Elisity Named a Cool Vendor in the Gartner® Cool Vendors™ in Cyber-Physical Systems Security 2025 Report: Transforming Critical Infrastructure Protection Through Identity-Centric Microsegmentation

TL;DR: Elisity named in the 2025 Gartner Cool Vendors in Cyber-Physical Systems Security for network segmentation that transforms existing infrastructure into intelligent policy enforcement without operational disruption.

We hold the view that being recognized as a Cool Vendor substantiates our approach to transforming existing infrastructure into intelligent policy enforcement nodes that enable automated least-privilege access and microsegmentation without disrupting critical CPS operations.

Why we believe Elisity was named a Gartner Cool Vendor?

We believe this acknowledgment reflects a fundamental shift in how we approach cyber-physical systems protection. Traditional security models built around brittle network constructs—IP addresses, VLANs, subnets, and firewall rules—cannot address the dynamic, interconnected nature of modern CPS environments. What's needed is an identity-centric approach that understands not just where devices sit in the network, but who and what they are, their operational context, and their behavioral patterns.

The breakthrough lies in Elisity's IdentityGraph™, which creates a unified view of device identity and context that exists only in our Elisity Cloud Control Center. This groundbreaking approach moves beyond traditional network-based policies to build security controls on persistent device identity and operational context—enabling organizations to achieve IEC 62443 zone and conduit architecture principles without the fragility of conventional network segmentation approaches.

How does Elisity secure cyber-physical systems?

CPS environments present unique security challenges that conventional approaches struggle to address. Manufacturing floors, hospital networks, pharmaceutical facilities, and critical infrastructure sites contain thousands of devices—from legacy industrial controllers to modern IoT sensors—many of which remain invisible to traditional security tools.

The fundamental issue isn't just device visibility; it's that traditional security approaches build policies on brittle network constructs. IP addresses change, VLANs get reconfigured, subnets are redesigned, and firewall rules become unmanageable. CPS environments cannot tolerate the fragility and operational disruption these network-centric approaches create.

Elisity solves this by building security policies on device identity and operational context rather than network topology. Our groundbreaking IdentityGraph™ creates a comprehensive view of every device's identity, behavior, and relationships—context that exists only in the Elisity Cloud Control Center and cannot be replicated by traditional network tools.

This identity-centric approach enables organizations to implement IEC 62443 zone and conduit architecture principles without the brittleness of traditional VLAN-based segmentation. Security policies follow device identity and operational context, not network location—ensuring consistent protection even as CPS environments evolve and reconfigure.

What do customers say about Elisity's CPS security?

The true validation of our approach comes from the organizations that have deployed Elisity to secure their most critical infrastructure.

Healthcare: Protecting Patient Safety and Medical Device Integrity

Jason Elrod, Chief Information Security Officer at MultiCare Health System, describes the transformation: "Our hospital network contained thousands of medical devices, from MRI machines to patient monitors, and we had virtually no visibility into device behavior and communications. When we deployed Elisity, the IdentityGraph™ immediately began correlating device identity and context that simply didn't exist anywhere else in our security stack. Within the first week, we discovered 847 previously unknown devices. What's revolutionary is that Elisity's policies aren't built on fragile and difficult to configure and manage network constructs like VLANs or IP addresses—they're based on device identity and operational context that persists regardless of network changes."

Pharmaceutical: Securing Manufacturing and R&D Operations

"Our biopharmaceutical manufacturing requires both security and regulatory compliance," explains Edmond Mack, SVP and CISO at Cencora and former CISO at Haleon. "Traditional segmentation approaches forced us to manage hundreds of firewall rules and VLAN configurations that broke every time we reconfigured production lines. Elisity's approach is fundamentally different—the IdentityGraph™ creates a unified view of device identity and context that exists only in their Cloud Control Center. This allows us to implement IEC 62443 zone and conduit architecture principles without traditional, outdated network-based policies. Our security policies now follow the devices and their operational context, not network topology."

Manufacturing: Operational Technology Protection at Scale

"We had people putting things on our network that we were not aware of—you can't manage what you can't measure," says Max Everett, CISO at Shaw Industries. "We deployed Elisity at two of our sites in less than an hour, and by the next day we were confidently implementing policies. This made Elisity an indispensable part of our network security strategy across our manufacturing sites. The ability to do things at the network level from an agentless perspective brings incredible value to our business. Traditional microsegmentation approaches are manual, and manual doesn't scale. Elisity deployed as quick as they said it would—we got visibility quickly and were able to start building device profiles and rules in a very granular way without any disruption to our operations."

The Evolution from Network-Centric to Identity-Centric Security

The cybersecurity industry is experiencing a fundamental transformation in CPS security thinking. As Gartner research notes, "The field of CPS security is evolving from a network-centric, reactive model focused on firewalls and prevention to a more mature discipline centered on proactive defense, asset-centric protection, and rapid recovery"

We think this evolution reflects the reality that modern CPS environments cannot be secured through brittle network constructs. Traditional approaches that rely on IP addresses, VLAN configurations, subnet boundaries, and firewall rules create fragile security architectures that break when networks evolve—and in CPS environments, networks evolve constantly.

The breakthrough is moving beyond network topology to device identity and operational context. Elisity's IdentityGraph™ represents this fundamental shift, creating a comprehensive understanding of every device's identity, behavior patterns, operational role, and relationships—context that exists only in our Cloud Control Center and forms the foundation for resilient security policies.

We feel this identity-centric approach enables policies where access is determined by who and what a user, workload, or device is, rather than where it sits in the network. The result is security that adapts to operational needs while maintaining consistent protection regardless of network changes, supporting IEC 62443 zone and conduit models without the brittleness of traditional network-based segmentation.

Integration with Existing Security Infrastructure

One of the most significant advantages of Elisity's approach is its ability to work within existing security architectures. We believe the platform integrates with existing security tech stacks via APIs, aggregating data from all available sources to enable more flexible and dynamic security policies.

This integration capability is crucial for enterprise CPS environments that have invested heavily in security tools but struggle with visibility gaps and policy coordination across different systems. Rather than replacing existing investments, Elisity enhances them by providing the device discovery, categorization, and identity mapping that other tools require to function effectively.

Looking Forward: The Future of CPS Security

We believe being named a Gartner Cool Vendor validates what we've seen in the field: organizations are moving beyond reactive, network-centric approaches toward proactive, identity-centric security models. This shift is driven by several converging factors:

Regulatory Pressure: New cybersecurity frameworks from NIST, CISA, and industry-specific bodies increasingly mandate network segmentation and device visibility requirements.

Operational Requirements: CPS environments cannot tolerate the downtime and disruption associated with traditional security implementations.

Threat Evolution: Attackers are increasingly targeting CPS environments, leveraging lateral movement techniques that traditional perimeter defenses cannot prevent.

Digital Transformation: The integration of IT and OT environments, combined with increased cloud connectivity, demands security approaches that can span traditional network boundaries.

The Path Forward for CPS Security Leaders

For CISOs, security architects, and infrastructure leaders responsible for protecting critical systems, the message is clear: the future of CPS security lies in identity-centric approaches that can provide comprehensive visibility and control without disrupting operations.

Organizations should prioritize solutions that can: • Automatically discover and categorize all devices, including legacy and ephemeral systems • Apply security policies based on device identity rather than network location • Integrate with existing security infrastructure rather than requiring wholesale replacement • Implement without operational downtime or extensive re-engineering projects • Scale across diverse CPS environments from manufacturing floors to hospital networks

Industry Recognition

In our opinion, being named a Gartner Cool Vendor in CPS Security represents both recognition of our technical innovation and responsibility to the critical infrastructure community. The organizations that depend on CPS systems—hospitals, manufacturers, utilities, and others—cannot afford security solutions that compromise operational reliability.

Our identity-centric approach to microsegmentation represents a fundamental advancement in how we protect these vital systems. By transforming existing network infrastructure into intelligent policy enforcement points, we enable organizations to achieve robust security without sacrificing the availability and performance that critical operations require.

The future of CPS security will be built on platforms that understand not just network topology, but device identity, operational context, and business requirements.

As cyber threats continue to evolve and target critical infrastructure, the need for innovative, practical security solutions becomes more urgent. We further believe, being named a Cool Vendor enables Elisity to lead this transformation, helping organizations worldwide achieve the security posture their critical operations demand.

Get the full report here. Contact Elisity to discuss your cyber-physical systems security and microsegmentation program.

Gartner, Cool Vendors in Cyber-Physical Systems Security 2025 by Katell Thielemann, September 18, 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and COOL VENDORS is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.