A common type of Internet-based threat intelligence is the assigning of reputation scores to the source of traffic, usually expressed as a certain Internet address or domain.
Yet, with the gradual–some would say “glacial”–move to the Internet Protocol Version 6 (IPv6) address scheme, the Internet’s address space will grow from merely big to nearly infinite. The vastness of the address space will cause problems for many threat-intelligence firms, from allowing attackers to use a new address for every attack to causing a rapid expansion in the size of the database needed to track the data on various sources, says Tommy Stiansen, chief technology officer for Norse, a real-time threat intelligence provider.
“IPv6 makes the whole thing interesting, because it’s a lot bigger,” Stiansen says. “Databases will have to be re-architected to handle the increased data. For anyone in threat intelligence, that will be the biggest challenge to overcome.”
A small, but still significant, part of the Internet has adopted IPv6. While the global rate of adoption is a mere 1.6 percent, according to statistics provided by Google, about 4 percent of networks in the United States have an end-to-end implementation of IPv6. Moreover, the fraction of networks that use IPv6 is growing exponentially.