Community segmentation stays a vital safety requirement, but organizations wrestle with conventional approaches that demand in depth {hardware} investments, advanced coverage administration, and disruptive community adjustments. Healthcare and manufacturing sectors face specific challenges as they combine numerous endpoints – from legacy medical units to IoT sensors – onto their manufacturing networks. These units usually lack sturdy safety hardening, creating vital vulnerabilities that conventional segmentation options wrestle to deal with.
Elisity goals to unravel these challenges via an progressive method that leverages current community infrastructure whereas offering identity-based microsegmentation on the community edge. Slightly than requiring new {hardware}, brokers or advanced community redesigns, Elisity clients run a number of light-weight digital connectors (known as Elisity Digital Edge) to implement safety insurance policies via organizations’ present switching infrastructure.
On this hands-on evaluation, we’ll look at Elisity’s technical capabilities and real-world applicability primarily based on testing in a simulated healthcare setting that mirrors frequent enterprise deployment eventualities. To get a customized demo, go to the Elisity web site right here.
Identification-First Structure
On the core of Elisity’s platform is the Cloud Management Middle, which gives centralized coverage administration and visibility. Throughout testing, we noticed how “Elisity’s Digital Edge” parts could be deployed both straight on supported switches (Cisco Catalyst 9K sequence) or as VMs or containers in personal clouds or on networks, they combine with current community switches together with Cisco, Juniper and Arista. The take a look at setting demonstrates that Elisity can handle segmentation at each a sequence of clinics that connect with the community with Cisco 9300 and 3850 switches, and hospital websites with a Cisco 9300 working the Elisity Digital Edge on it.
The Elisity IdentityGraph engine proves significantly spectacular in follow. Past simply discovering units, it correlates id knowledge from a number of sources into what Elisity calls “core efficient attributes” – a consolidated view of essentially the most legitimate and trusted knowledge about every asset. Throughout testing, we noticed it pull knowledge concurrently from Lively Listing, ServiceNow, CrowdStrike and different sources, creating wealthy contextual profiles that inform coverage choices.
As a result of Elistiy’s Digital Edge “connectors” are linked company networks they uncover and sees extra than simply the gadget particulars, it additionally sends community stream knowledge to Elisity’s Cloud Management Middle. This stage of integration allows the platform to correlate “who’s speaking to who”.
Coverage Creation and Administration
All of this correlated meta knowledge for customers, workloads and units turns into beneficial with Elisity entry coverage capabilities. The coverage interface makes use of an intuitive matrix visualization that clearly reveals relationships between asset teams. A key characteristic demonstrated was the power to categorise property dynamically primarily based on a number of standards. For instance, we watched an unauthorized laptop computer get mechanically reclassified into a licensed radiology group primarily based on matching ServiceNow asset tags, gadget sort, and CrowdStrike EDR standing.
The platform consists of highly effective options for coverage refinement:
· Studying mode to grasp precise visitors patterns
· Coverage simulation earlier than enforcement
· Site visitors stream analytics overlaid on the coverage matrix
· The flexibility to lock property in particular teams (significantly beneficial for OT environments)
A very helpful characteristic is the visitors stream evaluation view, which overlays precise communication patterns on the coverage matrix. This helps directors determine unused paths that may be safely blocked and validate coverage adjustments earlier than enforcement.
Healthcare Use Case Deep Dive
To judge real-world applicability, we examined a standard healthcare state of affairs: securing legacy medical units working outdated working programs. The platform mechanically found our simulated medical tools and supplied granular visibility into their communication patterns.
The demo confirmed how simply insurance policies may very well be created for numerous medical tools together with X-ray machines, CT scanners, and EHR programs. A very beneficial instance demonstrated blocking particular ports (like SSH port 22) to legacy medical units working outdated working programs whereas sustaining essential medical entry.
Efficiency and Scale
Testing revealed minimal efficiency influence from Elisity’s enforcement mechanisms. By leveraging change ASICs for coverage enforcement, the answer maintained sub-millisecond latency with no noticeable throughput discount. The distributed structure dealt with our take a look at load effectively, suggesting good scalability for enterprise deployments.
The deployment course of proved remarkably easy, taking underneath half-hour per website with no community downtime. This effectivity stems from Elisity’s container-based method and skill to work with current infrastructure.
Areas for Enhancement
Whereas Elisity delivers on its core promise, some areas may very well be improved. The wi-fi integration capabilities have just lately been expanded to incorporate Cisco Catalyst 9800 wi-fi controllers supporting inter and intra SSID segmentation or alternatively on the change the place the AP or Controller connects to the community which may very well be vital for healthcare environments with rising wi-fi gadget adoption. Moreover, whereas the coverage interface is intuitive, extra predefined templates would assist speed up preliminary deployment.
We additionally famous that some handbook coverage tuning was wanted to optimize guidelines for particular use circumstances. Whereas the platform gives good visibility for this tuning, further automation might streamline this course of. We do notice that Elisity knowledgeable us that they’re launching Elisity Intelligence in early 2025, which they are saying will present a stronger automated coverage advice engine.
Public Case Examine Instance
Elisity shares {that a} main U.S. well being system with 800+ hospitals and healthcare clinics achieved outstanding effectivity positive aspects and price financial savings by implementing Elisity, decreasing whole prices from $38M to $9M – a 76% TCO discount. The implementation required solely 2 workers members per website as a substitute of 14, with deployment taking simply 4-10 hours per location whereas avoiding downtime and affected person care disruption. Elisity’s platform found and labeled 99% of units inside 4 hours and eradicated the necessity for expensive IoMT gadget re-IP processes, and supplied automated, steady gadget stock updates to their CMDB with complete community visibility throughout all places. Learn extra on Elisity’s profitable deployments in healthcare, pharma and manufacturing on their web site.
Conclusion
Elisity efficiently addresses the first challenges of conventional microsegmentation approaches whereas offering a sensible path to implementation. The answer’s potential to leverage current infrastructure whereas delivering identity-based controls makes it significantly beneficial for organizations with numerous endpoint varieties and sophisticated segmentation necessities.
Throughout testing, we had been significantly impressed by Elisity’s incident response capabilities. The platform permits organizations to take care of a number of coverage units – together with pre-configured “locked down” insurance policies that may be quickly deployed by way of their SOAR playbooks or API integrations, if ransomware or different threats are detected.
The platform’s fast deployment capabilities and minimal efficiency influence make it a compelling choice for enterprises trying to enhance their safety posture with out huge infrastructure investments. Whereas some points like wi-fi integration may very well be enhanced, Elisity presents a realistic method to implementing microsegmentation throughout the enterprise.
For organizations combating conventional segmentation approaches, significantly these in healthcare and manufacturing sectors, Elisity gives a transparent path ahead that balances safety necessities with operational realities. To study extra about Elisity IdentityGraph, go to the resolution web page right here.