Why has east-west traffic historically been under-monitored?

East-west traffic inspection requires sensors inside the network — at core switches, between segments — rather than at the perimeter. This is more expensive to deploy and generates significantly more data than perimeter monitoring. Legacy security architectures also assumed that internal traffic was trusted, making east-west monitoring seem unnecessary. The shift to Zero Trust has driven renewed focus on internal traffic visibility.

Definition

East-West Traffic

Lateral traffic between devices inside the network, as opposed to north-south traffic entering or leaving. Attackers rely on east-west movement to spread after initial access and reach high-value targets.

What is East-West Traffic?

East-west traffic describes network communication between devices inside an organization's network, as distinguished from north-south traffic that flows between internal networks and external systems (the internet or partner networks). In the classic data center metaphor, north-south traffic moves vertically (in and out of the data center) while east-west traffic moves horizontally (between servers and devices within the data center).

The security significance of east-west traffic has grown dramatically as attackers have shifted their focus from perimeter breaches to lateral movement. Modern attacks assume initial access — whether through phishing, exploitation, or supply chain compromise — and then rely on east-west movement to reach high-value targets. If east-west traffic between unrelated device categories is unrestricted, an attacker who compromises a low-value device (a printer, an IP camera, a BMS controller) can reach high-value targets (domain controllers, financial systems, OT networks) without crossing any additional security boundaries.

Traditional security investments have been perimeter-heavy: firewalls, intrusion prevention systems, and web proxies focus on north-south traffic. East-west traffic monitoring and control — microsegmentation, behavioral monitoring, internal network visibility — is the corresponding investment for the lateral movement threat. Organizations that have made significant perimeter investments but have minimal east-west controls have an asymmetric security posture that attackers reliably exploit.

Key Facts

East-west traffic accounts for over 80% of total network traffic in most enterprise environments
75% of successful lateral movement in enterprise breaches exploits unrestricted east-west connectivity
Traditional security tools inspect less than 20% of east-west traffic despite it being the primary lateral movement medium
Zero Trust Architecture explicitly addresses east-west traffic control as a core requirement

How ORDR Addresses East-West Traffic

ORDR monitors all east-west traffic and maps device-to-device communication patterns to behavioral baselines. When a device initiates east-west connections outside its expected communication profile — particularly connections to devices in different segments — ORDR generates alerts and can trigger automated segmentation responses to contain lateral movement before it progresses.

See ORDR in action

Frequently Asked Questions

Back to Glossary

Complete visibility across your entire attack surface.

ORDR unifies IT, IoT, and OT asset intelligence so your team can see—and act on—what matters most.

REQUEST A DEMO Platform Overview