<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2849132&amp;fmt=gif">
Request Demo
Solution Brief
Go to my account
Request Demo
Solution Brief

Elisity® Cognitive Trust™ in Campuses and Branches

Identity-Based Microsegmentation and Least Privilege Access that Leverages Your Existing Switches

There is an explosion of IoT devices on campuses and branches, many of which are unmanaged, that have visibility and access to IT devices. Furthermore, certain user groups, such as contractors and third-party vendors, should not have access to certain mission-critical applications. Shadow IT is on the rise and so is the threat of ransomware, which has graduated past local machine exploitation and can now spread payloads laterally across the corporate network. Breaches typically remain undetected for over 200 days on average, and when they are detected it is usually too late: the ransomware payload had spread and detonated exfiltrating and encrypting data. With the attack surface at campuses and branches growing exponentially, risk has become impossible to manage effectively and efficiently using traditional network security controls that require endless IP grooming and network reconfigurations on site.

  • Firewalls provide only limited visibility
  • VRFs provide only partial fixes
  • ACLs and NACs are a time-consuming and inefficient control

ect-on-laptop-2Elisity elegantly addresses the network security concerns around lateral movement through a cloud-delivered software-first platform. Elisity Cognitive Trust delivers fast and simple identity-based microsegmentation and least privilege access of users, devices, and applications, with policies enforced at OSI L2, L3, and L4, leveraging existing switching infrastructure, user identity providers, and device telemetry sources.

What Our Customers Are Saying.

“Elisity deployed into the first facility and started enforcing policies in only 24 hours. The integration with our existing identity providers was a breeze. There were no downtimes during deployment. It did not even matter that we were in the midst of a refresh of our switching infrastructure. That agility and speed are truly astonishing by any standards.

bupa-logoPaul Haywood
Chief Information Security Officer

33% of the Typical Deployment Time at 25% of the Usual Cost



To reduce the attack surface.
Reduces risk by automatically discovering, classifying, and applying least privilege access policy to users, applications, IoT, and IT devices, including assets previously not managed in the network, thus isolating shadow IT and rogue devices from the corporate network.



To contain breaches
Minimizes the impact of breaches by keeping malicious traffic from moving laterally in the corporate network and by enabling continuous threat detection. Security and networking defined by type of asset rather than lPs and ports, with simple policies that are identity-based.

Simplicity and Agility

Simplicity & Agility

To reduce CapEx and OpEx.
No new hardware is needed. No network reconfiguration is needed. The architecture can leverage existing switching infrastructure as policy enforcement points and integrates with platforms such as Active Directory, Fing, Okta, Ping Identity, ServiceNow, Splunk, and others, thus accelerating deployment time and reducing operational expenses

Flexible Solution Architecture



Gain complete visibility of user, device, and traffic flow behavior

Quickly deploy micro-segmentation of users, devices, and applications

Automatically on-board and off-board users and devices to apply policy just-in-time

Limit the blast radius of ransomware attacks

Meet compliance regulations

Discover, secure, and monitor unmanaged users and devices


The solution architecture can leverage pre-existing investments in switches, by turning them into intelligent policy enforcement points with the use of containers and by making use of hypervisors where edge computing is not available. Cognitive Trust passively gleans and continuously verifies the identity of devices, users, and applications traversing the corporate network to enforce policies as close to the assets as possible. It integrates with user, application, and device identity sources so organizations can very quickly gain visibility into network assets and traffic flows, assess risks, and begin building policies to secure the network from malicious network traffic.

Microsoft Active Directory
Microsoft Azure
Service Now