Request Demo
Solution Brief
Menu
Blog
Go to my account
Request Demo
Get Elisity Free

Elisity® Cognitive Trust™ in Manufacturing Plants

Microsegmentation and Least Privilege Access implemented with speed and simplicity

Digital transformation initiatives require more than integrating production control systems (OT), business systems (IT), and next-generation IoT/IIoT technology realms. The need to integrate internal and external data, systems, and users seamlessly without compromising security in the age of ransomware and advanced persistent threats, creates the first, true zero trust industrial environment.

The Purdue model to secure industrial systems is aging fast. While critical systems in OT environments have historically been air-gapped, those isolated networks are still at risk from insider threats and exposed to lateral movement within their perimeters. But air-gapped networks are disappearing fast. To compete in an increasingly dynamic and disruptive world, businesses in the Manufacturing sector are shaping and securing a digital platform that is purpose-built to power the organization’s manufacturing and supply chain needs. Under this digital transformation, customer, business, and production
processes become interconnected to create the visibility, intelligent automation, and operational insights required to stay competitive. As a result, air-gapped networks are being replaced by a new hybrid and complex environment that poses new and hybrid security challenges. These cannot be addressed by retrofitting legacy network security controls that run on implicit trust.

  • Firewalls provide only limited visibility
  • VRFs provide only partial fixes
  • ACLs and NACs are a time-consuming and inefficient control

ect-on-laptop-policy-view-2Elisity elegantly addresses the network security concerns around lateral movement through a cloud-delivered software-first platform. Elisity Cognitive Trust delivers fast and simple identity-based microsegmentation and least privilege access of users, devices, and applications, with policies enforced at OSI L2, L3, and L4, leveraging existing switching infrastructure, user identity providers, and device telemetry sources.

What Our Customers Are Saying.

“Over the last 10 years, we have seen an increase in operational technology connecting to the corporate network, expanding the attack surface. No other vendor can provide the network visibility, telemetry, intelligence, and microsegmentation required to effectively accelerate the time to reduce risk in both greenfield and brownfield environments.

GSK-LogoMichael Elmore
Chief Information Security Officer

33% of the Typical Deployment Time at 25% of the Usual Cost

manufacturing-2

Visibility

To reduce the attack surface.
Reduces risk by automatically discovering, classifying, and applying least privilege access policy to users, applications, and IoT, IIoT, OT, and IT devices, including assets previously not managed in the network, thus isolating shadow IT and rogue devices from the OT network.

manufacturing-3

Control

To contain breaches
Minimizes the impact of breaches by keeping malicious traffic from moving laterally in the OT network and by enabling continuous threat detection. Security and networking defined by type of asset rather than lPs and ports, with simple policies that are identity-based.

manufacturing

Simplicity & Agility

To reduce CapEx and OpEx.
No new hardware is needed. No network reconfiguration is needed. The architecture can leverage existing switching infrastructure as policy enforcement points and integrates with platforms such as Active Directory, Okta, ServiceNow, Claroty, and others, thus accelerating deployment time and reducing operational expenses

Flexible Solution Architecture

architecture-diagram-industrial-2

 

Gain complete visibility of user, device, and traffic flow behavior

Quickly deploy micro-segmentation of users, devices, and applications

Secure the convergence of OT and IT networks

Limit the blast radius of ransomware attacks

Meet compliance regulations

Discover, secure, and monitor unmanaged users and devices

Integrations

The solution architecture can leverage pre-existing investments in Cisco, Dell, Extreme, and other vendor switches, by turning them into intelligent policy enforcement points with the use of containers, and making use of hypervisors where edge computing is not available. Cognitive Trust passively gleans, and continuously verifies, the identity of devices, users, and applications traversing the OT network, to enforce policies as close to the industrial assets as possible. It integrates with user, application, and device identity sources so organizations can very quickly gain visibility into network assets and traffic flows, assess risks, and begin building policies, to secure manufacturing operations from malicious network traffic.

Microsoft Active Directory
AWS
Microsoft Azure
Claroty
Fing
medigate-logo-full
Okta
Ping Identity
Service Now
Virta Labs