Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn’t have to be that way.

Microsegmentation: The Missing Piece in Zero Trust Security

Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no longer provide sufficient protection as attackers shift their focus to lateral movement within enterprise networks. With over 70% of successful breaches involving attackers moving laterally, organizations are rethinking how they secure internal traffic.

Microsegmentation has emerged as a key strategy in achieving Zero Trust security by restricting access to critical assets based on identity rather than network location. However, traditional microsegmentation approaches—often involving VLAN reconfigurations, agent deployments, or complex firewall rules—tend to be slow, operationally disruptive, and difficult to scale.

For Andelyn Biosciences, a contract development and manufacturing organization (CDMO) specializing in gene therapies, securing its pharmaceutical research and manufacturing environments was a top priority. But with thousands of IT, IoT, and OT devices operating across interconnected networks, a conventional segmentation approach would have introduced unacceptable complexity and downtime.

Initially, Andelyn selected a network access control (NAC) solution to address these challenges. However, after almost two years into an implementation with high operational overhead and an inability to effectively scale segmentation, the security team became frustrated with the lack of progress. The complexity of agent-based enforcement and manual policy management made it difficult to adapt the solution to Andelyn’s rapidly evolving environment.

Ultimately, they decided to pivot to Elisity’s identity-based microsegmentation solution, enabling them to rapidly enforce least-privilege access policies without requiring hardware changes or network redesign.

Watch the Virtual Case Study Replay

Hear from Bryan Holmes, VP of Information Technology at Andelyn Biosciences, and Pete Doolittle, Chief Customer Officer, Elisity to discover how a modern approach to microsegmentation accelerates Zero Trust adoption from years to weeks.

Bryan shares their journey from initial deployment to managing 2,700 active security policies—all without disrupting operations or requiring new hardware or network configurations.

Watch Now to Learn:

• Practical strategies for implementing microsegmentation across IT and OT environments without disrupting critical pharmaceutical manufacturing and research operations.
• How to accelerate Zero Trust initiatives by leveraging identity-based security policies that protect intellectual property, ensure regulatory compliance, and secure clinical trial data.
• How to get real-world insights on scaling from initial proof-of-concept to enterprise-wide deployment using automated discovery, the Elisity IdentityGraph™, and dynamic policy enforcement.

Watch the Full Case Study Here

The Challenge: Securing a Complex, High-Stakes Environment

The pharmaceutical industry faces unique security challenges. Research and manufacturing facilities house critical intellectual property and must comply with strict regulatory requirements, including NIST 800-207 and IEC 62443. At Andelyn, security leaders were increasingly concerned about the risks posed by a flat network architecture, where users, devices, and workloads shared the same infrastructure.

Despite traditional perimeter defenses, this structure left Andelyn vulnerable to unauthorized access and lateral movement. The security team faced several key challenges:

• Lack of complete visibility into all connected devices, including unmanaged IoT and OT assets.
• The need for segmentation without disrupting operations in highly sensitive research environments.
• Compliance pressures requiring fine-grained access controls without increasing administrative overhead.

Bryan Holmes, VP of IT at Andelyn Biosciences, knew that traditional segmentation models wouldn’t work. Deploying network access control (NAC) solutions or rearchitecting VLANs would have required significant downtime, impacting critical research and production timelines.

“We needed a microsegmentation solution that could provide immediate visibility, enforce granular security policies, and do so without requiring a massive network overhaul,” Holmes explained.

The Elisity Approach: Identity-Based Segmentation Without Complexity

Unlike legacy segmentation solutions, Elisity’s approach does not rely on VLANs, firewall rules, or agent-based enforcement. Instead, it applies identity-based security policies dynamically, using the existing network switching infrastructure to enforce least-privilege access.

At the core of Elisity’s platform is the Elisity IdentityGraph™, which correlates metadata from Active Directory, endpoint detection and response (EDR) solutions like CrowdStrike, and CMDB systems to create a real-time map of users, workloads, and devices. This visibility enables organizations to enforce policies based on identity, behavior, and risk—rather than static network constructs.

For Andelyn, this meant they could achieve full network visibility and implement segmentation in weeks rather than months or years, without operational disruption.

Deployment: From Visibility to Policy Enforcement in Weeks

Andelyn’s segmentation journey began with comprehensive network discovery. Elisity’s platform passively identified all users, workloads, and devices across IT and OT environments, including previously unmanaged assets. Within days, security teams had a complete inventory, enriched with metadata to determine which assets were trusted, unknown, or potentially rogue.

Next, Andelyn moved to policy modeling and simulation, using Elisity’s “no-fear” dynamic policy creation engine. Instead of enforcing policies immediately, security teams simulated segmentation rules to ensure they would not disrupt critical workflows.

Once validated, policies were gradually activated—first in lower-risk environments and later across production systems. Because Elisity’s platform does not require reconfiguring network infrastructure, enforcement was seamless.

“We were able to move from monitoring mode to full policy activation in a fraction of the time we expected,” Holmes noted. “And we did it without disrupting research or manufacturing operations.”

The Results: Stronger Security Without Added Complexity

With 2,700 active security policies now in place, Andelyn has significantly improved its Zero Trust maturity while ensuring compliance with industry regulations.

By applying identity-based microsegmentation, the company has:

• Prevented unauthorized lateral movement, reducing the potential blast radius of a breach.
• Protected pharmaceutical research data and intellectual property from insider threats and external attacks.
• Reduced operational overhead, as segmentation policies are dynamically enforced without the need for constant manual updates.
• Streamlined compliance reporting, aligning with NIST 800-207 and IEC 62443.

Unlike traditional approaches that rely on static access lists or require dedicated segmentation hardware, Elisity’s platform continuously adapts as users, workloads, and devices move across the network. Policies are cloud-managed and dynamically updated based on real-time insights from the Elisity IdentityGraph™, ensuring security remains effective even as threats evolve.

The Future: Scaling Microsegmentation Across the Enterprise

Following the success of its initial deployment, Andelyn is now expanding microsegmentation policies to additional sites and use cases. The ability to enforce least-privilege access dynamically, without requiring major network changes, has made Elisity an essential part of the company’s security strategy.

For other organizations facing similar challenges, Holmes offers a clear recommendation:

“Start with visibility. You can’t protect what you don’t see. From there, focus on modeling policies before enforcement. The ability to simulate policies first was a game-changer for us.”

Microsegmentation is often seen as a complex, multi-year initiative that requires significant investment and operational disruption. Andelyn Biosciences’ case proves otherwise—with the right approach, organizations can achieve Zero Trust segmentation in weeks, not years.

If your segmentation project has stalled—or worse, never really started—there’s a better way. See how identity-based microsegmentation can accelerate Zero Trust in your organization. [Request a Demo Here]