Enterprise cybersecurity is under threat from the inside

Locking the doors is not enough to prevent cybersecurity threats

For years, cybersecurity strategies have focused heavily on perimeter defense. Most organizations continue to prioritize North-South traffic monitoring, which tracks data entering and exiting the system.

However, once attackers gain access, traditional defenses become less effective, offering little protection against movement inside the network.

Modern attackers target lateral movement, taking advantage of East-West traffic between servers, workloads, and containers. This internal activity is increasingly difficult to monitor, particularly in today’s hybrid cloud architectures where internal traffic volumes frequently exceed those crossing the perimeter.

The widespread adoption of cloud computing, virtualization, microservices, and IoT devices has led to a surge in internal data flows. Without full visibility into this environment, organizations are often blind to malicious behavior.

The Gigamon 2025 Hybrid Cloud Security Survey reveals that 65 per cent of global security and IT leaders prioritize East-West (or lateral) visibility over traditional North-South monitoring for cloud security. Yet, over half lack confidence in detecting malicious movement within their networks using current tools.

In Vietnam, the situation is just as alarming. In 2024 alone, data breaches affected 14.5 million accounts, accounting for 12 per cent of global incidents.

Recently, a Vietnamese energy company suffered a $2.5 million ransomware attack that compromised 1,000 servers. This incident underscores a growing trend of ransomware being used for large-scale extortion, while advanced persistent threats (APTs) covertly infiltrate organizations to steal sensitive information.

Vladimir Yordanov, Gigamon's APJ Senior Director of Solution Engineering emphasized the importance of visibility, stating that organizations cannot protect what they cannot see.

One of the main challenges in securing hybrid cloud environments is the lack of centralized visibility across infrastructure layers. Once a single machine is compromised, attackers can quietly move across interconnected systems without detection. Deep Observability addresses this problem by providing granular visibility into system and application behavior across the entire network.

Gigamon has been operating in Vietnam for more than ten years. Its solutions are widely used across key sectors including government, banking, telecommunications, and manufacturing.

Yordanov says that Vietnamese organizations are increasingly shifting from reactive security models to proactive strategies. Many are now embedding observability into their real-time operations rather than relying solely on perimeter defense.

This shift marks a notable change in mindset. Contrary to outdated assumptions, cybersecurity infrastructures in Vietnam are increasingly modern and sophisticated.

One major Vietnamese bank, for example, was handling up to 20 terabytes of data each day. This volume created immense strain on monitoring and storage systems. Gigamon helped the bank apply packet deduplication and noise reduction techniques, directing only relevant data to each analytics layer. As a result, the volume of data needing processing dropped to between 20 and 50 gigabytes per day, significantly lowering costs and enabling faster response times.

Other Vietnamese enterprises are applying similar techniques to better manage their growing data environments.

Deep Observability also enhances operational efficiency by identifying unusual patterns in everyday activity.

One data-focused organization detected unauthorized BitTorrent-related traffic within its internal network. The source was employees accessing entertainment content during work hours, a behavior that posed a potential entry point for malware. Gigamon flagged the activity before any serious incident occurred.

Another case involved a telecom provider that fell victim to SIM card manipulation. Hackers activated prepaid SIMs in a different country than where they were issued, creating unlimited roaming access. The existing system failed to detect the anomaly until traffic volumes spiked. Gigamon's monitoring tools identified the issue and helped the provider resolve it before damage escalated.

Beyond preventing breaches, organizations are now under pressure to comply with more stringent regulations. In finance, standards such as PCI DSS require secure handling of payment data. In healthcare, HIPAA mandates strict data protection policies. Domestic cybersecurity laws in Vietnam also classify systems according to risk level, making comprehensive monitoring an operational necessity.

The rise of AI adds new urgency to the challenge. As organizations collect and process vast amounts of data to train models, they must ensure that AI-generated traffic is fully observable. Gigamon enables enterprises to distinguish between internal and external AI data flows, detect anomalies, and ensure regulatory compliance throughout the AI lifecycle.

While Gigamon currently serves large-scale enterprises, it is expanding support for mid-sized businesses in industries such as manufacturing, logistics, energy, and mining. These sectors demand high levels of security and operational stability, making observability a critical requirement.