Identity-Based Microsegmentation: Technical Insights from Network Field Day 36 #NFD36

At Network Field Day 36 we recently showcased a deep technical dive into the evolution of microsegmentation, featuring presentations from Elisity's leadership team. What stood out wasn't just the technical architecture but the practical approach to solving a persistent challenge: only 30% of enterprises have successfully implemented microsegmentation, despite its critical role in zero trust security.

Elisity Introduction: https://youtu.be/pJDgxx2xzeE?si=mzJgx6pabSu4BXG4

The evolution of network security and its traditional network segmentation approaches that relied on VLANs, ACLs, and firewalls has served us well for decades. However, as Piotr Kupisiewicz, Elisity's CTO, pointed out during his presentation, these tools weren't designed for today's dynamic environments where lateral movement is a technique used in 70% of ransomware attacks. The real challenge isn't just technical - it's operational. When microsegmentation projects take 1-3 years to implement, security teams face an impossible choice between protection and practicality.

Elisity Origin Story: https://youtu.be/CeH7eIzmCZg?si=ju-hkkCdNcmBK6tV

The technical sessions revealed a cloud-native approach that caught the attention of network architects. The Elisity IdentityGraph™ technology demonstrates how identity and context can be leveraged at scale, automatically discovering and correlating network assets across IT and OT environments. What makes this particularly interesting for enterprise architects is the ability to integrate with existing infrastructure - from Cisco switches to Juniper and Arista network infrastructure - without requiring forklift upgrades.

A key technical innovation highlighted during the presentations was the separation of policy management from enforcement through the Elisity Cloud Control Center and Elisity Virtual Edge architecture. This approach allows enterprises to maintain existing network topologies while adding identity-based enforcement capabilities. The Elisity Virtual Edge component can be deployed as a VM or directly on supported switches like Cisco Catalyst 9000 series, providing flexibility for diverse network environments.

Real-world implementations are perhaps the most compelling technical evidence of Elisity’s promise of Microsegmentation in Weeks, Not Years, which came from details they shared on GSK's implementation. Their journey from a traditional approach, taking 2.5 years for 1.5 sites, to achieving rapid deployments across multiple sites monthly, demonstrates the practical impact of modern microsegmentation architecture. We showed how this was achieved through automated discovery, policy simulation, and granular enforcement capabilities.

Microsegmentation Challenges and Goals Across Pharmaceutical and Healthcare Industries
https://youtu.be/MuAJxvxaM8o?si=feiI1fSk531snIcC

We also shared industry-specific applications for healthcare organizations. This presentation detailed how microsegmentation addresses HIPAA and 405(d) HICP compliance while protecting critical medical devices. Manufacturing environments were shown to achieve IEC 62443 compliance without disrupting production systems. The technical sessions demonstrated policy simulation capabilities that allow teams to validate segmentation rules before enforcement - a critical feature for environments where downtime isn't an option.

How to Optimize a Microsegmentation Architecture with Elisity https://youtu.be/IMlfd1J4B4U?si=sRBtBkMdp5N4GZHu 

The Elisity Dynamic Policy Engine automatically classifies and secures IoMT devices without requiring agent installations. This addresses a significant challenge in healthcare security: protecting legacy medical devices that can't support traditional security agents.

Elisity Microsegmentation Platform Demo – Clinical Healthcare Use Cases

Technical Considerations The presentations dove deep into several key technical components:

• Identity-based policy enforcement at the network edge
• Integration with existing security tools (EDR, CMDB, IoT security platforms)
• Automated asset discovery and classification
• Policy simulation and graduated enforcement
• Traffic flow visualization for policy validation

The full Network Field Day 36 videos provide detailed technical demonstrations of these capabilities, including live policy creation and enforcement examples that security architects will find particularly valuable.

As organizations progress toward zero trust architectures, microsegmentation remains a critical but challenging component. The Network Field Day 36 presentations demonstrate how modern approaches can overcome traditional implementation barriers while maintaining enterprise-grade security controls.

For security architects and technical leaders looking to accelerate their microsegmentation initiatives, the complete Network Field Day 36 session recordings provide invaluable technical insights and implementation guidance. They're particularly relevant for healthcare and manufacturing organizations dealing with complex device ecosystems and strict compliance requirements.

Watch the full Network Field Day 36 technical sessions to dive deeper into identity-based microsegmentation architecture and implementation strategies.

Next Steps On Your Microsegmentation Journey

If you want your own demo of Elisity or just want to chat about your challenges and goals with microsegmentation, schedule a call with our team here.