East-West Traffic Security Best Practices

Understand Internal Threats with East-West Traffic Security

In our recent post on user behavior analytics for security, we explored an example situation in which an individual actually posed as an employee of an organization in order to gain access to its network and customer data. While this was an extraordinary scenario, its likelihood is not diminished by its uncommon nature. 

According to Cyber Security Intelligence Index report from IBM, human error is almost always a factor in breaches. Around a quarter of cyberattacks are carried out by inadvertent insiders as compared to almost a third being carried out by malicious insiders. But ultimately, 95 percent of all breaches were caused due to some kind of mistake.

Whether caused by malicious or inadvertent insiders, what matters here is that cyber vulnerabilities were used from within the organization. And while you can analyze your users’ behavior through the use of tools and processes like UEBA, what about their behavior across multiple servers? Your data center likely has multiple servers as part of your overall network. Often, companies focus too much on identifying and blocking the risks that could be coming into your network from the outside. But threats can come from within just as easily.

Data center structure typically depicts servers along the bottom of a pyramid diagram that shows how data is retrieved and routed throughout a network. Those servers store the information and serve it out when requested. As companies begin to utilize functions such as virtualization and the use of on-demand solutions as opposed to the historic on-premises hardware, the movement of data across those servers — called east-west traffic — must be more carefully monitored.

Whereas most security solutions are concerned with north-south traffic (the movement of data into and out of a data center), the flow of east-west traffic presents just as much opportunity for cybercriminals who may have already gained access to a network to cause damage, or for an unsuspecting employee to download and initiate some form of malware. Let’s take a look at a couple of ways that east-west traffic security can help keep your organization safe.

Understanding East-West Traffic Security Threats

Malware is an extremely common problem for east-west traffic security. Not every employee within an organization is tech savvy. Often, it’s these individuals who end up falling for phishing scams or other malicious attempts, or whom attackers eventually identify and target to give them access to a network. Once a user has either visited a dangerous site, downloaded an infected file, or taken some other action, they’ve essentially opened the doors for anything from worms to Trojan horse viruses.

East-west traffic security can help to protect your organization against malware, particularly through micro-segmentation where rules are set for each server. This makes it difficult for the malware to spread from server to server, as security policies and other settings prevent data from passing from one to the other too similarly. If the criteria for moving from one server to another isn’t met, nothing happens, and potential attacks are maintained.

Another east-west traffic security challenge would be an insider threat. Often, insider threats are the gateways to other attackers getting into a network or data center. Whether the inside user is part of the attack or simply the unwitting enabler of it, their account is used to access and move data around a network. 

Tools like UEBA are great for identifying unusual network activity and can help indicate a problem, but the normal flow of information across your servers must also be carefully monitored as well to ensure that nothing harmful can spread throughout your data center.

Protect Your Organization From the Inside Out

At Inversion6, we partner with our clients to not only help them better understand and monitor their users but also to identify potential threats that may be present within their existing networks and data centers. Proactive security measures don’t just focus on external threats — they also carefully consider and evaluate everything happening within an organization’s technology environment. East-west traffic security is just one of the many ways we can assist your organization in achieving a more secure environment.

To learn more, fill out the form below, and one of our expert chief information security officers (CISOs) will be in touch with you to learn more about your current processes and what you’re looking to accomplish.