Book a Demo
How it Works

We've got you covered.
Here's how.

Every endpoint found. Every threat surfaced. Every issue explained and fixed — automatically. Here’s exactly what happens.

01

Endpoint Detection

02

Deploy Agents

03

Issue Detection

04

Plain English

05

Solutions

06

One Click

07

Reporting

Step 01

Endpoint Detection

Every device.
Known and unknown.

Spotlight begins with a comprehensive sweep of your entire infrastructure — cataloging every endpoint across IT and OT environments, including devices that were never formally inventoried. Rogue hardware, forgotten assets, and shadow devices all surface here. You can’t defend what you don’t know exists.

Servers · workstations · PLCs · HMIs · RTUs · SCADA · IoT sensors
1,673+ network device variants · full IT + OT protocol support
01
🖥️
Server
🔥
Firewall
Unknown
⚙️
PLC
📡
Sensor
🔌
Switch
Unknown
🖥️
HMI
📦
RTU
Unknown
◻️
Scanning
☁️
Cloud
🔐
Controller
◻️
Scanning
📟
Router
  • Known Endpoint
  • Newly Discovered
  • Scanning
Step 02

Deploy Agents

Lightweight agents.
Right on the attack surface.

Spotlight deploys ultra-lightweight AI agents directly onto each device — sitting at the source, not monitoring traffic from a distance. Our agents don’t observe the attack surface. They inhabit it. As little as 500KB of RAM. No new hardware required.

Linux · Windows 7+ · FreeBSD · Custom firmware
Air-gap · hybrid · cloud SaaS · multi-tenant
02
🖥️
PROD-SERVER-01
• Agent Live
⚙️
SCADA-NODE-04
• Agent Live
📦
RTU-PUMP-STN-7
• Agent Live
🔥
FW-PERIMETER-01
• Agent Live
🖥️
WORKSTATION-14
Deploying...
Agents Deployed
847
Footprint per Agent
< 50MB · 500KB RAM min
Step 03

Issue Detection

Continuous. Thorough. Unblinking.

Agents scan continuously — not on a schedule, not during maintenance windows. Every configuration change, unusual traffic pattern, and emerging vulnerability is flagged the moment it appears. Misconfigurations, unauthorized access, lateral movement, known CVEs — all in real time.

Misconfigurations · unauthorized access · CVEs · lateral movement
OT protocol anomalies · policy drift · firmware vulnerabilities
03
✓ WORKSTATION-03 ............... clean
Clear
✓ PROD-SERVER-01 ............... clean
Clear
✓ FW-PERIMETER-01 .............. clean
Clear
⚠ RTU-PUMP-STN-7 ............... policy drift
Warn
✓ SWITCH-FLOOR-2 ............... clean
Deploying...
🚨 SCADA-NODE-04 ................ unauthorized IP
Critical
✓ HMI-CONTROL-01 .............. clean
Clear
✓ SENSOR-ARRAY-12 .............. clean
Clear
Step 04

Plain English Communication

No PhD required to understand the threat.

Spotlight’s LLM reads every alert and translates it into plain language — what happened, why it matters, and how serious it is. Context, severity, and impact. In sentences, not syntax.

Every alert includes: plain-English explanation · severity · affected systems · recommended next steps
04
Raw Log Output
Jun 1 05:37:49 SCADA-NODE-04 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:18:ae:c7:dd:48 SRC=10.0.20.11 DST=10.0.30.52 LEN=1552 TOS=0x00 PREC=0x00 TTL=64 ID=54321 DF PROTO=TCP SPT=45231 DPT=502 WINDOW=65535 RES=0x00 SYN URGP=0 · Source IP/VLAN mismatch detected · DHCP lease conflict · CHILD_SA net-2-0[4190] established SPIs c9eb0d9d (inbound) c2f19100 TS=172.30.1.242/32
Spotlight Explains it in Plain English

An unknown device at IP 10.0.20.11 is attempting to connect to your SCADA control system on port 502 — the Modbus control protocol. This traffic should not be happening. The device is not recognized on your network and appears to be probing your industrial control systems. Risk: unauthorized access to operational technology.

Step 05

Recommended Solutions

Here's the problem.
Here's how to fix it.

Spotlight generates precise, ranked remediation options — from the fastest one-command fix to more thorough hardening approaches. Each recommendation explains what it does and why. You decide. Spotlight executes.

Trained on nation-state TTPs · military-grade scenarios · 300+ real-world deployments
05
Recommended Actions — SCADA-NODE-04
Recommended
Block all inbound traffic from IP 10.0.20.11 at the firewall level, immediately isolating the unauthorized device from your OT network segment.
sudo iptables -A INPUT -s 10.0.20.11 -j DROP
Also consider
Segment the SCADA network to prevent any IT-side device from reaching Modbus port 502 without explicit allowlist approval.
Long-term
Review and tighten DHCP lease policies to prevent unauthorized IP assignments in the OT VLAN. Implement network access control (NAC).
Step 06

One-Click Implementation

From identified to resolved. In under a minute.

A single click pushes the remediation command directly to the affected agent, which executes it on the device. No remote desktop. No vendor call. No driving to site. Other tools alert. Spotlight acts.

On-device execution · full audit log · no professional services required
06
🚨 Active Threat — SCADA-NODE-04
Unauthorized device 10.0.20.11 is actively probing Modbus port 502. Blocking is recommended immediately. Spotlight will push the remediation command directly to the affected node.
⚡ Take Action with Spotlight AI
✓ Remediation pushed · Issue resolved
43 seconds
WHAT SPOTLIGHT EXECUTED
sudo iptables -A INPUT -s 10.0.20.11 -j DROP
All inbound traffic from 10.0.20.11 is now blocked. The unauthorized connection has been severed. Event logged for audit trail.
Step 07

Generate Reports

Prove your value.
Every single month.

Every threat detected, every issue resolved — logged automatically and compiled into clear reports. Send them to leadership, attach them to audits, share them with clients. Everything Spotlight does becomes documented evidence of the work being done.

Executive summary · compliance audit · board report · MSP client report · custom date ranges
07
Monthly Security Report
January 2026 · Tri-County Electric Co-op
63
Threats blocked
18
Issues resolved
100%
Uptime
Security posture score
 0/100 
Security posture score
0%
Executive Summary
Compliance Audit
Board Report
MSP Client Report
Ready to see it live?

One demo.
See it live.

Book a live demo and watch our agents find and fix a real vulnerability on your network — in under a day.