The Internet of Things (IoT), which consists of wearables, smart appliances, connected cars, and other gadgets, is widely hyped as the "next big thing" in technology. Networking giant Cisco (NASDAQ:CSCO) estimates that the number of connected devices worldwide will double from 25 billion in 2015 to 50 billion in 2020.
However, the IoT's rapid growth was also recently implicated in a series of DDoS (distributed denial of service) attacks which affected over 80 popular websites worldwide. DDoS attacks occur when hackers use botnets (a network of compromised computers) to flood sites with so much traffic that they crash. Dyn DNS, the internet traffic management company which was hit by the attacks, believes that poorly secured smart devices like webcams, surveillance cameras, and thermostats were all hijacked to carry out the attacks.
In the past, it was mostly PCs that were turned into "bots" for DDoS attacks. But since most IoT devices don't run traditional security software, they can be more easily hacked and converted into bots. That glaring weakness should boost demand for dedicated IoT security solutions, which could be a boon for companies like Cisco (NASDAQ:CSCO) and Symantec (NASDAQ:NLOK) in the near future.
How Cisco protects the IoT
As one of the world's top networking equipment companies, Cisco is already well-poised to profit from a more connected world. But its security business also plays a key role in thwarting attacks against its customers. These solutions include cloud-based threat analysis, advanced malware protection, network and perimeter security solutions, physical safety and security solutions, and IP-based dispatch and incident response systems.
Cisco's security portfolio was mainly built through acquisitions. Buying SourceFire and ThreatGRID a few years ago formed the foundations of its next-gen firewall and threat prevention business. Additional purchases like OpenDNS, Portcullis, Lancope, and CloudLock further strengthened that business, which accounted for 4% of Cisco's top line last year. That percentage might seem small, but the unit's 13% sales growth outpaced the growth at all of Cisco's other main business segments.
Back in March, Cisco acquired Jasper, a cloud-based IoT platform, for $1.4 billion. By merging its networking, security, and IoT portfolios together, Cisco offers compelling product bundles which tackle both traditional cyberattacks and newer IoT-based ones. Its massive free cash flow ($12.4 billion over the past 12 months) also ensures that it can keep gobbling up smaller security and IoT firms to become a main security player for a hyper-connected world.
How Symantec protects the IoT
Symantec, best known as the creator of Norton Antivirus, sells security products for PCs, data centers, and emails. Through its $4.65 billion acquisition of Blue Coat earlier this year, Symantec also gained security solutions for networks and cloud services. Symantec claims that bundling these services in end-to-end packages will enable it to protect a wide range of platforms which would normally require "eight to ten" different security vendors.
Symantec is addressing the growing IoT security issues in two main ways. First, it's helping IoT device makers build more secure IoT devices. Symantec advises these companies on implementing device authentication through SSL (secure sockets layer), digital code signing, endpoint protection, over-the-air updates, and built-in analytics. Second, it uses eight new "Roots of Trust" optimized for IoT devices. These "roots", like SSL authorization, authenticate devices and let them communicate with other trusted devices. By blocking access from unsecured devices, Symantec can prevent them from being hacked and converted into bots.
Like Cisco, Symantec will likely keep growing its portfolio through acquisitions. Both Cisco and Symantec have been named as potential suitors for threat detection firm FireEye (NASDAQ:MNDT). FireEye notably has a partnership with ForeScout, which detects unknown objects on networks to counter IoT-based attacks.
90% of IT networks could be at risk
Back in 2014, IDC predicted that a whopping 90% of all IT networks will have experienced an IoT-based security breach by Dec. 2016. The Mirai botnet which wreaked havoc across the IoT in late October indicates that estimate could be conservative, and that demand for more robust solutions from companies like Cisco and Symantec will keep growing.