Securing Both North & South and East & West Datacentre Traffic
Generally speaking, "East-West" (EW) traffic refers to server to server traffic within a datacentre and "North-South" (NS) to traffic that is routed either to or from anything outside the datacentre. Depending on the function of a datacentre, EW traffic can be significantly higher than the NS (e.g in a computationally intensive environment), or NS may be the same as or greater than EW (if there are multiple access points) for a data I/O intensive application such as media streaming.
The dilemma is where to place cyber security tools. If NS traffic is lower than EW a lower cost solution is to place security measures at the access points, to detect and scrub all traffic as it enters a network. This assumes that everything beyond this is then trusted. But if there is a breach, how can we understand what affect it has on the internal operation of the datacentre?
The answer is to monitor both NS and EW traffic, meaning large scale capability, monitoring high bandwidth EW and NS traffic (which may be med or high bandwidth), scanning for known threats and anomalies, whilst storing meta-data for incident response and forensics.