Network segmentation remains a critical security requirement, but organizations struggle with traditional approaches that require large hardware investments, complex policy management, and disruptive network changes. The healthcare and manufacturing sectors face particular challenges as they integrate a variety of endpoints into their production networks, from legacy medical devices to IoT sensors. These devices often lack robust security hardening, creating significant vulnerabilities that traditional segmentation solutions struggle to address.
Elisity aims to address these challenges with an innovative approach that leverages existing network infrastructure while providing identity-based micro-segmentation at the network edge. Rather than requiring new hardware, agents, or complex network redesign, Elisity customers run multiple lightweight virtual connectors (called Elisity Virtual Edge) to enforce security policies across an organization’s current switching infrastructure.
In this hands-on review, we’ll explore Elisity’s technical capabilities and real-world usability based on testing in a simulated healthcare environment that reflects common enterprise deployment scenarios. For a personalized demo, visit Elisity’s website is here.
Identity-First Architecture
At the core of the Elisity platform is the Cloud Control Center, which provides centralized policy management and visibility. During testing, we saw how Elisity’s Virtual Edge components can be deployed either directly on supported switches (Cisco Catalyst 9K series) or as virtual machines or containers in private clouds or networks, integrating with existing network switches, including Cisco , Juniper and Arista. The test environment demonstrates that Elisity can manage segmentation in both a number of clinics networked with Cisco 9300 and 3850 switches, as well as hospital sites with Cisco 9300s running Elisity Virtual Edge.
Elisity’s IdentityGraph engine proves particularly impressive in practice. In addition to device detection, it correlates identity data from multiple sources into what Elisity calls “core effective attributes”—a consolidated representation of the most valid and reliable data about each asset. In testing, we saw it simultaneously pull data from Active Directory, ServiceNow, CrowdStrike, and other sources, creating rich, contextual profiles that inform policy decisions.
Because Elisity’s Virtual Edge “connectors” are connected enterprise networks, they discover and see more than just device details, it also sends network traffic data to Elisity’s Cloud Control Center. This level of integration allows the platform to correlate “who is talking to whom.”
Create and manage policies
All of this correlated metadata across users, workloads, and devices becomes valuable with Elisity’s access policy capabilities. The policy interface uses an intuitive matrix visualization that clearly shows the relationships between groups of assets. A key feature demonstrated was the ability to dynamically classify assets based on multiple criteria. For example, we observed an unauthorized laptop being automatically reclassified into an authorized radiology team based on matching ServiceNow asset tags, device type, and CrowdStrike EDR status.
The platform includes powerful features to improve policy:
· Learning mode to understand actual traffic patterns
· Modeling the policy before its implementation
· Traffic analytics overlaid on the policy matrix
· Ability to lock assets in specific groups (especially valuable for OT environments)
A particularly useful feature is the traffic flow analysis view, which overlays actual communication patterns onto the policy matrix. This helps administrators identify unused paths that can be safely blocked and validate policy changes before they are applied.
A deep dive into a healthcare use case
To assess real-world applicability, we tested a common healthcare scenario: securing legacy medical devices running legacy operating systems. The platform automatically detected our simulated medical equipment and provided detailed visibility into their communication patterns.
The demonstration showed how easily policies can be created for a variety of medical equipment, including X-ray machines, CT scanners and EHR systems. A particularly valuable example demonstrated the blocking of certain ports (such as SSH port 22) for older medical devices running legacy operating systems while maintaining essential clinical access.
Performance and scale
Testing showed minimal performance impact of Elisity’s enforcement mechanisms. By using ASIC switches to enforce policies, the solution maintained sub-millisecond latency without appreciable degradation in throughput. The distributed architecture handled our test workload effectively, indicating good scalability for enterprise deployments.
The deployment process proved to be extremely easy, taking less than 30 minutes per site with no network downtime. This efficiency comes from Elisity’s container approach and ability to work with existing infrastructure.
Areas for improvement
While Elisity delivers on its core promises, some areas could be improved. Wireless integration capabilities have recently been expanded to include Cisco Catalyst 9800 wireless controllers that support internal and external SSID segmentation or alternatively at the switch where the AP or controller connects to the network, which can be important for healthcare environments with increasing wireless deployments. devices. Also, while the policy interface is intuitive, more predefined templates would help speed up the initial deployment.
We also noted that some manual policy tuning was necessary to optimize the rules for specific use cases. While the platform provides good visibility for this setup, more automation could streamline the process. We note that Elisity has told us that they are launching Elisity Intelligence in early 2025, which they say will provide a stronger automated policy recommendation system.
Public case study example
Elisity shares that a leading US healthcare system with more than 800 hospitals and medical clinics achieved significant efficiency gains and cost savings by implementing Elisity, reducing total costs from US$38 million to US$9 million – a 76% reduction in TCO. Implementation required only 2 staff per site instead of 14, with deployment taking only 4-10 hours at each site, avoiding downtime and disruption to patient care. Elisity’s platform detected and classified 99% of devices within 4 hours and eliminated the need for costly IoMT device re-IP processes and provided automated continuous device inventory updates to their CMDB with full network visibility across all locations. Learn more about Elisity’s successful deployments in healthcare, pharmaceuticals and manufacturing their website.
Conclusion
Elisity successfully addresses the core challenges of traditional micro-segmentation approaches while providing a practical path to implementation. The solution’s ability to leverage existing infrastructure while providing identity-based management makes it particularly valuable for organizations with diverse endpoint types and complex segmentation requirements.
During testing, we were particularly impressed with Elisity’s incident response capabilities. The platform allows organizations to maintain multiple sets of policies – including pre-configured “lockdown” policies that can be quickly deployed using SOAR tutorials or API integrations when ransomware or other threats are detected.
The platform’s rapid deployment capabilities and minimal performance impact make it a compelling option for enterprises looking to improve their security without significant infrastructure investment. While some aspects, such as wireless integration, could be improved, Elisity offers a pragmatic approach to implementing micro-segmentation across the enterprise.
For organizations struggling with traditional approaches to segmentation, especially those in the healthcare and manufacturing sectors, Elisity provides a clear path forward that balances security requirements with operational realities. To learn more about the Elisity IdentityGraph, visit solution page here.
