The approaches described in this section could be pursued but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Cloud computing, virtualization, software defined networks, and mobility are transforming legacy data centers having a client-to-server traffic flow, sometimes referred to as “north-south,” into data centers having server-to-server traffic flow, sometimes referred to as “east-west.” East-west traffic may also include traffic that travels between servers in different data centers. Due to the traffic volume or complexity of client requests, client requests may not be serviced by a single server. East-west architecture of data centers may enable data assets to be advantageously positioned in different locales, both inside and outside the enterprise premises. However, traditional perimeter security solutions often fail and cannot adequately protect the data centers from attackers.
An enterprise may attempt to analyze network traffic travelling between its servers. However, any analysis is normally limited to monitoring network traffic volume and determining trends in the traffic flow in order to discover malicious activities. Notably, the network traffic volume does not provide much contextual data with regards to the network environment. Therefore, attackers may find ways past the traditional perimeters by attacking low profile assets and then moving laterally across the data center to important enterprise assets to compromise enterprise and customer data.
Additionally, any correlations between hosts cannot be determined based solely on the network traffic volume.