11th March, 2020
Generally speaking, “East-West” (EW) traffic refers to server to server traffic within a datacentre and “North-South” (NS) to traffic that is routed either to or from anything outside the datacentre. Depending on the function of a datacentre, EW traffic can be significantly higher than the NS (e.g in a computationally intensive environment), or NS may be the same as or greater than EW (if there are multiple access points) for a data I/O intensive application such as media streaming.
The dilemma is where to place cyber security tools. If NS traffic is lower than EW a lower cost solution is to place security measures at the access points, to detect and scrub all traffic as it enters a network. This assumes that everything beyond this is then trusted. But if there is a breach, how can we understand what affect it has on the internal operation of the datacentre?
The answer is to monitor both NS and EW traffic, meaning large scale capability, monitoring high bandwidth EW and NS traffic (which may be med or high bandwidth), scanning for known threats and anomalies, whilst storing meta-data for incident response and forensics.
Much cloud and hosting is a shared facility, where each tenant operates their own isolated security infrastructure and policies. But one advantage of cloud is that it facilitates a collaborative way of working to predict, prevent and remedy threats, by sharing intelligence through visibility of the entire cloud infrastructure. A total infrastructure view requires a large scale, multi-site, multi-tenant threat monitoring and alerting system. That’s what we do at Telesoft – contact us to find out more.