How to Optimize a Microsegmentation Architecture with Elisity

This Elisity presentation at Network Field Day 36 focuses on how Elisity’s microsegmentation architecture leverages a cloud-native distributed control plane that separates policy management from enforcement. At its core, the system utilizes a centralized policy management platform that integrates with existing identity providers and maintains the Elisity IdentityGraph—a comprehensive mapping of all network assets, their relationships, and behavior patterns. This identity-centric approach moves beyond traditional IP-based controls to enable context-aware policy enforcement at the network edge. The implementation relies on Elisity Virtual Edge controller(s) that transform existing access-layer switches into policy enforcement points. These controllers communicate with the Elisity Cloud Control center via secure channels, enabling real-time policy updates without requiring dedicated hardware. For manufacturing environments, this architecture enables granular control over industrial control systems and OT devices while maintaining IEC 62443 compliance. In healthcare settings, it facilitates 405(d) HICP compliance while protecting sensitive medical devices and clinical systems. Key technical components include the Elisity identity-based Dynamic Policy Engine that leverages machine learning for asset discovery and classification, graphical policy visualization matrices for traffic flow analysis, and virtual edge nodes that enforce policies using native switch functionality. The system continuously monitors east-west and north-south traffic patterns, providing real-time telemetry data for behavior analysis and policy refinement. This architecture enables security teams to implement zero trust principles at scale, with the ability to microsegment networks down to individual workloads while maintaining the performance requirements of critical manufacturing and healthcare operations. The platform's ability to learn from traffic patterns and automatically adjust policies based on identity and context makes it particularly effective in environments where traditional agent-based solutions are impractical. Presented by Dana Yanch, Director of TME, and Piotr Kupisiewicz, CTO. Recorded live at Networking Field Day 36 in San Jose, CA on November 6, 2024. Watch the entire presentation at https://techfieldday.com/appearance/e... or visit https://techfieldday.com/event/nfd36/ or https://www.Elisity.com/ for more information.