SMBs should beef up security to handle the influx of IoT devices as IP addresses proliferate.

February 21, 2019

5 Min Read
IPV6
Shutterstock

By Kiran Kumar

Kumar-Kiran_Webroot-150x150.jpg

Kiran Kumar

Our current internet infrastructure is changing to accommodate the growth of internet-connected devices and networks, but most solutions providers aren’t adapting accordingly.

The problem stems from the dramatic increase in internet-connected devices in recent years. The number of internet of things devices connected to the internet reached 8.4 billion in 2017, surpassing the world population for the first time — and also surpassing the available supply of URLs based on the current Internet Protocol standard, IPv4.

To keep up with growing demand, internet service providers have been rolling out the latest Internet Protocol version (IPv6), which promises an exponentially larger infrastructure for internet connectivity. As opposed to IPv4’s 32-bit format (which can support about 4.3 billion URLs), IPv6’s 128-bit format can accommodate an astronomical 340,282,366,920,938,463,463,374,607,431,768,211,456 URLs.

Needless to say, IPv6 will support the internet infrastructure for the foreseeable future, and MSPs can fulfill functions from system integrator to security adviser to help organizations deal with the hugely expanded number of IP addresses for all the internet-connecting “things.” The problem is, IPv6 is already upon us, yet most organizations aren’t ready for it.

IPv6 Use Is Skyrocketing

IPv6 adoption has been surging. According to Google, more than 25 percent of worldwide users are accessing its platform over IPv6 — as opposed to just 3 to 4 percent last year — and in the U.S., that number is now more than 35 percent. According to Internet Society, a nonprofit organization focused on promoting internet standards and open internet access, IPv6 deployment is over 50 percent for every major U.S. mobile network (with Verizon Wireless at 84 percent, Sprint at 70 percent, T-Mobile USA at 93 percent and AT&T Wireless at 57 percent). The Internet Society also found that more than 25 percent of all internet-connected networks now advertise IPv6 connectivity.

Naturally, as internet traffic migrates over to IPv6, cybercriminals are migrating, too. As IPv6 adoption continues to grow, cybercriminals will deploy attacks like phishing and spam over IPv6 at significantly higher rates — meaning organizations that don’t accommodate the shift by leveraging solutions that can support both IPv4 and IPv6 will become increasingly vulnerable.

Why DNS Protection Is Key

Organizations need protection for IPv6 traffic. That’s where network security, and specifically domain name system (DNS) protection, come into play. DNS cloud security can deliver security at the DNS layer — the gateway to the internet, so you can defend against phishing, malware and ransomware a step earlier in your security stack.

DNS protection is essential to ensure adequate security, but for many SMBs, it’s the one extra item they just don’t find time to get to. That’s where MSPs can really shine, providing an essential layer of security with ease. However, most DNS protection solutions aren’t IPv6-enabled — so instead of filtering IPv6 traffic, they recommend that users turn off IPv6. This forces users to choose between avoiding all IPv6 sites or leaving themselves exposed to threats. With the growth of IPv6, this can’t go on much longer.

The Mobile Workforce Use Case

MSPs need to equip their partners with IPv6-enabled DNS protection solutions so employees can confidently connect to the internet no matter where they are located or what device they are working on. We found that organizations which apply defenses at the domain layer across both IPv4 and IPv6 can reduce the risk of online threats by up to 88 percent.

IDC predicts that mobile workers will account for nearly 72.3 percent — that’s nearly three-quarters of U.S. workforce — by 2020. It’s important that MSPs start thinking about and offering IPv6-enabled DNS protection solutions today, to protect the workforce of tomorrow. There are several solutions currently available that only provide IPv6 filtering on corporate networks. These options lack the ability to protect …

… the mobile or roaming workforce that connect to the internet at coffee shops, hotels, airports and other public locations.

For any MSPs looking to add a DNS protection offering, ask these questions:

  • How does your solution handle multitenant needs?

  • What is the coverage or process for IPv6?

  • What is the distribution of your workforce – remote or corporate? This can highlight the benefit of cloud-based coverage across all users.

  • Web filtering is a key layer for protection. How do you defend your network and your users against internet-based attacks?

One final bit of advice, because IPv6 is uncharted territory for many organizations: MSPs should not only provide them with easy-to-deploy IPv6-enabled solutions, but also IPv6 consultation services to ensure a successful transition. Organizations will need to have equal protection for IPv4 and IPv6 to prevent attacks from defaulting from one protocol to the other.

According to a recent study by nonprofit IT organization CompTIA, 23 percent of organizations have upgraded their networks to IPv6, yet only 3 percent used a consultant to help with the IPv6 transition. IPv6 preparation can be complicated as it requires a rare mix of solutions and capabilities – such as proxy protection and DNS protection across all types of networks – so organizations need to be able to work with consultants to ensure they’re equipped with the right technology.

Kiran Kumar is business solutions director at Webroot, where he is responsible for driving Webroot’s network security portfolio and broader platform initiative. Follow Kumar on LinkedIn or @Webroot.

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like