Security Experts:

IPv6 is Here; How Can We Ensure this Step Forward Meets Expectations?

When Upgrading to an IPv6-enabled Version of a Security Solution, Be Sure It Can Deliver the Same Effectiveness and Performance as IPv4 Versions. 

After years of discussion and planning, the transition to IPv6 is finally here, marked by World IPv6 Launch Day on June 6, 2012. Organized by the Internet Society, the day was designed to catalyze equipment and service providers around the world to permanently enable IPv6 for their offerings. While the rollout has only just begun, experts predict that within the next year 10-15% of data will be delivered using IPv6.

IPv6 Security SolutionsThe federal government has set milestones as well. By September 30, 2012 agencies are required to support IPv6 on their public-facing Web services and two years later on their internal, operational networks. Major government organizations that have come on line prior to the deadline include the Department of Veterans Affairs, the Environmental Protection Agency, the Defense Research and Engineering Network, Defense High Performance Computing, and the Space and Naval Warfare Systems Command.

To help facilitate the transition, U.S. federal government IPv6 (USGv6) test requirements are in place to help technology vendors demonstrate support for the government’s IPv6 networks and interoperability among all IT and networking components used to build, maintain and secure the IT infrastructure of federal agencies. A certification program is also available so that vendors can be added to the U.S. Department of Defense (DoD) Unified Capability Approved Products List (UC APL) for IPv6.

No one questions the need for the transition as IPv4 addresses are depleted. IPv6 provides more than 340 trillion, trillion, trillion addresses and will carry our global economy and critical infrastructure into the future—connecting billions of people and a wide range of next-generation smart devices, from thermostats that enable remote management to mobile communications devices that support emergency response with integrated real-time video, voice and data.

Yet as we transition to IPv6, whether you’re a business or government agency, you must take a critical look at the technologies you’re relying on to enable these advances and ensure IPv6 “certified” solutions can deliver the same level of effectiveness and performance as their previous IPv4 versions. In order for these updated technologies to meet expectations, consistency is critical.

Consistency is particularly important when it comes to technologies to help secure your IPv6 infrastructure. While you may be taking a step forward by upgrading to the IPv6-enabled version of a security solution, you can’t afford to take a step backwards in effectiveness or performance.

When it comes to security effectiveness look for solutions that:

• Demonstrate comparable effectiveness in identifying and blocking threats targeting IPv6 environments as those targeting IPv4 environments

• Enforce security policies around application and access control consistently across IPv4 and v6 traffic

• Recognize and protect a variety of tunneling mechanisms that enable IPv6 hosts and routers to communicate over IPv4 networks during this transition period when both protocols must be supported

As for performance, understand if the solution:

• Handles IPv6 traffic in the same manner as it handles IPv4 traffic; for example, accelerating IPv4 traffic but failing to apply similar acceleration technologies to v6 traffic can result in severe performance degradation

• Has demonstrated interoperability with existing IT security infrastructure according to US federal government test requirements and certifications

• Is designed to adapt to the incredibly large number of IPv6 addresses available to search for vulnerabilities and not become bogged down by the volume of data

IPv6 promises a world full of new devices, new networks and new security challenges. As infrastructure continues to grow and the pace and complexity of the threat environment accelerates, consistent security effectiveness and performance is critical. Organizations need to ensure that the IT security solutions they’ve trusted in an IPv4 world will continue to meet their expectations as they embrace IPv6 and the future it can enable.

Related ReadingIPv6 Security Challenges to Consider as 'World IPv6 Launch' Approaches

Related Reading: Is IPv6 Part of Your Risk Management Framework?

Related Reading: Why Everyone Needs to Care About IPv6

view counter
Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.