TMCnet News
Transition to Next Generation Internet Protocol, IPv6, Will Likely Cause Severe Security and Operational Risks; Securify Offers IPv6-Ready SolutionCUPERTINO, Calif. --(Business Wire)-- Securify, Inc. today announced support for Internet Protocol version 6, or IPv6, across its product line. As of June 2008, Securify will be the first and only network monitoring solution to provide real-time discovery and control of IPv6 activity. IPv6 is the next generation Internet protocol that will co-exist with, then replace IPv4 over the next several years. While adoption of IPv6 will ultimately deliver significant benefits, the transition is widely expected to create severe security risks and operational inefficiencies that will impact many organizations, even those that are not yet making the transition. Compounding this problem is that a majority of existing security and infrastructure technologies cannot yet monitor IPv6 traffic. Securify, already trusted to monitor some of the nation's most sensitive networks, offers the first and only network monitoring solution to currently provide real-time discovery and control of IPv6 activity, including full visibility and controls over IPv6 traffic, transition protocols and mixed IPv4 and IPv6 environments. The U.S. Federal government has mandated initial compliance with IPv6 by June of 2008, and many non-government organizations, including corporations and universities are also strategizing how to best migrate their network infrastructures to IPv6. But during this transition, the roll out of new desktop and server operating systems, network devices and applications that now include both IPv4 and IPv6 support, combined with IPv6's nature to automatically establish and prefer using IPv6 communications channels, present unique security management challenges that are not addressed by current monitoring and security solutions. In fact, some Federal agencies, mandated to make the transition, are delaying their plans due to lack of IPv6-capable security devices. Security and Operational Challenges of IPv6 Specific challenges related to IPv6 include: - Difficulty in monitoring and enforcing security policy on IPv6 (vs. IPv4) flows - Detecting tunnels and rogue routing due to "Self-Propagation" features - Increased workload for IT staff to not only deploy all new devices and configurations to support IPv6, but also maintain an interwoven, parallel IPv4 and IPv6 environment - Increased misconfigurations due to the transition of IPv6 as a new protocol Securify's IPv6-aware traffic monitoring and asset discovery ensures security and efficient operational management before, during and after the major transition from IPv4 to IPv6. As the move to IPv6 will be an incremental process, a critical need exists for organizations to possess detailed situational awareness across their infrastructure at all times. This visibility is particularly useful for reducing security risks, pinpointing compliance gaps, monitoring planned changes in data networks and detecting misconfigurations. Securify can help maintain availability of services while networks, hosts, servers and applications all migrate independently to IPv6. Security Takes the Lead in IPv6 Monitoring As of June 2008, the Securify product line is able to operate in IPv4, IPv6 and mixed IPv4/IPv6 environments, thus addressing the unique monitoring and security challenges presented as organizations initiate this migration. Securify offers both deep packet inspection of IPv6 as well as collection and analysis of flow data covering IPv6 traffic from Cisco and Juniper network devices. Securify is the first IPv6 threat detection solution in evaluation for Common Criteria and has been recognized on the Common Criteria website. Securify has also worked closely with the Moonv6 Project, a global effort led by the North American IPv6 Task Force (NAv6TF) involving the University of New Hampshire - InterOperability Laboratory (UNH-IOL), service providers, vendors and the Federal government and is the largest permanently deployed multi-vendor IPv6 network in the world. Securify will help address IPv6-related challenges, including: Improved Security: Securify provides discovery of all network activity whether IPv4 or IPv6, as well as real-time verification against business and security policies of what should be allowed. Securify addresses key IPv6 security issues including: - Network evasion: Securify Monitors fully decode IPv6 transition protocols (tunneling protocols) and identify users either when they are establishing disallowed tunnels or hiding disallowed services inside authorized tunnels. - Identifies backdoor channels: Securify can identify when routes other than those intended by network administrators are present in the network. A malicious user can create a whole parallel network automatically (leveraging IPv6's self propagation and stateless autoconfig features) including full internet access and without the knowledge of the users or network administrators. - Identifies rogue hosts in the network: Securify's passive discovery is critical to complement any active scanning which cannot scan the huge IPv6 address space to find randomly assigned and unauthorized IP addresses. - Enforcing security before other devices can: Existing solutions such as most IDS/IPS and firewalls simply drop IPv6 traffic, making it invisible to security teams. Securify monitors IPv6 traffic in real-time to help enforce security policies. Once other devices like firewalls become IPv6-ready, Securify can be used to validate that policies are implemented correctly by these infrastructure components (Firewall technologies may take a long time to become stable in IPv6 environments). - Transitional Efficiency: Securify will help during multiple phases in the transition to this new protocol. Securify provides real-time IPv6 network monitoring required for true 'situational awareness.' Securify can also help baseline current usage of services to be migrated (thus providing an "as-is" picture just prior to transition) and also helps verify proper application of IPv6 transition protocols. Later in the transition, Securify helps generate progress reports on hosts/services migrated, IPv6 vs IPv4 traffic, usage of tunnels, and more. Securify can also replace active scanning as the means to develop inventory. - Pinpointing, Reducing Misconfigurations: Securify can help quickly pinpoint misconfigurations, including: - Firewall policy misconfigurations due to the sheer volume of updating required - Paths for tunneling that are misconfigured due to automatic tunnel configuration - DNS misconfiguration due to the need for manual entries for long IPv6 addresses - Misconfigured prefixes likely due to the complexity of the new IPv6 addressing and self propagation - IPSec misconfiguration due to the complexity of configuration and lack of government definition for adoption "IPv6-capable monitoring will be critical to a successful transition from IPv4 to IPv6," states B. Scott Harroff, Chief Information Security Architect, Diebold, Incorporated, a Securify alliance partner. "While overall, moving to IPv6 has many benefits, including larger addressing space, built-in QoS, improved security, and better routing performance, organizations must make no mistake that this will be a significant infrastructure conversion that will impact many business, government and university environments and take a significant investment. The type of monitoring that Securify provides will help organizations better understand the impact of IPv6 on their networks, reduce overall workload during the transition, and fill known security gaps related to IPv6." "IPv6 has been making steady progress at the federal level and increasingly in the private sector, and security is a key feature with new challenges and benefits," said UNH-IOL IPv6 Manager Timothy Winters. "We are now seeing forward-thinking security vendors implementing support for the new protocol with an awareness of the key role security has to play for enterprises during the transitional period and beyond." "The transition to IPv6 has the potential to have the largest impact on IT since the introduction of IPv4 28 years ago, and yet many organizations are just in the formative stages of understanding the consequences to their networks and operations," states Steve Woo, VP of Products and Marketing, Securify. "Organizations, from the Federal government, to leading financial services firms to universities must quickly assess the impact of IPv6, understand the gaps that will occur during the transition, and understand the best methods to counter those gaps. As the first and only vendor to offer IPv6-capable monitoring, Securify is in a unique position to deliver an invaluable tool to organizations that are already making the transition, those that are planning the transition, and those that don't even know how they will be impacted, but should be prepared." About Securify Securify delivers award-winning, best-in-class identity-based discovery and control solutions. Securify monitoring appliances deliver a continuous, real-time view of who is doing what and where on the network from the moment a user logs on, without difficult and costly integration of data from various application and network tools. Securify's unified view of what business users are actually doing across complex infrastructures ultimately enables security and IT operations teams to reduce risk, reduce reactive workload and re-gain control of complex projects. Today, Securify continuously monitors and verifies 'who, what, where, and when' across millions of users on the most complex networks in the world, including Visa, Guardian Life, the largest Federal civilian agencies and numerous classified and non-classified Department of Defense networks. Our patented, award-winning solutions are the only monitoring and verification appliances to achieve Common Criteria EAL3 certification. Named as a Deloitte Fast 50/500 company, an Inc. 500 company, a Fortune Magazine "Cool Company," and a Red Herring Magazine Top Private Security Company, venture-backed Securify is headquartered in Cupertino, Calif. with Federal operations in Herndon, Va. (c) 2008, Securify, Inc. Securify and SecurVantage(TM) are trademarks of Securify, Inc. All other trademarks, service marks and company names are the property of their respective owners. |
