Understanding North-South and East-West traffic
and the added value of NDR in network analysis

a-propos-gatewatcher-d

Introduction


In the intricate realm of network architectures, understanding the data flows that facilitate communication between internal and external devices is paramount. These flows are typically classified into two main types: North-South and East-West traffic. They play a crucial role in the design, management, and security of modern networks. This article delves into these two types of traffic and discusses the significance of Network Detection and Response (NDR) solutions for securing these data flows.

East-West Traffic: Optimizing internal communication


Definition and characteristics

East-West traffic, or horizontal traffic, refers to the flow of data packets between servers within a data center, or across private and public clouds within the same local network or data center. This dominance arises from virtualization, cloud computing, and the intensive use of databases and internal applications that require constant server-to-server communication.

 

Security of East-West traffic

Securing East-West traffic is crucial because certain attacks leveraging internal communications may bypass traditional security perimeters such as external firewalls. NDR technologies are thus essential for monitoring, detecting, and responding to anomalies and threats moving horizontally across the network.

 

Case Study

  • Healthcare sector: Internal communication among hospitals

In healthcare, where hospitals and clinics use electronic medical record (EMR) systems hosted on internal servers or in the cloud, East-West traffic is predominant. For instance, a hospital might have several buildings on a campus where medical data servers exchange information continuously. Internal traffic between these servers is critical for daily operations, including rapid sharing of test results or automated medication management between departments.

 

  • Financial sector: Transactions and data analysis

Banks and financial institutions handle vast volumes of transactions requiring rapid internal server processing for risk analysis, compliance, and fraud detection. For example, servers executing high-frequency trading algorithms communicate intensely within secure data centers to execute trades in milliseconds. The key challenge here is early detection of abnormal behaviors that might indicate system intrusion or manipulation.

North-South Traffic: Facilitating external communication


Definition and importance

North-South traffic, or vertical traffic, involves data exchanges between an organization’s internal network and external networks, such as the Internet. This type of traffic is vital for accessing external resources, like cloud services, websites, and email communication.

 

Threat management and security

North-South traffic is often a vector for external attacks. Therefore, robust monitoring and filtering mechanisms, such as advanced firewalls, proxies, and intrusion prevention systems (IPS), are crucial. However, it’s necessary to go beyond traditional protection methods, which can be limited or outdated. NDR aids in early identification and counteraction of potential threats before they reach critical network resources. It effectively addresses all types of threats targeting the information system. For instance, NDR can detect IT usages that violate internal security policies, such as unapproved tools like Dropbox, or the direct connection of an internal machine for testing, which could be exploited maliciously. Additionally, these systems identify communications between an infected machine and a command-and-control server, data exfiltration to external storage services, and attempts at brute force or exploiting vulnerabilities in front-line defense components like firewalls or VPN gateways. These scenarios underscore the critical importance of these technologies in safeguarding networks against a broad range of cyber threats.

 

Case study

  • Healthcare sector: Access to online medical resources

In healthcare, North-South traffic is crucial for accessing remote medical resources, such as research databases or telemedicine platforms. This traffic can be targeted by phishing attacks or data interception attempts aiming to access sensitive medical information.

 

  • Financial sector: Online banking transactions and data exchange

In finance, North-South traffic enables online transactions and data exchanges with external entities. These operations are vulnerable to cyberattacks, such as transaction interception or denial-of-service attacks, which can compromise financial security and data confidentiality. Institutions use proxies, next-generation firewalls, and NDR solutions to monitor and counter potential threats.

 

These examples highlight the specific risks of North-South traffic and the importance of robust monitoring and security systems to protect critical data exchanges in these highly regulated sectors.

Crucial Role of NDR solutions


A Network Detection and Response (NDR) solution is essential for continuous and in-depth network monitoring. It scrutinizes traffic in real-time to identify any abnormal behavior, providing comprehensive and instant visibility into the assets and users present on the information system. This is crucial for accelerating investigations: how can one proactively combat cyberattacks without mastering the exposure surface? An effective cybersecurity approach begins with precisely analyzing network flows, including encrypted ones, and detecting all types of threats from their early weak signals.

As cloud usage continues to expand, bringing inherent challenges and threats, protecting cloud workloads becomes a critical priority. It is vital to control potentially critical resources exposed via the internet and secure exposed APIs (Application Programming Interfaces) to ensure optimal security.

Beyond their efficacy in detecting lateral and vertical threats often missed by traditional security tools, NDR solutions stand out for their ability to respond quickly and automatically to incidents. Upon detecting abnormal behavior on a network, it is crucial to immediately halt any actions undertaken by the cyberattacker (reconnaissance, unusual connections, etc.) to prevent the infection of multiple assets. Automating and customizing responses is indispensable for adapting to the employed threat types, leveraging the existing ecosystem. NDR seamlessly integrates into the existing security ecosystem, available both on-premises and in the cloud, offering unparalleled operational flexibility. This responsiveness is vital for containing attacks and mitigating their consequences in real-time, thereby limiting potential damage and enhancing network resilience against cyber threats.

Conclusion: NDR from East to West and North to South


An in-depth understanding of North-South and East-West traffic is essential for designing networks that are both secure and efficient. Integrating NDR solutions into this architecture significantly bolsters security by providing advanced tools capable of detecting and neutralizing a wide range of malicious activities, both internal and external. These systems offer comprehensive and continuous monitoring, positioning NDR as the cornerstone of your defense arsenal.

Therefore, a well-orchestrated security strategy that considers these two traffic axes and effectively utilizes detection and response solutions is crucial for protecting informational assets in an ever-evolving threat landscape.