Watch on YouTube
Watch on Vimeo
This Elisity presentation at Network Field Day 36 focuses on how Elisity’s microsegmentation architecture leverages a cloud-native distributed control plane that separates policy management from enforcement. At its core, the system utilizes a centralized policy management platform that integrates with existing identity providers and maintains the Elisity IdentityGraph—a comprehensive mapping of all network assets, their relationships, and behavior patterns. This identity-centric approach moves beyond traditional IP-based controls to enable context-aware policy enforcement at the network edge.
The implementation relies on Elisity Virtual Edge controller(s) that transform existing access-layer switches into policy enforcement points. These controllers communicate with the Elisity Cloud Control center via secure channels, enabling real-time policy updates without requiring dedicated hardware. For manufacturing environments, this architecture enables granular control over industrial control systems and OT devices while maintaining IEC 62443 compliance. In healthcare settings, it facilitates 405(d) HICP compliance while protecting sensitive medical devices and clinical systems.
Key technical components include the Elisity identity-based Dynamic Policy Engine that leverages machine learning for asset discovery and classification, graphical policy visualization matrices for traffic flow analysis, and virtual edge nodes that enforce policies using native switch functionality. The system continuously monitors east-west and north-south traffic patterns, providing real-time telemetry data for behavior analysis and policy refinement.
This architecture enables security teams to implement zero trust principles at scale, with the ability to microsegment networks down to individual workloads while maintaining the performance requirements of critical manufacturing and healthcare operations. The platform’s ability to learn from traffic patterns and automatically adjust policies based on identity and context makes it particularly effective in environments where traditional agent-based solutions are impractical.
Personnel: Dana Yanch, Piotr Kupisiewicz
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
