Community segmentation stays a important safety requirement, but organizations wrestle with conventional approaches that demand intensive {hardware} investments, complicated coverage administration, and disruptive community modifications. Healthcare and manufacturing sectors face specific challenges as they combine various endpoints – from legacy medical units to IoT sensors – onto their manufacturing networks. These units typically lack strong safety hardening, creating vital vulnerabilities that conventional segmentation options wrestle to handle.
Elisity goals to resolve these challenges by an progressive method that leverages current community infrastructure whereas offering identity-based microsegmentation on the community edge. Relatively than requiring new {hardware}, brokers or complicated community redesigns, Elisity prospects run just a few light-weight digital connectors (referred to as Elisity Digital Edge) to implement safety insurance policies by organizations’ present switching infrastructure.
On this hands-on evaluate, we’ll look at Elisity’s technical capabilities and real-world applicability based mostly on testing in a simulated healthcare atmosphere that mirrors frequent enterprise deployment situations. To get a personalised demo, go to the Elisity web site right here.
Identification-First Structure
On the core of Elisity’s platform is the Cloud Management Middle, which gives centralized coverage administration and visibility. Throughout testing, we noticed how “Elisity’s Digital Edge” elements may be deployed both immediately on supported switches (Cisco Catalyst 9K collection) or as VMs or containers in non-public clouds or on networks, they combine with current community switches together with Cisco, Juniper and Arista. The check atmosphere demonstrates that Elisity can handle segmentation at each a collection of clinics that connect with the community with Cisco 9300 and 3850 switches, and hospital websites with a Cisco 9300 working the Elisity Digital Edge on it.
The Elisity IdentityGraph engine proves notably spectacular in follow. Past simply discovering units, it correlates identification information from a number of sources into what Elisity calls “core efficient attributes” – a consolidated view of probably the most legitimate and trusted information about every asset. Throughout testing, we noticed it pull information concurrently from Energetic Listing, ServiceNow, CrowdStrike and different sources, creating wealthy contextual profiles that inform coverage selections.
As a result of Elistiy’s Digital Edge “connectors” are linked company networks they uncover and sees extra than simply the gadget particulars, it additionally sends community movement information to Elisity’s Cloud Management Middle. This degree of integration allows the platform to correlate “who’s speaking to who”.
Coverage Creation and Administration
All of this correlated meta information for customers, workloads and units turns into invaluable with Elisity entry coverage capabilities. The coverage interface makes use of an intuitive matrix visualization that clearly exhibits relationships between asset teams. A key function demonstrated was the flexibility to categorise belongings dynamically based mostly on a number of standards. For instance, we watched an unauthorized laptop computer get mechanically reclassified into a licensed radiology group based mostly on matching ServiceNow asset tags, gadget sort, and CrowdStrike EDR standing.
The platform contains highly effective options for coverage refinement:
- Studying mode to know precise visitors patterns
- Coverage simulation earlier than enforcement
- Site visitors movement analytics overlaid on the coverage matrix
- The power to lock belongings in particular teams (notably invaluable for OT environments)
A very helpful function is the visitors movement evaluation view, which overlays precise communication patterns on the coverage matrix. This helps directors establish unused paths that may be safely blocked and validate coverage modifications earlier than enforcement.
Healthcare Use Case Deep Dive
To guage real-world applicability, we examined a typical healthcare situation: securing legacy medical units working outdated working methods. The platform mechanically found our simulated medical gear and offered granular visibility into their communication patterns.
The demo confirmed how simply insurance policies could possibly be created for various medical gear together with X-ray machines, CT scanners, and EHR methods. A very invaluable instance demonstrated blocking particular ports (like SSH port 22) to legacy medical units working outdated working methods whereas sustaining needed medical entry.
Efficiency and Scale
Testing revealed minimal efficiency affect from Elisity’s enforcement mechanisms. By leveraging change ASICs for coverage enforcement, the answer maintained sub-millisecond latency with no noticeable throughput discount. The distributed structure dealt with our check load effectively, suggesting good scalability for enterprise deployments.
The deployment course of proved remarkably simple, taking beneath half-hour per website with no community downtime. This effectivity stems from Elisity’s container-based method and skill to work with current infrastructure.
Areas for Enhancement
Whereas Elisity delivers on its core promise, some areas could possibly be improved. The wi-fi integration capabilities have lately been expanded to incorporate Cisco Catalyst 9800 wi-fi controllers supporting inter and intra SSID segmentation or alternatively on the change the place the AP or Controller connects to the community which could possibly be vital for healthcare environments with growing wi-fi gadget adoption. Moreover, whereas the coverage interface is intuitive, extra predefined templates would assist speed up preliminary deployment.
We additionally famous that some guide coverage tuning was wanted to optimize guidelines for particular use circumstances. Whereas the platform gives good visibility for this tuning, extra automation may streamline this course of. We do be aware that Elisity knowledgeable us that they’re launching Elisity Intelligence in early 2025, which they are saying will present a stronger automated coverage suggestion engine.
Public Case Research Instance
Elisity shares {that a} main U.S. well being system with 800+ hospitals and healthcare clinics achieved exceptional effectivity positive factors and price financial savings by implementing Elisity, lowering whole prices from $38M to $9M – a 76% TCO discount. The implementation required solely 2 workers members per website as an alternative of 14, with deployment taking simply 4-10 hours per location whereas avoiding downtime and affected person care disruption. Elisity’s platform found and categorised 99% of units inside 4 hours and eradicated the necessity for pricey IoMT gadget re-IP processes, and offered automated, steady gadget stock updates to their CMDB with complete community visibility throughout all places. Learn extra on Elisity’s profitable deployments in healthcare, pharma and manufacturing on their web site.
Conclusion
Elisity efficiently addresses the first challenges of conventional microsegmentation approaches whereas offering a sensible path to implementation. The answer’s potential to leverage current infrastructure whereas delivering identity-based controls makes it notably invaluable for organizations with various endpoint varieties and sophisticated segmentation necessities.
Throughout testing, we have been notably impressed by Elisity’s incident response capabilities. The platform permits organizations to keep up a number of coverage units – together with pre-configured “locked down” insurance policies that may be quickly deployed by way of their SOAR playbooks or API integrations, if ransomware or different threats are detected.
The platform’s speedy deployment capabilities and minimal efficiency affect make it a compelling possibility for enterprises seeking to enhance their safety posture with out huge infrastructure investments. Whereas some elements like wi-fi integration could possibly be enhanced, Elisity provides a realistic method to implementing microsegmentation throughout the enterprise.
For organizations battling conventional segmentation approaches, notably these in healthcare and manufacturing sectors, Elisity gives a transparent path ahead that balances safety necessities with operational realities. To study extra about Elisity IdentityGraph, go to the answer web page right here.
