Most traders fail before they even leave the ground – too complex, too slow, too devastating. But Andelyn Biosciences proved that it should not be like that.
Brand: Missing a piece in zero trust safety
Today, security groups are under constant pressure to defend themselves against increasingly complex cyber spagrosis. The perimeter -based protection can no longer provide sufficient protection because the attackers transfer their attention to the lateral movement in the networks of the enterprises. With more than 70% of successful violations involving the attackers moving away, the organizations rethink how they provide domestic traffic.
Bickenetation appeared as a key strategy in achieving zero trust, restricting access to critical assets based on identity rather than a network place. However, traditional approaches to traders – often with the participation of VLAN re -phiguration, deployment of agents or complex rules of the firewall – will be slow, operational and complex.
For Biosciences Andelyn, contract development and production organization (CDMO), which specializes in gene therapy, ensuring pharmaceutical research and production conditions. But with the thousands of Iot and OT devices working on interconnected networks, the usual approach to segmentation would introduce an unacceptable complexity and downtime.
Initially, to solve these problems, Elin chose network access solution (NAC). However, after almost two years, in the implementation with high operative overhead and inability to scale segmentation effectively, the security team broke from lack of progress. The complexity of compulsory implementation and manually managing the policy made it difficult to adapt to the decision for the rapidly developing environment.
Ultimately, they decided to clean the decision on identity traders, allowing them to quickly fulfill the access policy to the slightest privilege without requiring changes to the equipment or refurbishment of the network.
See Virtual Subject Playing
Listen from Brian Holmes, Deputy Prime Minister -Eneen Biosciences Information Technology, and Pete Dulit, Customer CEO to find out how the current approach to trace is accelerating zero from years to weeks.
Brian shares her way from the initial deployment to the management of 2700 active security policies – everything without breaking operations and not requiring new equipment or network configurations.
Look now to find out:
- Practical strategies for the introduction of traders across the whole and OT environment, without violating critical pharmaceutical production and scientifically research operations.
- How to accelerate zero trust initiatives using identity security policy that protect intellectual property, ensure regulatory requirements and provide clinical trial data.
- How to get an understanding of the real world about scaling from the original evidence of the concept to deployment used using automated discovery, Elisity AMAPEASEGration ™ and dynamic policy implementation.
See a complete thematic study here
Task: Providing a difficult and high -shared environment
The pharmaceutical industry faces unique security problems. Research and production facilities place critical intellectual property and must meet strict regulatory requirements, including NIST 800-207 and IEC 62443. The Andelyn security leaders are increasingly concerned about the risks caused by flat network architecture, where users, devices and loads have shared the same infrastructure.
Despite the traditional protection of the perimeter, this structure left neither vulnerable to unauthorized access and lateral movement. Security team encountered multiple key problems:
- Lack of complete visibility in all connected devices, including unmanaged assets IoT and OT.
- The need for segmentation without breaking surgery in very sensitive studies.
- Pressure on compliance with the requirements that require fine -grained access control without increasing administrative cost.
Brian Holmes, Deputy Prime Minister in Endelyn Biosciences, knew that traditional segmentation models will not work. The deployment of network access control solutions (NAC) or Rearchitecting VLAN will take considerable downtime, affecting critical research and production terms.
“We needed a traders that can provide immediate visibility, pursue granulated security policies and do so without demanding massive overhaul,” Holmes explained.
Approach to Elitity: Segmentation based on identity without difficulty
Unlike outdated segmentation solutions, Elisity’s approach does not rely on VLAN, firewall rules and law enforcement agents. Instead, it dynamically applies an identity -based security policy using an existing network infrastructure to switch to fulfill the slightest privilege.
The Elisity platform is based on Elisity AMAPEASEGRPH ™, which correlates metadata from Active Directory, decisions to detect endpoints and response (EDR), such as Crowdstrike, and CMDB Systems to create a map of users, work loads and devices in real -time. This visibility allows organizations to fulfill an identity, behavior and risk policy – rather than static network structures.
For Andelyn, this meant that they could achieve full network visibility and implement segmentation in a few weeks rather than months or years, without surgical disorders.
Deployment: From visibility to policy implementation for weeks
Traveling in the segmentation of Anine began with the comprehensive opening of the network. The Elisity platform passively identified all users, loads and devices across them and OT environments, including previously unmanaged assets. Within a few days, security teams had a complete inventory enriched with metadaded to determine what assets trust, unknown or potentially robbery.
Next, the endlin moved to the modeling and modeling of the policy, using the engine of dynamic policy “without first”. Instead of immediately following the policy, the security teams model the segmentation rules to make sure that they do not violate critical workflows.
After checking the policy, they were gradually intensified-at the beginning of low-risk environments and then in production systems. Because the Elisity platform does not require restructuring network infrastructure, forced execution was seamless.
“We were able to move from the monitoring regime to complete activation of the time we expected,” Holmes said. “And we did it without breaking research and production operations.”
Results: stronger security without additional complexity
With 2,700 active security policies now exists, Hellen has greatly improved its Zero Trust Persaly When maintaining the branch rules.
Applying the identity -based traders, the company has:
- Prevented the unauthorized lateral movement, reducing the potential explosion radius.
- Protective data on pharmaceutical research and intellectual property from insider threats and external attacks.
- Reduction of operative overhead, since segmentation policy is dynamically implemented without the need for permanent manual updates.
- Ordered reporting on the fulfillment of the requirements corresponding to the Nist 800-207 and IEC 62443.
Unlike traditional approaches that rely on static access lists or require special segmentation equipment, the Elisity platform is constantly adapting as users, loads and devices moving on the network. The policy is governed by a cloud and is dynamically updated based on real -time understanding from Elisity Adtmantage ™, ensuring that security remains effective even if threats are developing.
Future: Salaxing the traders throughout the enterprise
After success, its initial deployment, Andelyn now expands the trace policy on additional sites and uses cases. The ability to access the slightest privilege dynamically, without requiring serious network changes, made the elises an important part of the company’s security strategy.
For other organizations that face similar problems, Holmes offers a clear recommendation:
“Start out of visibility. You can’t protect what you don’t see. From there you focus on the policy modeling before fulfilling. The possibility of modeling policy was first for us to change games.”
Finition is often regarded as a complex, long -standing initiative that requires significant investment and impaired operational work. The case of Andelyn Biosciences proves otherwise – with the right approach of the organization can reach a zero segmentation of trust in a few weeks, not years.
If your segmentation project stopped – or worse, never started, there is a better way. See how identity traders can accelerate confidence in your organization. (Request a demonstration here)
