East-west traffic is network communication that happens between internal systems rather than between an internal system and the outside world.
East-west traffic is network communication that happens between internal systems. In plain language, it describes server-to-server or workload-to-workload traffic inside an environment rather than traffic entering from or leaving to the outside world.
East-west traffic matters because attackers often move laterally after their first foothold. If internal traffic is wide open and poorly monitored, a compromise can spread more easily across workloads, segments, or accounts.
It also matters because many modern cloud and container environments have far more internal service-to-service communication than traditional perimeter-only models expected.
East-west traffic appears in data centers, Virtual Private Cloud networks, container clusters, microservices environments, and Microsegmentation programs. Teams connect it to Network Segmentation, Intrusion Detection System, and Zero Trust Network Access.
It is a key concept whenever defenders need visibility into lateral movement and internal trust boundaries.
A compromised application server begins making unexpected connections to neighboring database and file servers inside the same environment. That abnormal east-west traffic becomes a signal that lateral movement may be underway.
East-west traffic is not the same as north-south traffic. North-south traffic refers to communication that crosses the environment boundary, such as internet-to-app or app-to-internet connections.
It is also not automatically suspicious. Internal traffic is normal in many architectures, but it becomes risky when it is broader than necessary or weakly monitored.