The Right Stock At The Right Time®  Launch Smart Chart
Updated For:
Daily Market Comment 
Dr. ME Talks Stocks 
Market Letter
On The Edge
The Outlook
Email Alert

News & Analysis
Stocks & Funds
Options & Futures
Personal Finance

By Providers
S&P Capital IQ


12/22/16 05:00:35 PM


The number of Distributed Denial of Services (DDoS) attacks is increasing at an alarming rate and the Internet of Things (IoT) is increasingly becoming a powerful tool for online attackers, facilitated by the neglect for information security both on the part of vendors and users. According to Arbor Networks (the security division of NetScout), during the past 18 month, there were 124,000 events a week on average globally. The U.K., France and the U.S. are the most popular targets. During the first half of 2016, the average DDoS attack size hit 986 Mbps (megabits per second), a 30% increase in attack size over 2015. According to Arbor, a 1024 Mbps attack can knock most organizations offline.

A Denial-of-Service (DoS) attack is designed to shut down or disrupt a single machine or network, making it inaccessible to its intended users or in some cases as a smokescreen to divert attention while a more sinister plot is carried out. This is accomplished by flooding the target with traffic, or sending it information that triggers a crash. A Distributed Denial-of-Service attack occurs when multiple systems orchestrate a synchronized DoS attack on a single target. DDoS attackers utilize "botnets" to flood target networks with data. A botnet is an interconnected network of computers (or other networked devices) infected with malware without the user's knowledge which can be controlled by someone else.

According to Cisco Systems, there will be 26.3 billion networked devices by 2020, up from 16.3 billion in 2015. This rapid growth in connected devices has been driven by the rise of IoT. These devices have become attractive targets for hackers, who have developed sophisticated tools to take control of printers, webcams, baby monitors, routers and everything in between. One such tool, known as Mirai, is an open-source (i.e. anyone can download and use it) piece of malware that hunts down IoT devices (especially networked cameras, routers and DVRs) and conscripts them into a botnet. Mirai takes advantage of default logins and passwords on these devices to gain access. Even if the malware is removed from these devices, if the underlying security vulnerability still exists, once connected to the internet again Mirai will hunt the device down and re-infect it in as little as ten minutes. Mirai-based botnets have been linked to a string of high-profile DDoS attacks, including the October 21, 2016 attack on Dyn, which disrupted internet service to large swathes of users in Europe and North America.

According to IDC, between 2016 and 2020, the worldwide DDoS prevention products and services market will grow at a compound annual rate of 11.1%, from $635 million to $1.07 billion. This growth is driven not only by the large, complex attacks, but also by the rising number of small attacks. Hackers have begun renting out their botnets (for as little as $25 per hour) to anyone willing to pay. According to a NeuStar survey, 73% of organizations had suffered a DDoS attack in the past 12 months, while 61% had been attacked multiple times. 49% of surveyed organizations said they would lose $100,000 or more per hour of downtime during peak attack periods and 76% said they are investing more in DDoS protection than they were a year ago. Many companies offer cloud-based and on premise protection options. With cloud-based protection, incoming traffic is scrubbed by data centers run by the security company to filter out attacker traffic. Cloud-based protection is priced based on the volume of data being filtered, meaning companies will benefit from the increasing average size of DDoS attacks. The four companies above stand to benefit from these trends as they offer equipment and services to combat DDoS and other forms of cyber-attacks.

Cisco Systems, Inc. (CSCO 30 ***) designs, manufactures, and sells Internet Protocol (IP) based networking and other products related to the communications and information technology industry worldwide. Cisco offers a variety of solutions designed to protect end-users from DDoS attacks. With roughly 49% of the router market, Cisco has incorporated DDoS protection into products like the ASR9000 router with vDDoS Protection. This is able to stop attacks at the edge of the network by filtering out attacker traffic, while still allowing legitimate traffic to pass through.

NetScout Systems, Inc (NTCT 32 ***) provides real-time operational intelligence and performance analytics for service assurance, and cyber security solutions in the United States, Europe, Asia, and internationally. Through its Arbor Networks division, it provides security solutions that enable service providers and enterprises to protect their networks against DDoS attacks. We think NetScout offers the most comprehensive suite of DDoS prevention products on the market; in fact both Cisco and NeuStar have incorporated NetScout solutions into the hardware they sell to protect against DDoS threats.

NeuStar, Inc. (NSR 33 ***) offers security services, such as domain name systems solutions to protect client's Internet ecosystem and defend standard transmission control protocol based applications, including Websites, email servers, application programming interfaces, and databases; cloud-based DDoS protection services that help its clients reduce risk, downtime, and revenue loss from cyber-attacks. NeuStar offers both on premise (utilizing NetScout hardware) and cloud-based DDoS protection to customers. Security Services accounted for 16% of total sales in Q3 2016. We expect the company to benefit from increased spending on DDoS protection as well as the increasing size of the average DDoS attack, which NetScout projects will continue to grow in a linear fashion at double digit rates.

Palo Alto Networks, Inc. (PANW 125 ***) provides security platform solutions to enterprises, service providers, and government entities worldwide. Palo Alto provides some DDoS attack prevention through its next-generation firewall application by enabling users to monitor network traffic. Palo Alto's stock has suffered recently as revenue growth missed expectations last quarter. In our opinion, Palo Alto's DDoS protection lags behind some of its competitors like NetScout, but we see the company benefitting from the rise in data breaches and viruses associated with DDoS attacks. According to a NeuStar survey, 53% of organizations that experienced a DDoS attack experienced a data breach as a result, with 46% finding viruses on their networks. Palo Alto's products do an excellent job of locating and removing threats from networks, in our opinion.

Risks to our analysis and outlook include improved security by IoT device manufacturers, more advanced and effective DDoS defense tools, and fewer end-users with default logins and passwords.


Past performance is not a guarantee of future results. The data contained in Market Edge is obtained from sources considered by Computrade Systems, Inc. to be reliable but the accuracy and completeness thereof are not guaranteed. Computrade Systems, Inc. does not and will not warrant the performance and results that may be obtained while using the Market Edge research service.
The Market Edge research service & Second Opinion are neither offers to sell nor solicitations of offers to buy any security.
Company profile, estimates and financials provided by S&P Capital IQ
See User Agreement for other disclaimers.
Market Edge and Second Opinion are registered trademarks of Computrade Systems, Inc.
© 2016 Computrade Systems, Inc.
© 2016 The McGraw-Hill Companies, Inc. S&P Capital IQ is a division of The McGraw-Hill Companies, Inc. See full Copyright for details.