There is an explosion of IoT devices on campuses and branches, many of which are unmanaged, that have visibility and access to IT devices. Furthermore, certain user groups, such as contractors and third-party vendors, should not have access to certain mission-critical applications. Shadow IT is on the rise and so is the threat of ransomware, which has graduated past local machine exploitation and can now spread payloads laterally across the corporate network. Breaches typically remain undetected for over 200 days on average, and when they are detected it is usually too late: the ransomware payload had spread and detonated exfiltrating and encrypting data. With the attack surface at campuses and branches growing exponentially, risk has become impossible to manage effectively and efficiently using traditional network security controls that require endless IP grooming and network reconfigurations on site.
Elisity elegantly addresses the network security concerns around lateral movement through a cloud-delivered software-first platform. Elisity Cognitive Trust delivers fast and simple identity-based microsegmentation and least privilege access of users, devices, and applications, with policies enforced at OSI L2, L3, and L4, leveraging existing switching infrastructure, user identity providers, and device telemetry sources.
“Elisity deployed into the first facility and started enforcing policies in only 24 hours. The integration with our existing identity providers was a breeze. There were no downtimes during deployment. It did not even matter that we were in the midst of a refresh of our switching infrastructure. That agility and speed are truly astonishing by any standards.”
Chief Information Security Officer
To reduce the attack surface.
Reduces risk by automatically discovering, classifying, and applying least privilege access policy to users, applications, IoT, and IT devices, including assets previously not managed in the network, thus isolating shadow IT and rogue devices from the corporate network.
To contain breaches
Minimizes the impact of breaches by keeping malicious traffic from moving laterally in the corporate network and by enabling continuous threat detection. Security and networking defined by type of asset rather than lPs and ports, with simple policies that are identity-based.
The solution architecture can leverage pre-existing investments in switches, by turning them into intelligent policy enforcement points with the use of containers and by making use of hypervisors where edge computing is not available. Cognitive Trust passively gleans and continuously verifies the identity of devices, users, and applications traversing the corporate network to enforce policies as close to the assets as possible. It integrates with user, application, and device identity sources so organizations can very quickly gain visibility into network assets and traffic flows, assess risks, and begin building policies to secure the network from malicious network traffic.