Blind spots widen as cyberattacks grow smarter

In networking, 'east-west' traffic flows between devices within the same network, such as inside a data centre, while 'north-south' traffic moves between internal systems and external networks like the internet. As cloud computing and microservices proliferate, east-west traffic has overtaken north-south traffic in data centres, giving attackers more chances to move laterally and evade detection

The urgency of east-west visibility is clear across Asia-Pacific. The Gigamon 2025 Hybrid Cloud Security Survey reveals that 65 per cent of global security and IT leaders prioritise east-west visibility over traditional north-south monitoring for cloud security. Yet, over half lack confidence in detecting malicious movement within their networks using current tools. This is a critical gap. Despite increased investments to secure their perimeters, over half of the respondents reported breaches in the past year.

In Vietnam, the situation is just as alarming. In 2024 alone, data breaches affected 14.5 million accounts, accounting for 12 per cent of global incidents.

Vladimir Yordanov, senior director of Gigamon's Solution Engineering, a technology company specialising in deep observability, told the media in a meeting in Hanoi on July 11 that a Vietnamese energy company suffered a $2.5 million ransomware attack a few months ago that compromised 1,000 servers. This incident highlights a growing trend of ransomware being used for large-scale extortion, while advanced persistent threats (APTs) covertly infiltrate organisations to steal sensitive information.

Underscoring the threat is last April's cyberattack on several major Vietnamese news organisations. According to Vietnam’s National Cybersecurity Centre, three leading outlets were breached in a coordinated attack that led to internal data theft and raised national security concerns. Newsrooms, constantly interacting with a wide array of digital tools – from devices and storage media to networks and cloud platforms – face heightened exposure to such threats.

"The industry's reliance on a few domestic tech providers created shared vulnerabilities, allowing a single breach to affect multiple outlets. This highlights the urgent need for east-west visibility across internal and connected systems to detect and contain lateral movement early," said Yordanov.

Modern threats demand a new security playbook, one built not just around stronger perimeters but full visibility inside the network. East-west traffic is central to this shift. Today’s most dangerous threats, from ransomware to APTs, which unfold over time and are often executed by well-resourced (and patient) attackers, move laterally across systems and exploit blind spots between workloads, clouds, and containers while traditional defences look the other way.

According to Yordanov, "A major barrier to this visibility used to be encryption, which often hides malicious activity. However, modern security solutions now decrypt traffic in transit for inspection and re-encrypt it before delivery, uncovering hidden threats without compromising privacy or overwhelming security tools."

Armed with this enriched dataset, security teams can detect low-and-slow behaviours typical of APTs, such as unauthorised lateral access, suspicious file movements, or unusual spikes in outbound encrypted traffic. These early signals are often invisible to traditional tools.

Yordanov believes this deeper visibility also transforms incident response. Teams can trace the path of an attack across internal systems, enabling faster containment and reducing dwell time.

"East-west observability is often seen as a technical task, but its impact is fundamentally strategic. No one would knowingly tolerate a stranger secretly living in their home, quietly raiding the fridge, sleeping in their bed, slipping through rooms unnoticed. Yet, this is precisely the kind of silent intrusion many organisations risk by overlooking east-west visibility in their security strategy," he said.

Vladimir Yordanov, senior director of Gigamon's Solution Engineering

Gigamon released its 2025 Hybrid Cloud Security Survey in May, revealing that hybrid cloud infrastructure is under mounting strain from the growing influence of AI. As cyberthreats increase in both scale and sophistication, breach rates have surged to 55 per cent during the past year, representing a 17 per cent on-year rise, with AI-generated attacks emerging as a key driver of this growth.

Security and IT teams are being pushed to a breaking point, with the economic cost of cybercrime now estimated to be $3 trillion worldwide, according to the World Economic Forum. As AI-enabled adversaries grow more agile, organisations are challenged with ineffective and inefficient tools, fragmented cloud environments, and limited intelligence.

AI is reshaping hybrid cloud security priorities. AI’s role in escalating network complexity and accelerating risk is evident. The study reveals that one in three organisations report that network data volumes have more than doubled in the past two years due to AI workloads, while nearly half of all respondents (47 per cent) are seeing a rise in attacks targeting their organisation’s LLM deployments. More than half (58 per cent) say they have seen a surge in AI-powered ransomware, up from 41 per cent in 2024, underscoring how adversaries are exploiting AI to outpace and outflank existing defences.

CMC Corporation hit by ransomware attack CMC Corporation fell victim to a ransomware attack by the cybercriminal group known as Crypto24 on April 12.

Precision AI: Palo Alto Networks' cybersecurity gamechanger As Vietnam's digital economy grows, Palo Alto Networks is redefining cybersecurity with 'Precision AI', unveiling smarter, real-time defence strategies to counter the nation’s rapidly evolving threat landscape.

Detection gaps widen as AI-fuelled attacks reshape cybersecurity in the region Fortinet, the global cybersecurity leader driving the convergence of networking and security, on June 3 announced the findings of a new IDC survey that reveals a sharp escalation in both the volume and sophistication of cyber threats across Asia-Pacific.