Community segmentation stays a important safety requirement, but organizations battle with conventional approaches that demand in depth {hardware} investments, advanced coverage administration, and disruptive community adjustments. Healthcare and manufacturing sectors face explicit challenges as they combine numerous endpoints – from legacy medical gadgets to IoT sensors – onto their manufacturing networks. These gadgets usually lack strong safety hardening, creating vital vulnerabilities that conventional segmentation options battle to handle.
Elisity goals to resolve these challenges by an modern strategy that leverages present community infrastructure whereas offering identity-based microsegmentation on the community edge. Somewhat than requiring new {hardware}, brokers or advanced community redesigns, Elisity prospects run a couple of light-weight digital connectors (known as Elisity Digital Edge) to implement safety insurance policies by organizations’ present switching infrastructure.
On this hands-on evaluate, we’ll look at Elisity’s technical capabilities and real-world applicability primarily based on testing in a simulated healthcare setting that mirrors frequent enterprise deployment situations. To get a personalised demo, go to the Elisity web site right here.
Id-First Structure
On the core of Elisity’s platform is the Cloud Management Middle, which supplies centralized coverage administration and visibility. Throughout testing, we noticed how “Elisity’s Digital Edge” elements might be deployed both straight on supported switches (Cisco Catalyst 9K sequence) or as VMs or containers in personal clouds or on networks, they combine with present community switches together with Cisco, Juniper and Arista. The check setting demonstrates that Elisity can handle segmentation at each a sequence of clinics that connect with the community with Cisco 9300 and 3850 switches, and hospital websites with a Cisco 9300 working the Elisity Digital Edge on it.
The Elisity IdentityGraph engine proves significantly spectacular in follow. Past simply discovering gadgets, it correlates identification knowledge from a number of sources into what Elisity calls “core efficient attributes” – a consolidated view of essentially the most legitimate and trusted knowledge about every asset. Throughout testing, we noticed it pull knowledge concurrently from Lively Listing, ServiceNow, CrowdStrike and different sources, creating wealthy contextual profiles that inform coverage selections.
As a result of Elistiy’s Digital Edge “connectors” are related company networks they uncover and sees extra than simply the machine particulars, it additionally sends community circulation knowledge to Elisity’s Cloud Management Middle. This degree of integration allows the platform to correlate “who’s speaking to who”.
Coverage Creation and Administration
All of this correlated meta knowledge for customers, workloads and gadgets turns into beneficial with Elisity entry coverage capabilities. The coverage interface makes use of an intuitive matrix visualization that clearly exhibits relationships between asset teams. A key characteristic demonstrated was the flexibility to categorise property dynamically primarily based on a number of standards. For instance, we watched an unauthorized laptop computer get robotically reclassified into a certified radiology group primarily based on matching ServiceNow asset tags, machine kind, and CrowdStrike EDR standing.
The platform contains highly effective options for coverage refinement:
- Studying mode to grasp precise site visitors patterns
- Coverage simulation earlier than enforcement
- Visitors circulation analytics overlaid on the coverage matrix
- The power to lock property in particular teams (significantly beneficial for OT environments)
A very helpful characteristic is the site visitors circulation evaluation view, which overlays precise communication patterns on the coverage matrix. This helps directors determine unused paths that may be safely blocked and validate coverage adjustments earlier than enforcement.
Healthcare Use Case Deep Dive
To guage real-world applicability, we examined a standard healthcare situation: securing legacy medical gadgets working outdated working methods. The platform robotically found our simulated medical tools and supplied granular visibility into their communication patterns.
The demo confirmed how simply insurance policies could possibly be created for numerous medical tools together with X-ray machines, CT scanners, and EHR methods. A very beneficial instance demonstrated blocking particular ports (like SSH port 22) to legacy medical gadgets working outdated working methods whereas sustaining mandatory scientific entry.
Efficiency and Scale
Testing revealed minimal efficiency impression from Elisity’s enforcement mechanisms. By leveraging change ASICs for coverage enforcement, the answer maintained sub-millisecond latency with no noticeable throughput discount. The distributed structure dealt with our check load effectively, suggesting good scalability for enterprise deployments.
The deployment course of proved remarkably easy, taking beneath half-hour per website with no community downtime. This effectivity stems from Elisity’s container-based strategy and talent to work with present infrastructure.
Areas for Enhancement
Whereas Elisity delivers on its core promise, some areas could possibly be improved. The wi-fi integration capabilities have not too long ago been expanded to incorporate Cisco Catalyst 9800 wi-fi controllers supporting inter and intra SSID segmentation or alternatively on the change the place the AP or Controller connects to the community which could possibly be vital for healthcare environments with growing wi-fi machine adoption. Moreover, whereas the coverage interface is intuitive, extra predefined templates would assist speed up preliminary deployment.
We additionally famous that some guide coverage tuning was wanted to optimize guidelines for particular use circumstances. Whereas the platform supplies good visibility for this tuning, further automation may streamline this course of. We do word that Elisity knowledgeable us that they’re launching Elisity Intelligence in early 2025, which they are saying will present a stronger automated coverage advice engine.
Public Case Research Instance
Elisity shares {that a} main U.S. well being system with 800+ hospitals and healthcare clinics achieved outstanding effectivity positive factors and value financial savings by implementing Elisity, lowering complete prices from $38M to $9M – a 76% TCO discount. The implementation required solely 2 workers members per website as an alternative of 14, with deployment taking simply 4-10 hours per location whereas avoiding downtime and affected person care disruption. Elisity’s platform found and categorised 99% of gadgets inside 4 hours and eradicated the necessity for pricey IoMT machine re-IP processes, and supplied automated, steady machine stock updates to their CMDB with complete community visibility throughout all areas. Learn extra on Elisity’s profitable deployments in healthcare, pharma and manufacturing on their web site.
Conclusion
Elisity efficiently addresses the first challenges of conventional microsegmentation approaches whereas offering a sensible path to implementation. The answer’s potential to leverage present infrastructure whereas delivering identity-based controls makes it significantly beneficial for organizations with numerous endpoint sorts and sophisticated segmentation necessities.
Throughout testing, we have been significantly impressed by Elisity’s incident response capabilities. The platform permits organizations to take care of a number of coverage units – together with pre-configured “locked down” insurance policies that may be quickly deployed through their SOAR playbooks or API integrations, if ransomware or different threats are detected.
The platform’s speedy deployment capabilities and minimal efficiency impression make it a compelling choice for enterprises seeking to enhance their safety posture with out huge infrastructure investments. Whereas some features like wi-fi integration could possibly be enhanced, Elisity provides a realistic strategy to implementing microsegmentation throughout the enterprise.
For organizations combating conventional segmentation approaches, significantly these in healthcare and manufacturing sectors, Elisity supplies a transparent path ahead that balances safety necessities with operational realities. To be taught extra about Elisity IdentityGraph, go to the resolution web page right here.
