North-south traffic is the movement of data packets that are initially entering a network from the outside. These packets may have exited a different network, such as the public Internet or a data center, before entering the current one. North-south network traffic is typically monitored by a firewall, the traditional method of accessing a network. Firewalls are installed within a network perimeter the outer border that transmissions must pass to enter the network to filter packet requests and allow or block requests. Certain configurations placed by IT teams or the network service provider control what traffic is permitted to pass.
Either hardware, installed at the network gateway, or software, installed on one computer or server, are considered standard protection to process north-south traffic for a network or device. But cyber attacks have become much more sophisticated over the past decade, and hackers have found ways to bypass the firewall or perimeter entirely.
Viewing network traffic as only north-south makes your network vulnerable
Social engineering is one of the most popular methods that attackers use to breach a network. If they convince an employee to download a malicious link in an email, the malware that then embeds itself in the device gives the attacker a pathway into the company network. Or victims may unwarily enter their username and password into a spoofed site, resulting in stolen credentials. Smart devices are another path to bypass the firewall; the Internet of Things includes items such as sensors, lights or refrigerators that aren’t protected in the same way as computers and phones. If an attacker is able to access an IoT device on a private network, they can then continue moving through the network. Even small businesses, not just high-revenue corporations with sensitive data, are being targeted by international government-supported cyber attackers from other countries.
Simply put, viewing network traffic monitoring as only a north-south (or in-and-out) pattern is outdated and dangerous. As attacks become more sophisticated, so must network security. Many organizations are realizing this and paying closer attention to east-west traffic (also known as internal traffic or lateral movement). Attackers that bypass the initial network gateway and move within the network, or laterally, will be able to access sensitive data and cost an organization money and reputation if those segments of the network (such as applications or servers) aren’t also secured.