Community segmentation stays a vital safety requirement, but organizations battle with conventional approaches that demand intensive {hardware} investments, complicated coverage administration, and disruptive community adjustments. Healthcare and manufacturing sectors face explicit challenges as they combine numerous endpoints – from legacy medical gadgets to IoT sensors – onto their manufacturing networks. These gadgets usually lack strong safety hardening, creating important vulnerabilities that conventional segmentation options battle to deal with.
Elisity goals to unravel these challenges by an modern strategy that leverages current community infrastructure whereas offering identity-based microsegmentation on the community edge. Relatively than requiring new {hardware}, brokers or complicated community redesigns, Elisity clients run just a few light-weight digital connectors (referred to as Elisity Digital Edge) to implement safety insurance policies by organizations’ present switching infrastructure.
On this hands-on evaluate, we’ll study Elisity’s technical capabilities and real-world applicability primarily based on testing in a simulated healthcare surroundings that mirrors widespread enterprise deployment eventualities. To get a personalised demo, go to the Elisity web site right here.
Id-First Structure
On the core of Elisity’s platform is the Cloud Management Middle, which offers centralized coverage administration and visibility. Throughout testing, we noticed how “Elisity’s Digital Edge” elements might be deployed both instantly on supported switches (Cisco Catalyst 9K sequence) or as VMs or containers in non-public clouds or on networks, they combine with current community switches together with Cisco, Juniper and Arista. The check surroundings demonstrates that Elisity can handle segmentation at each a sequence of clinics that hook up with the community with Cisco 9300 and 3850 switches, and hospital websites with a Cisco 9300 operating the Elisity Digital Edge on it.
The Elisity IdentityGraph engine proves notably spectacular in follow. Past simply discovering gadgets, it correlates id knowledge from a number of sources into what Elisity calls “core efficient attributes” – a consolidated view of probably the most legitimate and trusted knowledge about every asset. Throughout testing, we noticed it pull knowledge concurrently from Energetic Listing, ServiceNow, CrowdStrike and different sources, creating wealthy contextual profiles that inform coverage choices.
As a result of Elistiy’s Digital Edge “connectors” are related company networks they uncover and sees extra than simply the gadget particulars, it additionally sends community circulate knowledge to Elisity’s Cloud Management Middle. This degree of integration permits the platform to correlate “who’s speaking to who”.
Coverage Creation and Administration
All of this correlated meta knowledge for customers, workloads and gadgets turns into beneficial with Elisity entry coverage capabilities. The coverage interface makes use of an intuitive matrix visualization that clearly reveals relationships between asset teams. A key function demonstrated was the power to categorise belongings dynamically primarily based on a number of standards. For instance, we watched an unauthorized laptop computer get mechanically reclassified into a licensed radiology group primarily based on matching ServiceNow asset tags, gadget sort, and CrowdStrike EDR standing.
The platform contains highly effective options for coverage refinement:
· Studying mode to grasp precise site visitors patterns
· Coverage simulation earlier than enforcement
· Visitors circulate analytics overlaid on the coverage matrix
· The flexibility to lock belongings in particular teams (notably beneficial for OT environments)
A very helpful function is the site visitors circulate evaluation view, which overlays precise communication patterns on the coverage matrix. This helps directors determine unused paths that may be safely blocked and validate coverage adjustments earlier than enforcement.
Healthcare Use Case Deep Dive
To guage real-world applicability, we examined a standard healthcare state of affairs: securing legacy medical gadgets operating outdated working techniques. The platform mechanically found our simulated medical tools and supplied granular visibility into their communication patterns.
The demo confirmed how simply insurance policies may very well be created for numerous medical tools together with X-ray machines, CT scanners, and EHR techniques. A very beneficial instance demonstrated blocking particular ports (like SSH port 22) to legacy medical gadgets operating outdated working techniques whereas sustaining essential scientific entry.
Efficiency and Scale
Testing revealed minimal efficiency affect from Elisity’s enforcement mechanisms. By leveraging swap ASICs for coverage enforcement, the answer maintained sub-millisecond latency with no noticeable throughput discount. The distributed structure dealt with our check load effectively, suggesting good scalability for enterprise deployments.
The deployment course of proved remarkably easy, taking below half-hour per web site with no community downtime. This effectivity stems from Elisity’s container-based strategy and talent to work with current infrastructure.
Areas for Enhancement
Whereas Elisity delivers on its core promise, some areas may very well be improved. The wi-fi integration capabilities have just lately been expanded to incorporate Cisco Catalyst 9800 wi-fi controllers supporting inter and intra SSID segmentation or alternatively on the swap the place the AP or Controller connects to the community which may very well be important for healthcare environments with rising wi-fi gadget adoption. Moreover, whereas the coverage interface is intuitive, extra predefined templates would assist speed up preliminary deployment.
We additionally famous that some handbook coverage tuning was wanted to optimize guidelines for particular use circumstances. Whereas the platform offers good visibility for this tuning, further automation might streamline this course of. We do be aware that Elisity knowledgeable us that they’re launching Elisity Intelligence in early 2025, which they are saying will present a stronger automated coverage suggestion engine.
Public Case Research Instance
Elisity shares {that a} main U.S. well being system with 800+ hospitals and healthcare clinics achieved outstanding effectivity good points and value financial savings by implementing Elisity, lowering complete prices from $38M to $9M – a 76% TCO discount. The implementation required solely 2 workers members per web site as an alternative of 14, with deployment taking simply 4-10 hours per location whereas avoiding downtime and affected person care disruption. Elisity’s platform found and categorised 99% of gadgets inside 4 hours and eradicated the necessity for pricey IoMT gadget re-IP processes, and supplied automated, steady gadget stock updates to their CMDB with complete community visibility throughout all places. Learn extra on Elisity’s profitable deployments in healthcare, pharma and manufacturing on their web site.
Conclusion
Elisity efficiently addresses the first challenges of conventional microsegmentation approaches whereas offering a sensible path to implementation. The answer’s means to leverage current infrastructure whereas delivering identity-based controls makes it notably beneficial for organizations with numerous endpoint sorts and sophisticated segmentation necessities.
Throughout testing, we had been notably impressed by Elisity’s incident response capabilities. The platform permits organizations to take care of a number of coverage units – together with pre-configured “locked down” insurance policies that may be quickly deployed by way of their SOAR playbooks or API integrations, if ransomware or different threats are detected.
The platform’s speedy deployment capabilities and minimal efficiency affect make it a compelling choice for enterprises trying to enhance their safety posture with out large infrastructure investments. Whereas some points like wi-fi integration may very well be enhanced, Elisity presents a practical strategy to implementing microsegmentation throughout the enterprise.
For organizations combating conventional segmentation approaches, notably these in healthcare and manufacturing sectors, Elisity offers a transparent path ahead that balances safety necessities with operational realities. To be taught extra about Elisity IdentityGraph, go to the answer web page right here.