Most microsegmentation tasks fail earlier than they even get off the bottom—too complicated, too gradual, too disruptive. However Andelyn Biosciences proved it would not must be that method.
Microsegmentation: The Lacking Piece in Zero Belief Safety
Safety groups as we speak are underneath fixed stress to defend in opposition to more and more subtle cyber threats. Perimeter-based defenses alone can now not present enough safety as attackers shift their focus to lateral motion inside enterprise networks. With over 70% of profitable breaches involving attackers transferring laterally, organizations are rethinking how they safe inner site visitors.
Microsegmentation has emerged as a key technique in attaining Zero Belief safety by proscribing entry to crucial property based mostly on id reasonably than community location. Nevertheless, conventional microsegmentation approaches—usually involving VLAN reconfigurations, agent deployments, or complicated firewall guidelines—are usually gradual, operationally disruptive, and troublesome to scale.
For Andelyn Biosciences, a contract growth and manufacturing group (CDMO) specializing in gene therapies, securing its pharmaceutical analysis and manufacturing environments was a prime precedence. However with 1000’s of IT, IoT, and OT units working throughout interconnected networks, a traditional segmentation strategy would have launched unacceptable complexity and downtime.
Initially, Andelyn chosen a community entry management (NAC) resolution to handle these challenges. Nevertheless, after nearly two years into an implementation with excessive operational overhead and an incapacity to successfully scale segmentation, the safety workforce grew to become pissed off with the dearth of progress. The complexity of agent-based enforcement and guide coverage administration made it troublesome to adapt the answer to Andelyn’s quickly evolving surroundings.
In the end, they determined to pivot to Elisity’s identity-based microsegmentation resolution, enabling them to quickly implement least-privilege entry insurance policies with out requiring {hardware} modifications or community redesign.
Watch the Digital Case Research Replay
Hear from Bryan Holmes, VP of Info Know-how at Andelyn Biosciences, and Pete Doolittle, Chief Buyer Officer, Elisity to find how a contemporary strategy to microsegmentation accelerates Zero Belief adoption from years to weeks.
Bryan shares their journey from preliminary deployment to managing 2,700 energetic safety insurance policies—all with out disrupting operations or requiring new {hardware} or community configurations.
Watch Now to Study:
- Sensible methods for implementing microsegmentation throughout IT and OT environments with out disrupting crucial pharmaceutical manufacturing and analysis operations.
- How one can speed up Zero Belief initiatives by leveraging identity-based safety insurance policies that defend mental property, guarantee regulatory compliance, and safe medical trial information.
- How one can get real-world insights on scaling from preliminary proof-of-concept to enterprise-wide deployment utilizing automated discovery, the Elisity IdentityGraph™, and dynamic coverage enforcement.
Watch the Full Case Study Here
The Problem: Securing a Complicated, Excessive-Stakes Setting
The pharmaceutical trade faces distinctive safety challenges. Analysis and manufacturing amenities home crucial mental property and should adjust to strict regulatory necessities, together with NIST 800-207 and IEC 62443. At Andelyn, safety leaders have been more and more involved in regards to the dangers posed by a flat community structure, the place customers, units, and workloads shared the identical infrastructure.
Regardless of conventional perimeter defenses, this construction left Andelyn weak to unauthorized entry and lateral motion. The safety workforce confronted a number of key challenges:
- Lack of full visibility into all related units, together with unmanaged IoT and OT property.
- The necessity for segmentation with out disrupting operations in extremely delicate analysis environments.
- Compliance pressures requiring fine-grained entry controls with out growing administrative overhead.
Bryan Holmes, VP of IT at Andelyn Biosciences, knew that conventional segmentation fashions would not work. Deploying community entry management (NAC) options or rearchitecting VLANs would have required vital downtime, impacting crucial analysis and manufacturing timelines.
“We wanted a microsegmentation resolution that would present speedy visibility, implement granular safety insurance policies, and achieve this with out requiring an enormous community overhaul,” Holmes defined.
The Elisity Strategy: Id-Primarily based Segmentation With out Complexity
In contrast to legacy segmentation options, Elisity’s strategy doesn’t depend on VLANs, firewall guidelines, or agent-based enforcement. As a substitute, it applies identity-based safety insurance policies dynamically, utilizing the present community switching infrastructure to implement least-privilege entry.
On the core of Elisity’s platform is the Elisity IdentityGraph™, which correlates metadata from Lively Listing, endpoint detection and response (EDR) options like CrowdStrike, and CMDB techniques to create a real-time map of customers, workloads, and units. This visibility permits organizations to implement insurance policies based mostly on id, conduct, and threat—reasonably than static community constructs.
For Andelyn, this meant they might obtain full community visibility and implement segmentation in weeks reasonably than months or years, with out operational disruption.
Deployment: From Visibility to Coverage Enforcement in Weeks
Andelyn’s segmentation journey started with complete community discovery. Elisity’s platform passively recognized all customers, workloads, and units throughout IT and OT environments, together with beforehand unmanaged property. Inside days, safety groups had a whole stock, enriched with metadata to find out which property have been trusted, unknown, or probably rogue.
Subsequent, Andelyn moved to coverage modeling and simulation, utilizing Elisity’s “no-fear” dynamic coverage creation engine. As a substitute of implementing insurance policies instantly, safety groups simulated segmentation guidelines to make sure they’d not disrupt crucial workflows.
As soon as validated, insurance policies have been regularly activated—first in lower-risk environments and later throughout manufacturing techniques. As a result of Elisity’s platform doesn’t require reconfiguring community infrastructure, enforcement was seamless.
“We have been in a position to transfer from monitoring mode to full coverage activation in a fraction of the time we anticipated,” Holmes famous. “And we did it with out disrupting analysis or manufacturing operations.”
The Outcomes: Stronger Safety With out Added Complexity
With 2,700 energetic safety insurance policies now in place, Andelyn has considerably improved its Zero Trust maturity whereas guaranteeing compliance with trade rules.
By making use of identity-based microsegmentation, the corporate has:
- Prevented unauthorized lateral motion, lowering the potential blast radius of a breach.
- Protected pharmaceutical analysis information and mental property from insider threats and exterior assaults.
- Lowered operational overhead, as segmentation insurance policies are dynamically enforced with out the necessity for fixed guide updates.
- Streamlined compliance reporting, aligning with NIST 800-207 and IEC 62443.
In contrast to conventional approaches that depend on static entry lists or require devoted segmentation {hardware}, Elisity’s platform constantly adapts as customers, workloads, and units transfer throughout the community. Insurance policies are cloud-managed and dynamically up to date based mostly on real-time insights from the Elisity IdentityGraph™, guaranteeing safety stays efficient at the same time as threats evolve.
The Future: Scaling Microsegmentation Throughout the Enterprise
Following the success of its preliminary deployment, Andelyn is now increasing microsegmentation insurance policies to extra websites and use instances. The power to implement least-privilege entry dynamically, with out requiring main community modifications, has made Elisity a vital a part of the corporate’s safety technique.
For different organizations going through related challenges, Holmes presents a transparent suggestion:
“Begin with visibility. You’ll be able to’t defend what you do not see. From there, give attention to modeling insurance policies earlier than enforcement. The power to simulate insurance policies first was a game-changer for us.”
Microsegmentation is commonly seen as a fancy, multi-year initiative that requires vital funding and operational disruption. Andelyn Biosciences’ case proves in any other case—with the fitting strategy, organizations can obtain Zero Belief segmentation in weeks, not years.
In case your segmentation mission has stalled—or worse, by no means actually began—there’s a greater method. See how identity-based microsegmentation can speed up Zero Belief in your group. [Request a Demo Here]
Source link