Elisity embeds AI across the microsegmentation lifecycle — from an interactive assistant that answers questions about your network in natural language, to an ML classification engine that automatically identifies unclassified devices, to an insights engine that recommends policies and accelerates segmentation maturity.
Elisity Intelligence
Elisity Intelligence is the AI engine embedded across Cloud Control Center. It powers three integrated capabilities: the Elisity Assistant — a conversational copilot that answers questions about your network in natural language; AI Device Classification — an ML-powered engine that automatically categorizes unclassified devices using behavioral and identity evidence; and AI-Powered Insights — a recommendation system that suggests Policy Groups, security policies, and enforcement improvements based on observed network behavior. All capabilities run on private LLMs within a single-tenant architecture — your data never leaves your CCC instance and is never used for model training.
Design Principles
| Principle | Description |
|---|---|
| Private by Design | Private LLMs via AWS Bedrock in single-tenant architecture. Zero customer data used for model training. |
| Human-in-the-Loop | AI recommends. Humans decide. No autonomous policy enforcement without explicit administrator approval. |
| Human-Approved | No AI-driven changes take effect without explicit administrator review and acceptance. |
Elisity Assistant (New in 26.2)
The Elisity Assistant is a natural-language copilot embedded in Cloud Control Center, accessible from every page. It answers questions about devices, traffic, policies, and product documentation using live environment data and Elisity's support knowledge base. Available to all CCC users with no additional license or configuration — the Assistant is enabled by default. Organizations that need to opt out can disable it via Settings > System > Advanced > Insights.
Elisity Assistant — Suggested Prompts and Welcome Experience
Interaction Modes
- Prompt box — Compact input field for quick, focused questions; the default mode when opening the Assistant.
- Drawer mode — Side panel slides in from the right, keeping the current CCC page visible.
- Fullscreen mode — Dedicated view with a chat history sidebar and the full conversation area.
What You Can Ask
| Category | Topic | Example Prompt |
|---|---|---|
| Security Posture | Threats & Policy Violations | "What are the current security threats or policy violations?" |
| Device Inventory | Device Counts & Status | "Provide a summary of all devices including counts by type, status, and any that need attention." |
| Operational Awareness | Recent Network Activity | "What has happened in the network recently?" |
| Product Documentation | Configuration & How-To | "How do I configure a Policy Group with time-based access restrictions?" |
Suggested Prompts
The welcome screen displays four prompt chips for common queries: Network Status Overview, Security Posture, Device Summary, and Recent Activity.
Drawer Mode — Page-Aware Responses with Deep Links to CCC Resources
Productivity Features
- Deep links — Clicking a referenced device, policy, or Policy Group opens that resource in a new browser tab.
- Chat history — Prior conversations are listed in the fullscreen sidebar; delete individual conversations or start a new chat.
- PDF export — Conversations can be exported to PDF for record-keeping and compliance documentation.
- Response feedback — Thumbs up/down controls on each response; feedback stays within the tenant and is not used for model training.
How the Assistant Answers a Question
The Elisity Assistant follows a guided workflow that validates each question, scopes it to the user's CCC access, gathers authoritative data, and re-validates the response — removing any internal operational details or off-topic content — before it reaches the administrator.
Elisity Assistant — Request Flow
Private LLMs via AWS Bedrock · Single-tenant · RBAC-scoped
Governance Controls
- Enabled by default — No additional configuration required.
- Opt-out — Settings > System > Advanced > Insights (contact your Elisity account team).
- RBAC-aware — Responses scoped to the authenticated user's visibility.
- Tenant-isolated — Queries and responses contained within the customer's CCC instance; never shared across tenants; never used for model training.
AI Device Classification
When a device appears in IdentityGraph without a known category, Elisity Intelligence analyzes it using multiple evidence sources and proposes a classification. This reduces manual categorization effort and improves the accuracy of identity-based policy enforcement.
How It Works
| Stage | Detail |
|---|---|
| 1. Discovery | Device appears in IdentityGraph as unclassified. A cache window allows AD, CMDB, EDR, and other connectors to supply attributes before AI is invoked. |
| 2. Evidence Gathering | Multiple complementary signals are evaluated — including MAC adjacency, observed traffic patterns, and public IP ownership — to propose a category with supporting evidence. |
| 3. Classification Proposal | The engine proposes a device category (e.g., "Printer", "Medical Device", "Workstation") with the supporting evidence from one or more analysis methods. |
| 4. Human Adjudication | Administrators review the evidence and accept or reject each recommendation from the Insights dashboard or device detail page. Accepted classifications update IdentityGraph and trigger automatic Policy Group reassignment. |
Examples of evidence fields surfaced to the administrator may include similar-device counts, shared MAC prefixes, port/protocol match patterns, and traffic-volume profiles — the full set shown depends on which signals contributed to the recommendation.
Insights Engine — AI-Powered Recommendations
The Insights engine provides data-driven recommendations across four areas — surfacing identity gaps, suggesting policy groups, proposing enforcement policies, and reviewing traffic-based policy effectiveness. All recommendations are presented for human review before taking effect.
Insights Dashboard
A single dashboard surfaces all recommendations across Devices, Dynamic Policy Groups, Static Policy Groups, Policies, and Traffic Review. The dashboard displays Total Insights and Open Insights metrics, with a time-range filter (Full Time Range, Last 24 hours, Last week, Last month). Accept or Reject recommendations directly from the main table. Static Policy Group insights launch a guided subnet-assignment workflow instead of one-click accept, since CIDR configuration is required.
Insights Dashboard — Unified View of AI-Generated Recommendations
Recommendation Categories
| Category | Type | Description |
|---|---|---|
| Policy Groups | Dynamic Policy Group Suggestions | Recommends Policy Groups for unclassified devices based on category metadata. Suggestions are customized per customer vertical — Healthcare/Clinics, Manufacturing/Industrial, Corporate/Enterprise, and Education — each with genre classification (IT / IoT / OT / IoMT) and appropriate Security Levels (1–4). Order Preview shows how new groups fit into existing precedence before creation. |
| Policy Groups | Static Policy Group Suggestions | Guided workflow for creating CIDR-based Policy Groups for known infrastructure subnets — guest wireless, remote access, DHCP/DNS. Supports manual CIDR entry or bulk upload via Excel template (up to 3 MB .xlsx). Built-in CIDR format validation, duplicate prevention, and overlap detection. |
| Policies | Policy Suggestions | Recommends Allow/Deny policies between classified Policy Groups based on identity and security posture relationships. All suggested policies are placed in Simulation Mode by default — no live enforcement without explicit administrator promotion. |
| Validation | Traffic Review | After policies run in simulation, the engine evaluates observed traffic data and provides guidance on whether to promote to enforcement or continue observation. Configurable timing profiles from Aggressive (30 min) to Extended (30 days). |
Policy Suggestions — 3-Step Guided Workflow
The Policy Suggestions workflow walks administrators through a Before / After / Summary flow:
- Before — Displays the current Policy Matrix with the baseline Enforcement Score.
- After — Overlays recommended Allow/Deny policies and shows the Estimated Enforcement Score improvement. Simulated policies count 10% toward the score. Filter by impact level to focus on high- or medium-impact suggestions.
- Summary — Review list grouped by impact level; selected policies are created in Simulation Mode.
Policy Suggestions — After View with Estimated Enforcement Score
Traffic Review Timing Profiles
If a Deny All simulated policy sees no traffic, it is recommended for promotion to enforcement. Permit All and custom profiles remain in simulation for further observation.
| Profile | Security Level 1 | Security Level 2+ |
|---|---|---|
| Aggressive | 30 minutes | 1 hour |
| Standard (Default) | 2 days | 4 days |
| Conservative | 7 days | 15 days |
| Extended | 15 days | 30 days |
IdentityGraph — Input Sources for AI/ML Models
Elisity Intelligence draws from IdentityGraph — the identity aggregation engine that unifies device attributes from 25+ external sources and native network telemetry into a single authoritative identity record per device. These identity attributes are the primary input to the AI/ML classification and Insights recommendation models, enabling more accurate categorization, richer context for policy suggestions, and continuous refinement as new evidence arrives.
IdentityGraph connectors span directories, CMDBs, EDR, IoT/IoMT, OT security, vulnerability management, MDM, SIEM, and custom sources via the Open Connector framework. Elisity also natively discovers attributes through MAC OUI analysis, DHCP fingerprinting, traffic flow telemetry, and RDAP/WHOIS IP ownership data.
For the complete and current list of identity sources, see Elisity Support: Identity Sources.
Secure AI Architecture
Elisity's AI infrastructure is built on a zero-trust architecture where AI agents operate within hardened, isolated environments with no direct access to credentials, customer data stores, or the public internet. All LLM interactions are relayed through an authenticated and authorized proxy layer.
| Component | Description |
|---|---|
| Single-Tenant Isolation | Each customer receives a dedicated, isolated Cloud Control Center instance. No data commingling between organizations. AI models operate within the customer's tenant boundary. |
| Private LLMs via AWS Bedrock | All AI inference runs through private LLM instances hosted on AWS Bedrock. Customer network data, device identities, and traffic patterns are never transmitted to public AI services. |
| Zero Model Training on Customer Data | Elisity does not use customer data to train, fine-tune, or improve AI models. Your network topology, device behavior, and policy configurations remain exclusively within your CCC instance. |
Data Privacy & Governance
| Control | Implementation |
|---|---|
| AI Opt-Out | AI features are governed by the Insights toggle. Customers who have not opted in do not see the Assistant or receive AI-generated recommendations. |
| Human Approval Required | All AI-generated classifications and policy suggestions require explicit administrator acceptance before taking effect. No autonomous enforcement. |
| Audit Logging | Connection attempts, policy match events, identity classification changes, trust attribute updates, and administrative actions are logged with source device identity, destination, policy applied, action taken, and timestamp. |
| Encryption in Transit | TLS encryption on all control plane channels: CCC-to-Virtual Edge and Virtual Edge-to-VEN communications. |
| RBAC Integration | AI features respect existing Cloud Control Center role-based access controls. Insight acceptance/rejection requires appropriate permissions. |
| Data Residency | Single-tenant cloud architecture with dedicated CCC instance per customer. AI inference occurs within the customer's tenant boundary on AWS Bedrock. |