NEW VIDEO: Security Weekly - How to protect AWS metadata services (used in Capital One breach). Watch now!

Three Steps to Gain East-West Visibility on Your Network

The threat landscape is expanding with each new piece of data, new application, and new user on your network. Often the rate of expansion outpaces the organization’s ability to track assets, leaving wide gaps between knowing everything the company has and its facility to protect it.

The reality of digital transformation and the plight of many security and operations practitioners is this: critical assets are added faster than they can be found and secured. Nevermind that securing network assets can interfere with usability — a major “no-no” in the world of access anywhere, anytime. But before your organization can even think about protecting assets, you need to understand what’s communicating on your networks and how.

Tracking east-west traffic

Today’s typical organization houses software and services on a combination of on-premises data centers and various cloud infrastructures (IaaS, PaaS, SaaS). Unlike networks of the past, the majority of network traffic never crosses a perimeter, which means that many network security tools can never detect those assets’ presence. Given the volume of data and systems communicating on organizations’ networks today, learning the extent of server-to-server/host-to-host/application-to-host/etc. communication is almost impossible without automation. Further, automation must deliver unified oversight of critical resources across all network environments in use. How valuable would it be to have a thorough understanding of software and services communicating in your on-premises data center but not know what’s present in your public cloud? Having some data about your network environment is better than having none, but poor visibility into east-west traffic introduces unnecessary cybersecurity risk — and no security or operations manager needs to take on more risk than is already part and parcel of managing the company’s critical digital assets.

When managing multi-cloud environments that host multi-platform applications, it’s necessary to gain visibility into what’s present and communicating on your networks in real time. (After all, once an attacker gains a foothold in the system, it can be a matter of mere minutes before they’re able to hide inside lax network controls and move laterally towards their intended target.)

Stay on the cutting edge. Subscribe to our blog.

Before your security team can apply protection, however, countering lack of visibility is a must.

1. Asset discovery

It goes without saying that discovering all assets in an organization’s cloud(s) and on-premises data center(s) is a crucial first step before being able to understand east-west traffic patterns. Organizations should implement an automated discovery tool to learn the extent of data present, the state of systems on the network, and what controls are in place to protect data/systems and alert on potentially malicious traffic.

2. Network communication mapping

After you’ve inventoried your networks, the next step is learning which assets are communicating (dormant assets rarely facilitate an attack), how they’re communicating (e.g., typical patterns of communication, amount of data sent/received in a given time period, etc.), and with which other resources they’re communicating. Visualizing the current state of the network helps security and operations teams better understand the network attack surface — which systems have the most sensitive data and which ones are therefore most likely to be targeted by certain types of cyber criminals.

3. Build and monitor baselines

The purpose of mapping network communications is to understand the what and how. Mapping, in turn, allows the organization to build and monitor baselines of normal activity, which helps quickly surface anomalies (e.g., when a database is suddenly sending 10X the amount of data it typically does; when a host is requesting a connection to a server it’s never communicated with before). It’s these baselines—which should be evaluated regularly to determine if “normal” has changed—that will provide you the visibility into risks associated with communicating data, applications, and users on your network, which will then guide your overall network security strategy.

Katherine Teitler, Director of Content

Written by Katherine Teitler, Director of Content

Katherine Teitler leads content strategy and development for Edgewise Networks. In her role as Director of Content she is a storyteller; a translator; and liaison between sales, marketing, and the customer. Prior to Edgewise, Katherine was the Director of Content for MISTI, a global training and events company, where she was in charge of digital content strategy and programming for the company's cybersecurity events, and the Director of Content at IANS, where she built, managed, and contributed to the company's research portal.