Maximum microsegmentation tasks fail earlier than they even get off the bottom—too complicated, too gradual, too disruptive. However Andelyn Biosciences proved it does not need to be that means.
Microsegmentation: The Lacking Piece in 0 Consider Safety
Safety groups lately are beneath consistent drive to shield towards more and more refined cyber threats. Perimeter-based defenses by myself can now not supply enough coverage as attackers shift their center of attention to lateral motion inside of venture networks. With over 70% of a hit breaches involving attackers transferring laterally, organizations are rethinking how they protected interior visitors.
Microsegmentation has emerged as a key technique achieve 0 Consider safety by means of limiting get admission to to vital property in response to identification slightly than community location. Then again, conventional microsegmentation approaches—incessantly involving VLAN reconfigurations, agent deployments, or complicated firewall laws—have a tendency to be gradual, operationally disruptive, and hard to scale.
For Andelyn Biosciences, a freelance construction and production group (CDMO) that specialize in gene remedies, securing its pharmaceutical analysis and production environments was once a most sensible precedence. However with 1000’s of IT, IoT, and OT units working throughout interconnected networks, a traditional segmentation means would have presented unacceptable complexity and downtime.
First of all, Andelyn decided on a community get admission to keep watch over (NAC) strategy to deal with those demanding situations. Then again, after nearly two years into an implementation with top operational overhead and an incapacity to successfully scale segmentation, the safety group become annoyed with the loss of growth. The complexity of agent-based enforcement and guide coverage control made it tough to conform the strategy to Andelyn’s hastily evolving setting.
In the end, they made up our minds to pivot to Elisity’s identity-based microsegmentation answer, enabling them to hastily put in force least-privilege get admission to insurance policies with out requiring {hardware} adjustments or community redesign.
Watch the Digital Case Find out about Replay
Listen from Bryan Holmes, VP of Data Generation at Andelyn Biosciences, and Pete Doolittle, Leader Buyer Officer, Elisity to find how a contemporary option to microsegmentation speeds up 0 Consider adoption from years to weeks.
Bryan stocks their adventure from preliminary deployment to managing 2,700 lively safety insurance policies—all with out disrupting operations or requiring new {hardware} or community configurations.
Watch Now to Be told:
- Sensible methods for enforcing microsegmentation throughout IT and OT environments with out disrupting vital pharmaceutical production and analysis operations.
- The way to boost up 0 Consider tasks by means of leveraging identity-based safety insurance policies that offer protection to highbrow assets, be certain regulatory compliance, and protected medical trial information.
- The way to get real-world insights on scaling from preliminary proof-of-concept to enterprise-wide deployment the usage of automatic discovery, the Elisity IdentityGraph™, and dynamic coverage enforcement.
Watch the Complete Case Find out about Right here
The Problem: Securing a Complicated, Prime-Stakes Surroundings
The pharmaceutical business faces distinctive safety demanding situations. Analysis and production amenities space vital highbrow assets and should conform to strict regulatory necessities, together with NIST 800-207 and IEC 62443. At Andelyn, safety leaders had been more and more involved concerning the dangers posed by means of a flat community structure, the place customers, units, and workloads shared the similar infrastructure.
In spite of conventional perimeter defenses, this construction left Andelyn liable to unauthorized get admission to and lateral motion. The safety group confronted a number of key demanding situations:
- Loss of whole visibility into all attached units, together with unmanaged IoT and OT property.
- The will for segmentation with out disrupting operations in extremely delicate analysis environments.
- Compliance pressures requiring fine-grained get admission to controls with out expanding administrative overhead.
Bryan Holmes, VP of IT at Andelyn Biosciences, knew that conventional segmentation fashions would not paintings. Deploying community get admission to keep watch over (NAC) answers or rearchitecting VLANs would have required important downtime, impacting vital analysis and manufacturing timelines.
“We would have liked a microsegmentation answer that would supply rapid visibility, put in force granular safety insurance policies, and accomplish that with out requiring an enormous community overhaul,” Holmes defined.
The Elisity Method: Identification-Based totally Segmentation With out Complexity
In contrast to legacy segmentation answers, Elisity’s means does no longer depend on VLANs, firewall laws, or agent-based enforcement. As a substitute, it applies identity-based safety insurance policies dynamically, the usage of the present community switching infrastructure to put in force least-privilege get admission to.
On the core of Elisity’s platform is the Elisity IdentityGraph™, which correlates metadata from Energetic Listing, endpoint detection and reaction (EDR) answers like CrowdStrike, and CMDB techniques to create a real-time map of customers, workloads, and units. This visibility allows organizations to put in force insurance policies in response to identification, conduct, and menace—slightly than static community constructs.
For Andelyn, this intended they might succeed in complete community visibility and enforce segmentation in weeks slightly than months or years, with out operational disruption.
Deployment: From Visibility to Coverage Enforcement in Weeks
Andelyn’s segmentation adventure started with complete community discovery. Elisity’s platform passively recognized all customers, workloads, and units throughout IT and OT environments, together with in the past unmanaged property. Inside days, safety groups had an entire stock, enriched with metadata to resolve which property had been relied on, unknown, or doubtlessly rogue.
Subsequent, Andelyn moved to coverage modeling and simulation, the usage of Elisity’s “no-fear” dynamic coverage introduction engine. As a substitute of implementing insurance policies instantly, safety groups simulated segmentation laws to verify they wouldn’t disrupt vital workflows.
As soon as validated, insurance policies had been progressively activated—first in lower-risk environments and later throughout manufacturing techniques. As a result of Elisity’s platform does no longer require reconfiguring community infrastructure, enforcement was once seamless.
“We had been in a position to transport from tracking mode to complete coverage activation in a fragment of the time we anticipated,” Holmes famous. “And we did it with out disrupting analysis or production operations.”
The Effects: More potent Safety With out Added Complexity
With 2,700 lively safety insurance policies now in position, Andelyn has considerably progressed its 0 Consider adulthood whilst making sure compliance with business rules.
By way of making use of identity-based microsegmentation, the corporate has:
- Averted unauthorized lateral motion, decreasing the prospective blast radius of a breach.
- Secure pharmaceutical analysis information and highbrow assets from insider threats and exterior assaults.
- Diminished operational overhead, as segmentation insurance policies are dynamically enforced with out the will for consistent guide updates.
- Streamlined compliance reporting, aligning with NIST 800-207 and IEC 62443.
In contrast to conventional approaches that depend on static get admission to lists or require devoted segmentation {hardware}, Elisity’s platform steadily adapts as customers, workloads, and units transfer around the community. Insurance policies are cloud-managed and dynamically up to date in response to real-time insights from the Elisity IdentityGraph™, making sure safety stays efficient at the same time as threats evolve.
The Long run: Scaling Microsegmentation Around the Endeavor
Following the luck of its preliminary deployment, Andelyn is now increasing microsegmentation insurance policies to further websites and use instances. The power to put in force least-privilege get admission to dynamically, with out requiring primary community adjustments, has made Elisity an very important a part of the corporate’s safety technique.
For different organizations going through identical demanding situations, Holmes provides a transparent advice:
“Get started with visibility. You’ll be able to’t offer protection to what you do not see. From there, center of attention on modeling insurance policies earlier than enforcement. The power to simulate insurance policies first was once a game-changer for us.”
Microsegmentation is incessantly noticed as a posh, multi-year initiative that calls for important funding and operational disruption. Andelyn Biosciences’ case proves in a different way—with the correct means, organizations can succeed in 0 Consider segmentation in weeks, no longer years.
In case your segmentation challenge has stalled—or worse, by no means in point of fact began—there is a higher means. See how identity-based microsegmentation can boost up 0 Consider to your group. [Request a Demo Here]