Traditional network segmentation relies on VLANs, ACLs, and static firewall rules, creating complexity and security gaps. Elisity redefines segmentation with an identity-based policy model that operates across campus (wired and wireless), private and public clouds, and datacenter environments, ensuring a unified approach to security enforcement.
Unlike traditional methods, Elisity policies are dynamic and identity-driven, allowing organizations to enforce security based on users, devices, and workloads—not static IPs or network constructs. This enables:
- Consistent policy enforcement across all environments.
- Least-privilege access that follows identities wherever they go.
- Elimination of VLAN sprawl and ACL management for simpler operations.
Elisity policies provide scalability, flexibility, and Zero Trust enforcement without requiring network rearchitecture. By structuring policies around identity rather than network topology, Elisity simplifies segmentation, reduces operational overhead, and provides consistent security enforcement across hybrid environments.
Primary Components of an Elisity Policy
Elisity policies are built on two primary components: Policy Groups and Security Profiles. These define how assets are classified and how traffic is controlled between them.
Policy Groups
Policy Groups classify assets based on identity attributes and are the foundation of Elisity’s segmentation model. They fall into two main types:
- Dynamic Policy Groups – Assets are assigned automatically based on identity attributes such as user identity, device type, or cloud metadata.
- Static Policy Groups – Assets are assigned manually based on specific IP addresses or subnets.
Each Policy Group can be either:
- Global – Applied across all sites in the organization.
- Local – Limited to a specific site, with a Site Label in the Match Criteria ensuring asset matching only within that site.
Learn more about Policy Groups
Security Profiles & Policy Group Templates
Security Profiles define L3/L4 rules that govern communication between Policy Groups, including:
- Allowed and denied protocols (TCP, UDP, ICMP, etc.)
- Port-based access control
- Logging and monitoring settings
Security Profiles can be applied directly to Policy Groups or used within Policy Group Templates, which provide a standardized way to apply security rules across multiple Policy Groups.
Learn more about Security Profiles
Learn more about Policy Group Templates
These components enable scalable, identity-driven policy enforcement across Elisity-managed environments.
Next, we’ll break down how policies are represented within Elisity Cloud Control Center.
Atomized Policy View
The Elisity Cloud Control Center provides a structured interface for managing policies.
The key sections include:
1. Policy Details
-
Policy Type – Indicates if the Policy is an Allow All, Deny All, or Custom Policy. This is determined by the Security Profile.
-
Policy Status – Indicates if the policy is simulated or active.
-
Return Path Policy – Shows the linked return-path policy, if it exist.
Learn more about Simulated Policies
Learn more about Security Profiles
2. Associated Policy Set Details
-
Policy Set Name - Displays the name of the associated Policy Set.
- Policy Set Status - Shows whether this Policy Set is actively deployed to enforcement points with the status In Use or Not In Use.
3. Source and Destination Policy Groups
Defines traffic rules between:
-
Source Policy Group – Source Policy Group for the given policy (users, devices, workloads).
-
Destination Policy Group – Destination Policy Group for the given policy.
-
Policy Group Type – Static or Dynamic.
-
Matched Assets – The number of devices in the Policy Group.
Learn more about Policy Groups
4. Security Profiles and Enforcement Rules
Defines L3/L4 access control rules, including:
-
Security Profile Name
-
Rule Type (L3/L4 enforcement)
-
Allowed/Deny Rules
-
Logging Status
- Source and Destination Match Criteria
Learn more about Security Profiles
Learn more about Policy Group Templates
Policy Management Features
-
Simulation Mode – Test policies before enforcement.
-
Edit & Delete Options – Modify or remove policies.
-
Filtering & Sorting – Filter policies by rule type, protocol, or action.
Elisity Cloud Control Center ensures intuitive, scalable, and identity-driven policy enforcement across all environments.