Networks Generation

Forget The North-South Divide - It's All About East-West

Steve Broadhead
Steve Broadhead
Broadband Testing

Recently had a catch-up at my first trade event in seven years 😊 with Zero Networks’ amiable, straight-talking Albert Estevez Polo (still heading the “name of the year” awards table).

We spent over an hour trying to put the world to rights and primarily scratching our heads as to why the IT world doesn’t understand why its creaking, bolt-on approach to cybersecurity isn’t working. That, or they are simply in denial as to the fundamental weaknesses within their infrastructure, which is arguably worse.

One topic we spoke about, given the somewhat “been here before” nature of many of the exhibitors was, how much of this technology is actually now redundant? The problem is quite simple: traffic (malicious or otherwise) doesn’t travel in the same directions as it once did. It travels in every direction imaginable, simultaneously, so is easily able to bypass the traditional security barriers – many of which were put in place 20+ years ago. And, of course, the widespread use of AI is only accelerating breach movement within those infrastructures.

Those thoughts are echoed in a report just published by the vendor, regarding lateral movement exposure. The report analysed 54 trillion activities across 312 enterprise environments over a period of a month. It found that 80% of enterprise servers are reachable from anywhere inside the network – creating greenfield conditions for ransomware, operational disruption, and full-environment compromise. In other words, this East-West traffic has massively supplanted the traditional North-South traffic that most security infrastructures have been built to defend. Indeed, the report stated that over 70% of the observed traffic was East-West – and largely unprotected as a result.

The full report can be downloaded here: https://zeronetworks.com/resource-center/reports/2026-lateral-movement-exposure-report – but for those who enjoy a 30 second read, here are the headlines:

  • Roughly 80% of enterprises have already deployed internal AI agents, yet two-thirds lack governance policies for them – creating rapidly expanding unmanaged attack surfaces.
  • 87% of enterprise servers accept inbound RDP or SSH connections from broad internal sources, giving attackers wide access pathways once inside the network.
  • 78% of enterprise servers are reachable over SMB or WinRM, the same administrative protocols attackers commonly exploit for ransomware spread and lateral movement.
  • 43% of internal authentication traffic still relies on NTLM, a legacy protocol frequently abused for credential replay and privilege escalation attacks.
  • 12% of organizations maintain direct user-to-server administrative pathways, meaning a single compromised employee device can provide immediate access to high-value systems.
  • The research shows most enterprise environments still allow breaches to spread too easily after initial compromise – a risk amplified significantly by AI-driven attack automation.

Doesn’t make for good reading, does it? Unless you’re a hacker that is… If you would like to know how vulnerable your network is, Zero Networks has made a free breach map tool download available. Give it a try:

https://zeronetworks.com/resource-center/breach-map

Meantime, we await the next major breach report. Might just about have time to make a coffee before it is reported!