death of endpoint security, IBM's broad security portfolio has propelled it to becoming the third-largest security software vendor by revenue.
Worldwide security revenues reached $19.9bn in 2013, marking a 4.9 percent increase on the $19bn the industry earned in 2012, according to new figures released by analyst firm Gartner.
Gartner notes growth in security software revenues was lower than expected in 2013, but while it's well off the seven percent increase in 2012, and still "healthy", according to Gartner research director Ruggero Contu.
According to Contu, last year's lower than expected growth was mostly due to changes in the consumer market and revenue declines for Symantec and Trend Micro.
"This slightly tempered growth was partly due to the increased commoditisation of the endpoint security (particularly consumer endpoint software) and secure email gateway (SEG) subsegments (particularly consumer endpoint software) that in 2013 accounted for around 25 percent of the total security software market," Contu said.
The top five security vendors by revenue in 2013 were Symantec, McAfee, IBM, Trend Micro, and EMC. With revenues last year of $3.7bn, Symantec accounts for 18.7 percent of worldwide revenues, followed by McAfee, which generated $1.75bn and holds an 8.7 percent share.
With revenues of $1.13bn, IBM replaced Trend Micro as the third largest vendor by revenue, which Gartner notes, is the first time in many years that a broad portfolio vendor has been a top three player. Trend Micro, now fourth, saw a 5.5 percent decline in revenues to $1.11bn.
The hit taken by security revenues on the desktop has come as consumers moved towards mobile computing platforms based on Android and iOS rather than Windows on the desktop. While traditional desktop endpoint security vendors have delivered similar products for Android and iOS, they haven’t been able to top newcomers like Lookout Security.
According to Contu, the other factor that's killing traditional security products is the "democratisation of security threats" and a new involvement of business — rather than purely technology or security professionals — in the procurement of security software.
"This ubiquity of security threats has led organisations to realise that traditional security approaches have gaps, thereby leading them to rethink and invest more in security technology," he said.
Over the past two years, "active defence" security firms that focus on dealing with so-called 'advanced persistent threats' have emerged as a popular alternative in the enterprise. Among the new class of contender are companies like FireEye, which acquired US security firm Mandiant for $1bn earlier this year.