Core Concepts

QuantLayer treats every subject as an identity: workforce users, machines, workloads, gateways, and OT/IoT assets.

• Identity assurance increases with stronger signals (e.g., passkey, device-bound).
• Identity is continuously re-verified—trust is not permanent.

Posture is the current security state of an identity or asset.

• Integrity state (secure boot, tamper events, configuration baseline).
• Patch posture and vulnerability exposure.
• Behavioral drift (new connections, unusual commands).

• Authentication anomalies, failed verification attempts.
• New device enrollments, location changes, unusual access paths.
• OT safety constraints and change windows.

Policies define least privilege using Subject → Resource → Action → Context. Enforcement can be staged: Observe → Warn → Enforce with allow/deny and step-up.

• IT: applications/services and east-west access.
• OT: zones and conduits aligned to IEC 62443.
• IoT: fleet grouping and gateway mediation.

Every decision and action produces traceable evidence suitable for compliance and incident response.