Based in San Jose, Elisity is a customizable microsegmentation platform for network security that leverages identity to build segments for its customers’ OT, IT, and IoMT networks at scale, helping them to achieve Zero Trust security. Founded in 2018 by industry veterans from leading Silicon Valley security and networking companies, Elisity was created to redefine enterprise security by separating protection and access from rigid, underlying network constructs.
Director of Product Management Dana Yanch works on a core component of the Elisity platform known as Elisity IdentityGraph™, which enables customers to leverage identity signals from across the enterprise environment. Elisity IdentityGraph™ aggregates these signals into a single system; builds policy to segment critical assets, users, and workloads; and then distributes and enforces that policy across the environment through Elisity’s control plane. Part of Yanch’s role includes keeping Elisity up to date with API sets, migrating to newer generations of APIs, and helping engineering teams implement these changes efficiently.
The Challenge
A core function of Elisity IdentityGraph™ is reconciling identity signals from users, workloads, devices, medical equipment, and industrial assets like programmable logic controllers and human-machine interfaces across the enterprise. While Elisity natively discovers assets and learns basic information about them, it lacked deep visibility into the threat landscape, vulnerability data, and detailed component level data. Specifically, Elisity did not have access to attributes such as risk score, the Purdue model for industrial control system security, serial number, firmware version, or known vulnerabilities. These detailed attributes are critical for enriching asset context and building effective policy.
Many of Elisity’s customers were already Armis customers and had built asset segmentation models using Armis Centrix™ data. These customers wanted the ability to build policy around Armis-specific attributes such as Armis tiers, boundaries, and others. Rebuilding asset groups and policies from scratch would introduce significant friction, and Elisity recognized the value customers place on using a standardized, trusted set of attributes. Integrating with Armis Centrix™ allows Elisity to identify the assets with the highest risk and use that knowledge to put protections in place such as network segmentation, granular LPA, and policies. To support this, integration with Armis Centrix™ was essential.
To deliver the enriched asset intelligence their customers were asking for, Elisity needed access to Armis Centrix™ data. That access came through the Armis API framework—now centralized and expanded through the Armis Developer Portal.
Challenges
-
Enriching native data with more granular asset data -
Mapping Elisity data to Armis Centrix™ - specific attributes already in use by customers
-
Building policy around standardized, customer-recognized attributes
-
Avoiding redefinition of existing asset groups and policies
Results
-
Increased customer satisfaction through highly valuable integration -
Allowed customers to use Armis Centrix™ data directly to enforce policy
-
Ensured existing Armis Centrix™ segments map cleanly to Elisity policy
-
Supported English-language policy creation within Elisity
-
Increased the value of both the Elisity and Armis platforms
-
Eliminated the need for post-release rework
