Over the last few months, our team at Elisity has been hard at work continuously improving the functionality of our platform. We’ve been gathering ideas and feedback from customers and field experts to bring the best possible product to the market, and we have again turned those ideas and feedback into features. We will get into the details of our 14.5 release, but if you are unfamiliar with what we do at Elisity, here is a quick rundown.
Elisity is an identity-based microsegmentation platform focusing on time to value. We identify users, devices, and applications on your network, match them to policy, and enforce those policies on your supported access layer switching infrastructure. The solution is deployed in days to weeks rather than months with no additional hardware. We can help meet compliance requirements across many common industry compliance standards. We offer support for various use cases from healthcare to manufacturing and integrations with common identity tools used in these industries, like Active Directory, ServiceNow, Claroty, Medigate, and others. For more information on the use cases we solve and how we do it, visit our knowledge base.
With our latest release, 14.5, we have improved quality of life and usability, improved scalability, and expanded support to new switch platforms. The complete list of new features is listed below.
Support for Catalyst 9200/L and IE3400 Switch Platforms
The Elisity Cognitive Trust Platform now supports Cisco’s Catalyst 9200/9200L and IE3400 Ethernet switching platforms. Glean identity and enforce policy using these additional SGT-capable platforms.
High Availability and Redundancy Support for Switch-Hosted Virtual Edge
The Elisity Virtual Edge container now support the Cisco Catalyst 9000 series Native Docker Auto Restart functionality. In the event of a failure of the switch/supervisor hosting the VE container, the VE will automatically restart and re-connect to the Elisity Cloud automatically.
Policies for Unclassified Assets using Unclassified Policy Group
Policies can be applied to all unidentified, unknown, and unclassified devices using the default Unclassified Policy Group, effectively securing these devices with policy.
Asset Inventory Expiration Timers
Devices can now be configured to age out of the inventory after a configured timeout period. This capability automatically removes transient assets such as guest and randomized MAC address devices.
Flexible Time Window for Traffic Visualization
Customers can now select the last 24 hours, previous seven days, last 28 days, or a custom time range for traffic visualizations in the Elisity Cloud Control Center. This new date-range feature replaces the static 30-day date range.
Elisity Active Directory (AD) Agent to Domain Controller Status Indicator
Viewing the status of a connected Elisity AD Agent in Cloud Control Center now shows the agent’s status and its connection to Active Directory Domain Controllers. The last status change time is also provided in this view.
Known in Active Directory Identification and Policy
Devices can now be classified based on whether they are connected to Active Directory Domain members. Based on this classification, policies can be implemented to allow least privileged access for devices based on their membership in Active Directory
Bulk Onboarding and Configuration of Virtual Edge and Virtual Edge Nodes
Customers can now upload an Excel document containing information for multiple Virtual Edge configurations to the Elisity Cloud Control C. CCC will then provide a bulk download of Docker compose files to enable rapid deployment of numerous Virtual Edge containers. Customers can also do this with Virtual Edge Nodes by simply uploading configuration information for multiple switches in the environment that are intended to act as Virtual Edge Nodes. Once uploaded to CCC, the Elisity Virtual Edge will connect to the Virtual Edge nodes and configure them for identity gleaning and policy enforcement.
Active Queries for OS Detection
Administrators can initiate a targeted active scan from Virtual Edges to monitor subnets in their environment. These targeted scans attempt to enumerate the operating system on endpoints to improve the identification of devices and enable a more granular policy definition.
Virtual Edge (VE) interoperation with existing switch configurations
When a switch is added to perform identity gleaning and policy enforcement, the Elisity platform will recognize conflicting configuration if it exists on the switch and will attempt to work with the existing configuration where possible.