As organisations attending the Cyber Secure Forum embrace cloud computing, containerisation and microservices architectures, the shape of the enterprise network has fundamentally changed. Traffic that once flowed clearly north–south (in and out of the perimeter) is now overwhelmingly east–west, moving laterally between workloads, services and applications inside the environment. While this shift has delivered agility and scalability, it has also created a critical blind spot for security teams: encrypted internal traffic…
The Encryption Paradox
Encryption is essential for protecting data in transit, but it also limits visibility. The widespread adoption of TLS 1.3, which encrypts more of the handshake and metadata than previous versions, has significantly reduced the ability of traditional security tools to inspect traffic payloads.
As a result, malicious activity, such as lateral movement, command-and-control traffic, data exfiltration and privilege escalation, can now hide inside legitimate-looking encrypted flows between microservices or workloads.
For attackers, this internal opacity is a major advantage. Once inside the network, they can move laterally with far less risk of detection.
Why Traditional Controls Fall Short
Legacy perimeter firewalls and IDS/IPS tools were never designed for dynamic, cloud-native environments. They may struggle to cope with:
- Ephemeral workloads that spin up and down rapidly
- East–west traffic volumes that dwarf north–south flows
- Encrypted communications that cannot be easily decrypted
- Multi-cloud and hybrid architectures
- Service-to-service communication without user context
In this environment, relying solely on decryption-based inspection is neither scalable nor desirable from a performance or privacy perspective.
Visibility Fabrics and Smart Traffic Analysis
To address this challenge, organisations are deploying network visibility fabrics (NVFs) and next-generation monitoring tools that provide comprehensive insight without relying entirely on decryption.
These platforms aggregate traffic metadata from across the network (physical, virtual and cloud) creating a unified view of how systems communicate. By analysing flow records, packet headers, timing patterns and behavioural baselines, security teams can detect anomalies even when payloads remain encrypted.
Anomaly Detection and Network Detection & Response (NDR)
AI-driven Network Detection & Response (NDR) tools are becoming central to east–west security. Rather than looking for known signatures, NDR platforms establish a baseline of “normal” internal behaviour and flag deviations such as:
- Unusual lateral connections
- Abnormal data transfer volumes
- Unexpected service-to-service communication
- Beaconing patterns associated with malware
- Privilege escalation attempts
- Because these techniques focus on behaviour rather than content, they remain effective even as encryption standards evolve.
Segmentation and Zero Trust Reinforce Visibility
Inspection alone is not enough. Organisations are combining NDR with micro-segmentation and Zero Trust principles, limiting which workloads can communicate and ensuring every connection is explicitly authorised.
This reduces the blast radius of any breach and makes abnormal traffic easier to identify.
Seeing Inside the Modern Network
In an era of cloud sprawl and encrypted-by-default communications, internal visibility is no longer optional. Security teams must accept that they cannot decrypt everything and instead focus on intelligent visibility, behavioural analytics and contextual understanding.
The organisations best equipped to defend against advanced threats will be those that can see what’s happening inside their networks, even when the traffic itself remains encrypted.
Are you searching for Network Security solutions for your organisation? The Cyber Secure Forum can help!
Photo by Kevin Ache on Unsplash
