QuantLayer Console Overview

    Centralized control plane for enforcing Zero Trust across IT, OT/ICS, and IoT with safe enforcement from cloud to on-prem to edge.

    Platform
    UI
    IT
    OT/ICS
    IoT
    6 min
    Last updated: 2026-01-01

    Overview

    The QuantLayer Console is the centralized control plane for enforcing Zero Trust across enterprise IT, industrial OT/ICS, and IoT environments—providing unified visibility, continuous verification, and operationally safe enforcement from cloud to on-prem to edge.

    Where to Start

    1) Inventory

    Open Assets & Devices to confirm identity enrollment, posture, and last seen status. Filter by OS, site, zone, or fleet to focus on specific business units or plants.

    2) Trust Posture

    Review trust drift (e.g., missing patches, policy violations, tamper events). Prioritize remediation using risk signals and alert severity.

    3) Enforce Policies

    Apply least-privilege policies and microsegmentation by zone / conduit. Use staged enforcement modes for OT (observe → enforce) to avoid downtime.

    4) Respond

    Investigate events, correlate identity + device + network signals, and trigger response actions. Quarantine compromised devices or require step-up verification.

    Tip for OT deployments
    Start in Monitor/Observe mode to baseline traffic and access paths, then enforce segmentation in phases aligned to production windows.

    Console Screenshots (Reference)

    The visuals show a typical flow: Assets & Devices provides an identity + posture inventory, and the Console action opens a remote shell for safe, auditable operations such as patch checks and updates.

    Assets & Devices screen showing device identity, posture, and Console action
    Assets & Devices

    View device identity, OS, last authenticated time, status, and remote access action (“Console”) for each asset. Use this to quickly spot disconnected, quarantined, or unpatched endpoints across IT/OT/IoT.

    Remote Console screen showing an auditable terminal session
    Remote Console

    Launch an auditable session (e.g., PowerShell/Bash) to validate posture, run patch checks, or execute approved remediation commands with least privilege.

    Patch Management Examples (What Users See)

    Below are example commands and sample responses to demonstrate patch posture and controlled updates. Your developer can wire these to your agent/runner so the console displays command output in real time.

    Windows (PowerShell) — Command

    systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 5

    Windows (PowerShell) — Sample Response

    OS Name: Microsoft Windows 11 Pro
OS Version: 10.0.22631 N/A Build 22631

Source        Description      HotFixID    InstalledBy          InstalledOn
------        -----------      -------     -----------          -----------
DEV-01        Update           KB5034765   NT AUTHORITY\SYSTEM  1/18/2026
DEV-01        Update           KB5034123   NT AUTHORITY\SYSTEM  1/12/2026
DEV-01        Security Update  KB5033375   NT AUTHORITY\SYSTEM  12/28/2025
DEV-01        Update           KB5032007   NT AUTHORITY\SYSTEM  12/10/2025
DEV-01        Update           KB5029244   NT AUTHORITY\SYSTEM  11/15/2025

    Windows (PowerShell) — Optional: Install Updates (example)

    # Example if PSWindowsUpdate is approved in your environment
Install-Module PSWindowsUpdate -Force
Import-Module PSWindowsUpdate
Get-WindowsUpdate
Install-WindowsUpdate -AcceptAll -AutoReboot
    Best practice
    Use a staged rollout: pilot group → critical endpoints → broad deployment. For OT-adjacent Windows hosts, schedule updates in maintenance windows and use allow-listed commands only.

    Linux (Debian/Ubuntu) — Command

    uname -a
lsb_release -a 2>/dev/null || cat /etc/os-release
sudo apt-get update
apt list --upgradable 2>/dev/null | head -n 12

    Linux (Debian/Ubuntu) — Sample Response

    Linux edge-gw-07 6.5.0-17-generic #17-Ubuntu SMP x86_64 GNU/Linux
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.4 LTS

Listing...
openssl/jammy-updates 3.0.2-0ubuntu1.15 amd64 [upgradable from: 3.0.2-0ubuntu1.14]
curl/jammy-updates 7.81.0-1ubuntu1.16 amd64 [upgradable from: 7.81.0-1ubuntu1.15]
linux-firmware/jammy-updates 2023.11.15 amd64 [upgradable from: 2023.10.30]

    Linux (Debian/Ubuntu) — Controlled Update (example)

    # Update packages (example)
sudo apt-get -y upgrade
# Reboot only if needed
[ -f /var/run/reboot-required ] && echo "Reboot required" || echo "No reboot needed"
    OT/Edge note
    For gateways and OT jump hosts, prioritize kernel/openssl/curl fixes and validate compatibility with protocol drivers (Modbus, OPC UA, etc.) before broad rollout.

    How This Shows Up in QuantLayer

    • Console stores the command, output, timestamp, and target device identity for an auditable trail.
    • Patch posture updates the device trust score (e.g., “Up-to-date”, “Missing critical patches”, “Reboot pending”).
    • Policies can restrict console commands based on role, device zone, and change window approvals.