Elisity

57% of security leaders rank microsegmentation as their #1 initiative to stop lateral movement. Only 24% have actually deployed it. That's the say-do gap Omdia surfaced in their 2025 microsegmentation survey of 352 U.S. cybersecurity decision makers, and it lands hardest in manufacturing. 99% of organizations are planning microsegmentation, but only 9% have more than 80% of their critical systems protected. 78% of decision makers have no hands-on experience with modern microsegmentation, even as 69% say identity-based policy is the feature they want most. Manufacturing networks make the gap operational: Remote engineers (70%), ICS/SCADA systems (53%), building management systems (59%) all sit on top of the priority list for segmentation, and legacy approaches consume 18+ hours per change cycle keeping up. William Toll, our Head of Product Marketing, breaks down the survey through the manufacturing cybersecurity lens, what's holding execution back, and what modern OT microsegmentation looks like when it actually works. Link to the full analysis in the comments. #Microsegmentation #OTSecurity #ManufacturingCybersecurity #IndustrialSecurity #ZeroTrust

Join us next week and meet our local sales leader Katya Ermolaeva at the event!

MultiCare Health System just won a 2026 CSO Award for “From ‘Department of No’ to ‘Culture of Yes’: Enabling Modern Healthcare Through Identity-Based Microsegmentation.” MultiCare’s team discovered and classified 99% of devices within minutes during the proof of value. Identity-based policy now protects 40,000+ connected devices across 13 hospitals and 350+ urgent care and outpatient clinics. Clinical operations never went down. 2 FTEs run the program, against an industry benchmark of up to 14. Existing Cisco and Juniper switches do the enforcement. No agents on FDA-regulated medical devices. No network redesign. Jason Elrod, CISO at MultiCare: “Elisity works, does what it says it can do.” That’s three CSO Awards in three years for Elisity customers, following GSK in 2023 and Main Line Health in 2024. If you lead security at a healthcare system or large manufacturer, read how MultiCare did it: https://lnkd.in/geMiUs3x #Microsegmentation #ZeroTrust #HealthcareCybersecurity

99% of security leaders want microsegmentation. 9% have it. That’s the gap CISA’s new CI Fortify guidance just made urgent. Acting Director Nick Andersen’s framing is precise: critical infrastructure operators have to “isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise.” The doctrine is sound for an adversary class that lives on valid credentials and native tools. The gap is operator-side. As Elisity CEO James Winebrenner told Cynthia Brumfield at CSO Online, “you can’t plan to operate disconnected from third parties for weeks to months until you can actually list who those third parties are. Most operators can’t.” The work ahead: comprehensive identity and dependency visibility, then segmentation that holds when third-party access is severed. Cynthia’s full piece is linked in the comments. #CriticalInfrastructure #CISA #OTSecurity #ZeroTrust

Damage limitation used to be a slide in a Ron Ross deck. At The Official Official Cybersecurity Summit Boston this week, it was the operating model. Three sessions, one through-line. Ron Ross, in conversation with Parham Eftekhari of CyberRisk Alliance, framed cyber defense as three dimensions: penetration resistance, damage limitation, cyber resilience. He used NASA JPL's Sunrise satellite digital twin to make the point that you cannot defend what you have not modeled. Steve Craig, CISSP, MCT-alumni of NewYork-Presbyterian Hospital made it concrete. 1.2 million medical devices visible on Shodan. FDA-locked systems that cannot be patched. A local admin count driven from 2,000 down to 200, with single digits as the goal. His framing for segmentation stuck with us: speed bumps. Slow the attacker down enough that detection and response can catch up. His exact phrase, "reducing the blast radius," became the title of our recap. The Women in Cyber panel, moderated by Deidre Diamond of CyberSN, with Kelley Misata, Ph.D. of Sightline Security and Open Information Security Foundation, Praveen Sharma, and Janine (Thomas) Comstock, focused on identity as the new perimeter. Human, non-human, and agentic AI. Third-party risk. Post-quantum readiness as a Y2K-scale program that needs to start now. Microsegmentation is how damage limitation gets enforced. Identity, including AI agents, is what it segments on. Microsegmentation is how damage limitation gets enforced. Identity, including AI agents, is what it segments on. Recap link in the comments.

🚨 Live Webinar Event 🚨 | 99% of security leaders plan to deploy microsegmentation. 9% actually have it.                                                                 That gap is the real story in network security right now, and on June 18, two Omdia analysts, Hollie Hennessy and Rik Turner will share what their research uncovered about the adoption gap. Jason Elrod and Edmond Mack will pressure-test it with what is actually happening inside their networks today.                                                                      Thursday, June 18. 10 AM PDT / 1 PM EDT. Register below 👇                                                                                                #Microsegmentation #ZeroTrust #Healthcare #CISO #NetworkSecurity  

Four weeks after Mythos, the patch-window math is broken. The question is whether you can ship a defense fast enough to matter. David Finkelstein and the St. Luke's University Health Network team did it with the Elisity customer experience team in 46 days, two weeks ahead of schedule. Across 15 hospitals, 85,000 devices, and 1,800 vendors. The fastest enterprise rollout in our history. That speed belongs to both teams. #PatchingIsNotAPlan #Healthcare #CustomerSuccess

Cyber insurance is no longer a procurement line. It's a resilience requirements document.                               That was Roger Hale's framing when we sat down with the 7-time CSO at #RSAC 2026. Carriers now ask for specific controls, tested recovery procedures, and incident evidence before paying claims. When the breached organization can't produce the telemetry, segmentation evidence, or access logs the policy requires, the financial impact compounds: breach cost, legal cost, and denied claim arrive together. Roger's contrarian take on identity is just as direct: stop separating    "non-human identity" from human identity. Every access decision, whether it's an employee, a service account, or an AI agent, should be evaluated under  one policy fabric.                     Both threads point to the same architectural premise: identity-based, evidence-rich enforcement. Full conversation in the comments.  #Cybersecurity #ZeroTrust #Microsegmentation #CyberResilience #CISO 

Preventing lateral movement is an architectural objective, not a tooling decision. That was the through-line of Andy Ellis's RSAC 2026 conversation with Elisity. The former CSO of Akamai for 20 years and author of "How to CISO" was direct about why Zero Trust programs stall. Most lateral movement does not exploit a novel vulnerability. It rides on three things: → Administrative agents the security team itself deployed → Service accounts with too many privileges → East-west paths the network was built to allow The architecture has to plan for stopping lateral movement, not just for detection. Andy's reframe of Zero Trust is just as direct. Programs stall because the message has been "I don't trust you," when it should be "I don't trust the tools we put on the network." The full conversation also covers: → Enclaving FDA-locked medical devices and unpatchable Windows manufacturing PCs → Why two-week traffic samples miss the monthly close and the annual DR test → Why policy is the last thing you do, not the first Worth the read and watch for CISOs, security architects, and network architects working on identity-based microsegmentation. https://lnkd.in/eWpTaj3H #ZeroTrust #Microsegmentation #LateralMovement

99% of security leaders want microsegmentation deployed. Only 9% have protected more than 80% of their critical systems. A new Omdia survey of 352 cybersecurity decision makers across U.S. healthcare and manufacturing, commissioned by Elisity, lays out a clear say-do gap. Five numbers from the survey: ▪ Nearly 1 in 2 organizations experienced a lateral movement attack in the past year ▪ 57% rank microsegmentation as their top initiative to stop it ▪ 44% cite comprehensive device visibility as their biggest capability gap ▪ 69% require identity-based controls in any modern solution ▪ 32% point to cyber insurance requirements as a direct business driver Legacy tools built on VLANs, ACLs, and agents have slowed real progress for years. Most teams are still running on them. Modern, identity-based microsegmentation works differently. Policy enforces on the network infrastructure you already run. No agents. No new hardware. No VLAN reconfiguration. You contain ransomware and lateral movement across IT, IoT, OT and IoMT in weeks, not years. Read the full announcement: https://lnkd.in/ewWqwfw7 #Microsegmentation #ZeroTrust #Cybersecurity