To difficult, too slow, and too disruptive are the main causes of microsegmentation projects ‘ failure before they even begin. But Andelyn Biosciences demonstrated that this is not necessarily the case.
The missing component of Zero Trust Security is microsegmentation.
Today, security teams are constantly under increasing pressure to protect against advanced cyberattacks. As intruders shift their focus to lateral movement within organization networks, perimeter-based threats alone can no longer provide adequate protection. Companies are rethinking how to secure inside traffic with over 70 % of powerful breaches involving attackers moving laterally.
By restricting access to crucial property based on personality rather than channel location, microsegmentation has emerged as a crucial strategy for achieving Zero Trust protection. Standard microsegmentation techniques, which frequently involve VLAN reconfigurations, broker deployments, or complex firewall rules, tend to be delayed, destructive, and challenging to scale.
Securing its pharmaceutical research and manufacturing environments was a top priority for Andelyn Biosciences, a contract development and manufacturing company ( CDMO ) specializing in gene therapies. However, a traditional segmentation strategy may have introduced undesirable difficulty and downtime with hundreds of IT, IoT, and OT products operating across interconnected networks.
To address these issues, Andelyn initially chose a network access control ( NAC ) option. The protection team became irritated with the lack of progress after about two years of an implementation with large operational overhead and an inability to scale segmentation. It was challenging to adapt the solution to Andely n’s rapidly changing environment due to the complexity of agent-based enforcement and manual policy management.
In the end, they made the decision to switch to Elisity’s identity-based microsegmentation option, which would allow them to quickly implement least-privilege access regulations without having to change the network or hardware.
Enjoy the replay of the online case study
To learn how a cutting-edge method of microsegmentation speeds up Zero Trust adoption, hear from Andelyn Biosciences ‘ Bryan Holmes, vice president of information technology, and Pete Doolittle, vice president of customer service, Elisity.
Bryan describes their journey from their first deployment to overseeing 2,700 active security policies without compromising business or putting in new hardware or network configurations.
Watch Then to Learn:
- Functional methods for implementing microsegmentation across IT and OT situations without compromising crucial pharmaceutical manufacturing and research activities.
- How to use identity-based protection plans to boost Zero Trust activities and make sure regulatory compliance, clinical trial data, and intellectual property protection are protected.
- How to use automatic discovery, the Elisity IdentityGraphTM, and active policy police to gain real-world insights on scaling from first proof-of-concept to enterprise-wide deployment.
See the Full Case Study Ok.
The Problem: Creating a Complex, High-Stakes Environment
Special safety challenges confront the medical sector. Important intellectual property is housed in research and production facilities that must abide by stringent regulatory standards, including those set forth in NIST 800-207 and IEC 62443. Security officials at Andelyn were becoming more concerned about the dangers posed by a smooth network architecture, which shared users, products, and workloads across the same facilities.
This structure left Andelyn prone to lateral movement and unauthorized access despite its traditional perimeter defenses. The safety staff had to deal with a number of significant difficulties:
- Lack of complete control over all connected devices, including uncontrolled IoT and OT property.
- the need to segment research that is extremely vulnerable without affecting functions.
- Compliance requirements that don’t require more operational work.
Andelyn Biosciences ‘ VP of IT Bryan Holmes was aware that conventional classification models were ineffective. Significant downtime would have had to be used to deploy network access control ( NAC ) solutions or to reconfigure VLANs, which would have affected important research and production deadlines.
” We needed a microsegmentation option that could uphold granular security standards without requiring a significant community overhaul,” Holmes said.
Identity-Based Categorization Without Complexity: The Elisity Approach
Elisity’s approach, in contrast to traditional classification solutions, doesn’t depend on VLANs, network regulations, or agent-based enforcement. Instead, it uses the existing community switching facilities to maintain least-privilege access and automatically applies identity-based security policies.
The Elisity IdentityGraphTM, which combines metadata from Active Directory, endpoint detection and response ( EDR) solutions like CrowdStrike and CMDB systems to create a real-time map of users, workloads, and devices, forms the foundation of Elisity’s platform. Organizations can implement policies based on identity, behaviour, and risk rather than stable network designs thanks to this visibility.
Andelyn was able to utilize classification without functional disturbance and have complete system presence in weeks rather than months or years.
From Visibility to Policy Enforcement in Weeks
Andely n’s journey to segmentation began with thorough network analysis. All customers, workloads, and devices from IT and OT environments, including earlier unmanaged assets, were quietly identified by Elisity’s platform. Security teams were able to identify which assets were trusted, mysterious, or possible rogue with a complete inventory that was later enriched with metadata.
Then Andelyn moved on to using Elisity’s “no-fear” active plan creation engine for policy modeling and simulation. Security teams simulated classification rules to prevent them from compromising crucial workflows, rather than imposing rules right away.
Policies were eventually activated once they had been validated, first in low-risk environments and then across manufacturing systems. Protection was smooth because Elisity’s system doesn’t call for reconfiguring network infrastructure.
In a much shorter amount of time than we had anticipated, Holmes noted,” we were able to transition from monitoring mode to complete policy activation.” And we did it without affecting the company’s study or production processes.
The outcomes: Stronger safety without more difficulty
Andelyn has tremendously increased its with the addition of 2,700 effective security policies, keeping up with industry standards.
The business has:
- Reduced the probable fire radius of a breach by preventing unauthorized lateral movement.
- Secured intellectual property and data for medicinal research from insider threats and outside intrusions.
- Reduced operating costs because segmentation policies are automatically implemented without the need for repeating mechanical changes.
- Improved conformity reporting that is in line with NIST 800-207 and IEC 62443.
Elisity’s program consistently adapts as users, workloads, and devices move across the channel, in contrast to traditional methods that rely on dynamic entry lists or require dedicated classification equipment. Security remains powerful as threats grow, thanks to cloud-managed and dynamic updates made based on Elisity IdentityGraphTM’s real-time insights.
The Future: Embracing Microsegmentation at the Venture Level
Andelyn is today expanding its microsegmentation policies to more sites and use cases in response to the success of its original deployment. Elisity has become a crucial component of the company’s security strategy because of the ability to automatically impose least-privilege access without altering significant networks.
Holmes makes a strong recommendation for various businesses that are dealing with similar issues:
” Start with presence.” You can’t keep what you don’t notice protected. From there, put your focus on influencing guidelines before implementing them. The ability to first model policies changed our game.
Microsegmentation is frequently thought of as a complex, multi-year program that necessitates substantial investment and administrative disruption. The case of Andelyn Biosciences demonstrates that with the proper strategy, businesses can attain Zero Trust classification in weeks, not years.
There is a better way to proceed if your categorization project has fallen behind or, worse, not really begun. Discover how identity-based microsegmentation can help your business achieve zero respect. Request a Demo Here [ Request a Demo]