Microsegmentation Case Study: How Andelyn Biosciences Accelerated Zero Trust in Weeks, Not Years

Real-World Success: A Pharmaceutical Manufacturer's Journey to Effective Microsegmentation

"We made it further in the first two days of the [Elisity] POC than we did in the first two years of deployment [with Forescout] previous to that." This striking admission from Bryan Holmes, VP of Information Technology at Andelyn Biosciences, captures the dramatic transformation in their microsegmentation journey. In a recent virtual discussion, Holmes detailed how his organization pivoted from a stalled security initiative to successfully implementing over 2,700 microsegmentation policies within weeks—a feat many security leaders consider nearly impossible. For CISOs and security architects struggling with their own microsegmentation projects, this case study offers a roadmap to accelerating Zero Trust adoption without disrupting critical operations.

The Challenge: Visibility and Convergence in a Manufacturing Environment

For Andelyn Biosciences, a full-service cell and gene therapy CDMO focused on the development, characterization and production of viral vectors for gene therapy, security isn't just about protecting data—it's about ensuring patient safety. As they built new manufacturing facilities in 2020-2021, they needed a solution that could handle the convergence of IT, IoT, and OT devices on a single network infrastructure.

"We had a greenfield opportunity for our ecosystem," explained Holmes. "One of our guiding principles was to have things designed with security in mind...we wanted to go with a zero trust approach and microsegmentation being a key component of that upfront."

The stakes were exceptionally high, given their industry. Holmes noted, "If we have something that happens in a batch fails because of a security incident, those batches can take upwards of four or five, six weeks to produce... there's really downstream patient impact."

The Search: Forescout Implementation Falls Short

Initially, Andelyn Biosciences attempted to implement microsegmentation with Forescout, but encountered significant challenges that will sound familiar to many security leaders.

"What we found as we started putting all these pieces together of the puzzle was not everything played as nicely together as we had hoped, from whiteboard sessions and design sessions, and other things," Holmes explained. "The management of Forescout ended up being something that we were never actually able to get over the hump. So it became a strategic solution and desire for us from a security perspective, but it was very heavy for us to manage, and achieve the value proposition that we had hoped to achieve."

This experience mirrors what many organizations face—a recent poll during the webinar revealed that 60% of security professionals feel their microsegmentation initiatives are "taking forever."

Evaluation Process: Finding a Better Way

After reassessing their approach, Andelyn conducted a proof of concept with Elisity's microsegmentation platform. The results were immediate and compelling.

"I think we made it further in the first two days of the POC than we did in the first two years of deployment previous to that," Holmes stated.

What differentiated this approach was the platform's ability to:

1. Discover and classify all devices on the network (managed, unmanaged, wired, wireless, IT, IoT, and OT)
2. Correlate device information across multiple systems like Active Directory and CrowdStrike
3. Provide clear visualization and simulation capabilities for policy testing
4. Leverage existing network infrastructure without requiring new hardware or agents

Implementation: Customer Success-Driven Approach

Pete Doolittle, Chief Customer Officer at Elisity, emphasized how their customer success methodology played a crucial role in Andelyn's implementation:

"After signing the contract, we had discussions about the 90-day goal to have policies up and completed. We're not going to let customers off the hook and not have policies in. We have weekly meetings, sessions, and technical expertise making sure customers are getting the value out of the solution versus it being a pump and dump type of sale."

This hands-on approach includes:

• Policy workshops to establish security objectives
• Simulation-based testing to prevent disruptions
• Certification training for team members
• Weekly check-ins to ensure continuous progress

Holmes confirmed the value of this approach: "I can't speak highly enough about that initial engagement. The ease of implementation and getting to the point of being able to create and implement the policies was something unheard of."

Results: Comprehensive Security without Operational Disruption

Within 90 days, Andelyn Biosciences achieved:

• Complete visibility of all IT/OT/IoT network assets
• Network flow evaluation between all device groups
• Active security policies implemented without disruption or downtime
• Limited operational overhead for ongoing management

The business impact extended beyond security improvements. "Our cyber strategy becomes a competitive differentiator for us as people want to come to us and make sure that we have the resilience built up in our network and infrastructure," Holmes shared. "We're going to be able to use this as a selling point to our customers."

Holmes also noted benefits for cyber insurance: "From our cyber insurance side of it, why we feel better about that... there's all different areas where you can now start to really quantify the impact of having a solution like this in place."

Key Takeaways from This Microsegmentation Case Study

For organizations struggling with their own microsegmentation initiatives, several lessons emerge:

1. Visibility First: Complete network visibility is foundational for effective segmentation
2. Test Before Enforcement: Simulation capabilities prevent business disruptions
3. Leverage Existing Infrastructure: Modern solutions can work with your current network equipment
4. Phased Implementation: Build confidence through incremental policy deployment

As Holmes advised webinar attendees, "If you're on this webinar, it's a great first step... you're challenging the status quo. You're challenging either your existing solutions, your existing vendors, or whatever is there. And you're not comfortable with the old way of working."

For security leaders looking to accelerate their Zero Trust journey while minimizing operational disruption, this microsegmentation case study demonstrates that the long-promised benefits of microsegmentation are finally achievable—in weeks, not years.

To watch the complete discussion and learn more detailed implementation strategies from this microsegmentation case study, visit the webinar recording on Elisity's website.