How to Harness East-West Visibility for a Stronger Defensive Security Strategy

Intellyx BrainBlog for Gigamon by Jason Bloomberg

Editor’s note: This is part four of a four-part series. For part one, see “Be Sure to Whack Your Cybersecurity Blind Spots,” for part two, see “Avoid Dead Reckoning: Why Zero Trust Requires Network Visibility,” and part three, see “Precryption: The Zero Trust Prescription for Decryption.”

The days when a firewall-based perimeter was sufficient for a reliable security posture are long gone. Today, every endpoint, every user, every system is suspect. Compromises are taken for granted, and Zero Trust is becoming a way of life.

Given the need to reduce every organization’s attack surface, encryption has become the go-to technology of choice for securing all kinds of network traffic. From web sites with secure HTTP to internal communications between corporate applications, encryption has become ubiquitous.

Encryption, however, is not sufficient – even for traffic within an organization, including what we call East-West or lateral traffic. Understanding the shortcomings of encryption, as well as how to mitigate them, is essential for strengthening your security posture in today’s Zero Trust world.

East-West vs. North-South

The Wikipedia definition of East-West is traffic within a data center, while North-South traffic connects data centers. However, this definition does not reflect the subtleties of today’s complex, hybrid cloud environments.

With virtual networks, the cloud, and now cloud-native computing, the definitions of East-West and North-South have climbed the ladder of abstraction.

Today, East-West refers to laterally moving traffic between endpoints within an abstracted network segment – perhaps a virtual private cloud, or in the cloud native context, between microservice endpoints in the same Kubernetes environment.

North-South traffic, in turn, often traverses APIs – either between organizations or among different clouds, domains, or network segments within an organization.

You need to secure all traffic regardless of the points on the compass, but East-West and North-South traffic present different challenges that bring importance to the distinction.

Perimeter-based security (firewalls, API gateways, and the like) have always secured North-South traffic. The challenge today is bringing Zero Trust to bear for East-West traffic.

Zero Trust may be simple in principle – everything is untrusted until it is explicitly authorized to take a particular action – but the devil is in the details.

Network microsegmentation can provide a measure of Zero Trust across distributed networks. This approach is a strategy for containing network issues and providing situationally targeted security monitoring for an improved security posture.

However, it is insufficiently flexible to handle East-West interactions in some situations, for example among ephemeral microservice endpoints. This leaves organizations with a lack of context as to what is occurring between each of the segments and where to focus their efforts when troubleshooting must occur.

What Zero Trust means in practice, therefore, can vary depending on the context of particular interactions. The result is increased complexity, and with it, expanded opportunities for bad actors to find and exploit points of compromise.

Read the entire BrainBlog here.

SHARE THIS: