Most microsegmentation projects fail before they get off the ground. This is complicated, too slow, too destructive. But Andelyn Biosciences has proved that it doesn’t have to be that way.
Microsegmentation: The missing part of zero trust security
Today’s security teams are constantly under pressure to defend against increasingly sophisticated cyber threats. As attackers shift their focus to lateral movements within the enterprise network, perimeter-based defense alone cannot provide sufficient protection. Over 70% of successful violations, including attackers moving sideways, are rethinking how organizations protect internal traffic.
By limiting access to critical assets based on identity rather than network location, microshaking has emerged as a key strategy in achieving zero trust security. However, traditional microsegmentation approaches (often including VLAN reconfiguration, agent deployment, or complex firewall rules) are slow, operationally disruptive and difficult to scale.
For Andelyn Biosciences, a contract development and manufacturing organization (CDMO), specialized in gene therapy, ensuring its pharmaceutical research and manufacturing environment was a top priority. However, as thousands of IT, IoT, and OT devices operate across interconnected networks, traditional segmentation approaches have introduced unacceptable complexity and downtime.
Initially, Andelyn chose a Network Access Control (NAC) solution to address these challenges. However, almost two years after an implementation with high operational overhead and unable to scale segmentation effectively, security teams were unhappy with the lack of progress. The complexity of agent-based enforcement and manual policy management has made it difficult to adapt solutions to Anderin’s rapidly evolving environment.
Ultimately, they decided to pivot into Elisity’s identity-based microsegmentation solution, allowing minimal access policies to be enforced quickly, without the need for hardware changes or network redesign.
Check out Virtual Case Study Replay
Listen to Bryan Holmes, Vice President of Information Technology at Andelyn Biosciences, and Pete Doolittle, Chief Customer Officer at Elisity.
Brian shares his journey from his initial deployment to managing 2,700 active security policies. All of these do not disrupt operations or require new hardware or network configuration.
Watch now to learn:
A practical strategy for implementing microsegments across it and the OT environment without disrupting the manufacturing and research work of critical drugs. How to accelerate Zero Trust initiatives by leveraging identity-based security policies that protect intellectual property, ensuring regulatory compliance and ensuring clinical trial data. How to gain real insights into scaling from early conceptual proofs to enterprise-wide deployment using automated discovery, Elisity IdentityGraph™, and dynamic policy enforcement.
Check out the complete case study here
Challenge: Ensuring a complex, high-stakes environment
The pharmaceutical industry faces unique security challenges. Research and manufacturing facilities must house important intellectual property and comply with strict regulatory requirements, including NIST 800-207 and IEC 62443. At Anderin, security leaders were increasingly concerned about the risks posed by flat network architectures in which users, devices, and workloads share the same infrastructure.
Despite traditional boundary defenses, this structure left something vulnerable to unauthorized access and lateral movement. The security team faced several important challenges:
There is a lack of full visibility into all connected devices, including unmanaged IoT and OT assets. The need for segmentation that does not disrupt operations in highly sensitive research environments. Compliance pressures that require fine-grained access control without increasing management overhead.
Bryan Holmes, VP of Andelyn Biosciences, knew that traditional segmentation models wouldn’t work. Deploying a Network Access Control (NAC) solution or ResearchItecting VLAN required significant downtime, affecting critical research and production timelines.
“We needed a micro-segment solution that provided immediate visibility, enforced fine-grained security policies and could do so without the need for a large network overhaul,” Holmes explained.
Elisity Approach: Complexity-Free Identity-Based Segmentation
Unlike legacy segmentation solutions, Elisity’s approach does not rely on VLANs, firewall rules, or agent-based enforcement. Instead, use your existing network switching infrastructure to dynamically enforce identity-based security policies to ensure minimal access.
At the heart of Elisity’s platform is Elisity IdentityGraph™. It correlates Active Directory, Endpoint Detection and Response (EDR) solutions (Metadata such as CrowdStrike), and CMDB systems to create real-time maps of users, workloads, and devices. This visibility allows organizations to enforce policies based on their identity, behavior, and risk rather than static network structures.
For Anderin, this meant that they could fully grasp the segmentation and implement it in weeks rather than months or years without operational disruption.
Deployment: From weeks of visibility to policy execution
Anderin’s segmentation journey began with a comprehensive network discovery. The Elisity platform passively identifies devices across all users, workloads, and OT environments, including previously unmanaged assets. Within a few days, the security team had full inventory and was rich in metadata to determine which assets were trusted, unknown or potentially fraudulent.
Andelyn then moved to policy modeling and simulation using Elisity’s “no-far” dynamic policy creation engine. Instead of enforcing the policy right away, the security team simulated segmentation rules to avoid disrupting critical workflows.
Once validated, the policy gradually became active. It was initially active in a low-risk environment and then in the entire production system. Enforcement was seamless as Elisity’s platform does not require network infrastructure reconfiguration.
“We were able to move from monitoring mode to full policy activation with just a small portion of our expectations,” Holmes said. “And we did that without disrupting research or manufacturing operations.”
The result: Increased security without increasing complexity
Currently, 2,700 active security policies are in place, and Lin is significantly improving the maturity of Zero’s trust while ensuring compliance with industry regulations.
By applying identity-based microsegmentation, the company is:
Prevents unauthorized lateral movement and reduces the potential explosion radius of the breach. Drug research data and intellectual property protected from insider threats and external attacks. Segmentation policies are dynamically enforced without the need for constant manual updates, reducing operational overhead. Streamlined compliance report for NIST 800-207 and IEC 62443.
Unlike traditional approaches that rely on static access lists or require dedicated segmentation hardware, Elisity’s platform continuously adapts as users, workloads, and devices move across the network. Policy is cloud-managed and dynamically updated based on real-time insights from Elisity IdentityGraph™ to ensure that threats remain secure as they evolve.
Future: Scaling Microshaking across the Enterprise
Following the successful initial deployment, Andelyn is currently expanding its microshaking policy to additional sites and use cases. The ability to dynamically enforce minimal access without the need for major network changes has made Elisity an important part of the company’s security strategy.
For other organizations facing similar challenges, Holmes offers clear recommendations.
“Start with visibility. You can’t protect what’s invisible. From there, we’ll focus on pre-enforcement policy modeling. The ability to simulate policies first was a game changer for us.”
Microsegmentation is often seen as a complex multi-year initiative and requires significant investment and operational disruption. The Andelyn Biosciences case proves that not. With the right approach, organizations can achieve zero trust segmentation in weeks rather than years.
If your segmentation project is stagnant, or even worse, if it didn’t actually start, there’s a better way. Learn how identity-based microsegmentation can accelerate your organization’s zero trust. [Request a Demo Here]
Source link
