East-West Traffic

East-west traffic, or lateral movement, is the passage of data packets between servers, applications, and other points within a network. Being very aware of east-west traffic movement that’s horizontal or between two equal planes is relatively new in network security. Traditionally, organizations, including cloud service providers and other companies that deal with large amounts of sensitive data, have focused on north-south traffic (data passing initially into a network). North-south security relies heavily on a firewall at the network perimeter to process requests to enter the network.

The problem with traditional perimeter-focused security is that any hacker that manages to gain access to a network would have access to many other parts of the network through lateral or East-West movement, an attack also referred to as an advanced persistent threat (APT). And cyber attackers often no longer need to squeeze through a firewall, not when they can use so many other methods. Hackers employ social engineering tactics to convince company employees to download malicious software or give them personal credentials, which they can then use to enter the network. They can also access the network through unsecured IoT devices. Organizations have begun to shift their focus to east-west traffic as they try to secure their networks.

It’s especially important to manage laterally-moving network traffic because so much more data is being stored and transferred than ever before. Data centers and cloud infrastructure requires that data be extremely mobile and agile. Workloads move from server to server or between different cloud environments. It’s very difficult for IT staff (and even security solutions such as intrusion detection and prevention systems) to track attackers or suspicious activity once someone unauthorized has entered the network and begun wreaking havoc. Agile workloads and applications are beneficial but also have a drawback: security platforms are scrambling and struggling to manage growing networks.

Microsegmentation and zero trust approaches to network traffic

Though no one suggests that a company abandon any gateway security, trusting everyone who enters a network is dangerous. Implementing a zero trust approach to network security means requiring authentication for every new segment of the network that a user tries to enter. This might look like requiring a new login to work on an application for the day or being regularly required to provide multi-factor authentication before accessing a high-level account. Zero trust architectures don’t assume that every user in the network should automatically be there.

Microsegmentation also manages east-west traffic within a network. It’s a principle of zero trust architecture that divides a network into parts, which each require their own data processing and authentication. This also makes it easier to manage the aforementioned problems with tracking suspicious activity in the network. If each application or server requires credentials, an attacker’s movement and behavior will be easier to track.






Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for Webopedia.com, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

Ryuk Ransomware

The Ryuk ransomware is a strain of malware that attempts to infect and...

Snowflake Certification

Snowflake is a data management platform that offers data management and data warehouse...

RIA Software

RIA software helps Registered Investment Advisers (RIAs) and financial advisory firms track client...