Elisity is the only cloud delivered and cloud native identity-based microsegmentation solution that offers a policy plane actionable at the edge of the network.
Thank you for your interest in Elisity Microsegmentation. Our solution aims to reduce the complexity that is commonly associated with deploy true microsegmentation in brownfield environments. With minimal prerequisites and the ability to leverage existing access-layer switching hardware, we are transforming the way dynamic edge segmentation is achieved. Elisity provides an intelligent and robust policy language based on identity and context rather than location or IP and is fully applicable to users, applications, and devices no matter who or what they are or where they might show up on the network.
Components of Elisity Cognitive Trust
The Elisity Cognitive Trust solution is a true software-defined network security platform, ensuring that the control and data plane are separate and independent of each other. Elisity has developed a robust control and policy plane that can scale at the enterprise level and provide unparalleled flexibility, performance, and security. The Elisity Cognitive Trust policy plane offers the industry the most comprehensive identity-based policy language while also achieving simplicity in its deployment and management methodology. The combined components of the Elisity architecture establish a holistic and continuously verified secure network that addresses every possible network-based vulnerability in the enterprise.
There are three primary components:
Cloud Control Center - centralized policy management, visibility, and integration console
Virtual Edge - controllers for policy enforcement points that translate data and policy between switches and Cloud Control Center.
Virtual Edge Nodes - access layer switches transformed into policy enforcement points.
Elisity Cloud Control Center
Elisity Cloud Control Center is the management, control, and policy plane for Elisity Cognitive Trust. An administrator logs into the Cloud Control Center portal to provision, manage and monitor the Elisity Cognitive Trust fabric and all identity or cloud service provider platform integrations (Active Directory, AWS, Claroty, Medigate, ServiceNow etc). Among many other things, Cloud Control Center also provides multi-domain asset discovery and identity mapping and presents identify behavior analytics to the end-user. Within this portal, the network security administrator builds advanced contextual and identity-based policies that will immediately harden the edge of the entire enterprise network. Lastly, Cloud Control Center orchestrates applying these policies across all components of the Elisity Cognitive Trust architecture through a secure TLS based control channel. A dedicated Cloud Control Center is spun up on a per-customer basis and hosted as a service by Elisity. Cloud Control Center is based on a cloud native distributed micro services architecture designed to dynamically scale horizontally to meet the scale demands of large enterprises.
Within Cloud Control Center users can leverage identity data that has been gleaned about all assets discovered on the network to easily deploy policy, using our Graphical Policy Visualization Matrix. Users can also make policy decisions based on learned traffic flows from the Traffic Visualization Matrix.
Elisity Virtual Edge
Elisity Virtual Edge is a secure virtual appliance running Elisity Cognitive Trust software to provide both east-west and north-south identity based zero trust control and microsegmentation at the network edge. Once deployed, Elisity Virtual Edge gleans identity metadata from traffic flows, collects flow analytics, and detects IT/OT/IoT/IoMT devices. This information is shared with Cloud Control Center where additional identity and policy classification occurs. Through a secure Elisity control channel, a policy is distributed to the appropriate Virtual Edges in the network which in turn is enforced using switch native functionality on the access switch closest to the endpoint.
For more information on design options for deploying Elisity Virtual Edge, click here.
Virtual Edge is the primary deployment methodology for campus and large branch customers. There are multiple ways to insert Elisity Virtual Edge into your network. Those methods consist of hosting the software directly on switches using the native built in application hosting functionality, or hosting the software as a VM on your hypervisor of choice and onboarding switches to the Virtual Edge VM. Elisity Virtual Edge (switch hosted) is a container-based solution that allows an organization to run Elisity Cognitive Trust software directly on edge switches or aggregation layer switches deployed across the enterprise network. Virtual Edge can be installed on supported network switches with application hosting capabilities (i.e., Cisco, Extreme Networks, Arista, etc.). Virtual Edge VM (hypervisor hosted) can be run as a VM anywhere in the network with control and data connections to compatible switches. The Virtual Edge code can glean identity metadata, learn device/user/application behavior and configure switch native access controls based on Elisity Policy.
Elisity Virtual Edge Node
Elisity can transform your supported switches into policy enforcement points with minimal friction. All you need to begin onboarding Virtual Edge Nodes (VENs) is a Virtual Edge deployed anywhere in your network with connectivity to the switches you want to onboard. It's then as simple as loading a few required configurations on the switch, and inputting the network address and credentials for your desired switches. Many Virtual Edge Nodes can be "controlled" by the same Virtual Edge, and you can onboard many VENs with one click using bulk-onboarding functionality. The flexibility and ease of deployment using this model is unparalleled, and many of our customers are surprised at just how easy and fast it is to deploy Elisity.
Learn more about Virtual Edge Nodes by reading any of these articles.