1. Help Center
  2. Getting Started

Introduction to Elisity Cognitive Trust

Elisity Cognitive Trust is the only cloud delivered and cloud native identity based micro segmentation solution that offers a policy plane actionable at the edge of the network.

Introduction

Thank you for being interested in Elisity. Elisity Cognitive Trust provides an intelligent and robust policy language based on identity and context rather than location or IP and is fully applicable to users, apps, and devices no matter who or what they are or where they might show up on the network.

Components of Elisity Cognitive Trust

The Elisity Cognitive Trust solution is a true software-defined network security platform, ensuring that the control and data plane are separate and independent of each other. Elisity has developed a robust control and policy plane that can scale at the enterprise level and provide unparalleled flexibility, performance, and security. The Elisity Cognitive Trust policy plane offers the industry the most comprehensive identity-based policy language while also achieving simplicity in its deployment and management methodology. The combined components of the Elisity architecture establish a holistic and continuously verified secure network that addresses every possible network-based vulnerability in the enterprise.

Elisity Cloud Control Center Overview

Elisity Cloud Control Center

Elisity Cloud Control Center is the management, control, and policy plane for Elisity Cognitive Trust. An administrator logs into the Cloud Control Center portal to provision, manage and monitor the Elisity Cognitive Trust fabric and all identity or cloud service provider platform integrations (Active Directory, AWS, Claroty, Medigate, ServiceNow etc). Among many other things, Cloud Control Center also provides multi-domain asset discovery and identity mapping and presents identify behavior analytics to the end-user. Within this portal, the network security administrator builds advanced contextual and identity-based policies that will immediately harden the edge of the entire enterprise network. Lastly, Cloud Control Center orchestrates applying these policies across all components of the Elisity Cognitive Trust architecture through a secure TLS based control channel.  A dedicated Cloud Control Center is spun up on a per-customer basis and hosted as a service by Elisity. Cloud Control Center is based on a cloud native distributed micro services architecture designed to dynamically scale horizontally to meet the scale demands of large enterprises.

Within Cloud Control Center users can leverage identity data that has been gleaned about all assets discovered on the network to easily deploy policy, using our Graphical Policy Visualization Matrix. Users can also make policy decisions based on learned traffic flows from the Traffic Visualization Matrix.

Elisity Virtual Edge

Elisity Virtual Edge is a secure virtual appliance running Elisity Cognitive Trust software to provide both east-west and north-south identity based zero trust control and micro segmentation at the network edge. Once deployed, Elisity Virtual Edge gleans identity metadata from traffic flows, collects flow analytics, and detects IT/OT/IoT/IoMT devices. This information is shared with Cloud Control Center where additional identity and policy classification occurs. Through a secure Elisity control channel, a policy is distributed to the appropriate Virtual Edges in the network which in turn is enforced using switch native functionality on the access switch closest to the endpoint. 

Virtual Edge is the primary deployment methodology for campus and large branch customers. There are multiple ways to insert Elisity Virtual Edge into your network. Those methods consist of hosting the software directly on switches using the native built in application hosting functionality, or hosting the software as a VM on your hypervisor of choice and onboarding switches to the Virtual Edge VM. Elisity Virtual Edge (switch hosted) is a container-based solution that allows an organization to run Elisity Cognitive Trust software directly on edge switches or aggregation layer switches deployed across the enterprise network. Virtual Edge can be installed on supported network switches with application hosting capabilities (i.e., Cisco, Extreme Networks, Arista, etc.). Virtual Edge VM (hypervisor hosted) can be run as a VM anywhere in the network with control and data connections to compatible switches. The Virtual Edge code can glean identity metadata, learn device/user/application behavior and configure switch native access controls based on Elisity Policy.

Virtual Edge Design Guides

Virtual Edge Deployed at the Aggregation Layer (Switch Hosted)

In this design, Elisity Virtual Edge code runs within a container on supported switches that offer application hosting. The Virtual Edge container is used to establish control and data connections to onboarded access layer switches. This enables multiple access layer switches to be controlled by the same Virtual Edge instance, contained on your aggregation layer switches, without the need for external compute resources. The Virtual Edge code can glean identity information by receiving copies of particular protocol messages and metadata while enforcing policy at the edge using security functions native to the switch operating system. 

Virtual Edge Deployed at the Access Layer (Switch Hosted)

In this design, the Virtual Edge code is ran as a container directly on compatible access layer switches. Each access layer switch has its own instance of the Virtual Edge, which maintains a persistent connection to Cloud Control Center. This eliminates single point of failure, as each switch is independently controlled from Cloud Control Center.

Further details on how Virtual Edge integrates and operates, as well as deployment strategy, can be found in the Virtual Edge Deployment Guide.

 

 

Virtual Edge VM (Hypervisor Hosted)

Elisity Virtual Edge VM code runs as a virtual machine on any hypervisor anywhere in your network. Similarly to Virtual Edge code that is ran directly on switches, it can glean identity information by receiving copies of particular protocol messages and metadata while enforcing policy at the edge using security functions native to the switch operating system. The Virtual Edge VM maintains a persistent connection to Cloud Control Center as well as connections to the edge switches it actively manages. 

Further details on how Virtual Edge VM integrates and operates, as well as deployment strategy, can be found in the Virtual Edge VM Deployment Guide.