Modern networks change constantly. New devices spin up, virtual machines are powered on and off, and workloads move across environments. For security and operations teams, the challenge is not just connectivity. It is maintaining real-time visibility and control over every device attempting to communicate on the network.

In this webinar demonstration, Steven Lemons, Principal Solutions Architect at CSOI, walks through how device discovery and autotagging work inside the CSOI platform, showing how operators gain immediate awareness of new devices and enforce Zero Trust controls by default.

Centralized Visibility Through the CSOI Conductor

The demonstration begins in the CSOI Conductor dashboard, which serves as the command-and-control layer for CSOI deployments. From this single interface, operators can view protected network segments, active gateways, and connected devices across the environment.

In the example environment, a CSOI Airwall gateway is deployed as a virtual appliance running on an ESXi platform. This gateway provides enforcement at the network edge while supporting software-defined networking overlays that rely on cryptographic host identity rather than IP addresses alone.

At the start of the demo, only two Linux devices are active within the protected segment. These devices are already known, accepted, and eligible for policy assignment.

What Happens When New Devices Appear

To simulate a real-world scenario, several additional virtual machines are powered on inside the same protected network segment. As these new VMs come online, they request IP addresses via DHCP from the upstream server.

As soon as this happens, CSOI automatically detects the new devices in real time. Within the Conductor dashboard, operators can watch these devices appear under the local devices view for the Airwall gateway.

Each newly discovered device is immediately flagged visually with a red lightning bolt icon. This indicator tells the operator three critical things at a glance:

• The device is newly discovered

• It has not yet been accepted into the CSOI trust fabric

• It does not have a cryptographic identity required for secure communication

At this stage, the devices are visible but not trusted. They cannot participate in protected communications until they are explicitly onboarded and assigned policy.

Autotagging and Instant Alerts

Beyond visual indicators in the device list, CSOI also generates alerts automatically when new devices are discovered. These alerts appear in the visibility and notification sections of the Conductor dashboard.

Each alert includes actionable detail such as:

• The Airwall gateway and network segment where the device appeared

• The timestamp of discovery

• The assigned IP address

• The MAC address of the device

For network operations centers (NOC) and security operations centers (SOC), this means no polling, no guesswork, and no delay. Operators receive immediate notification whenever something new attempts to connect inside a protected segment.

Zero Trust by Default

A key takeaway from the demonstration is that visibility does not equal access. In a CSOI-protected environment, devices are denied participation by default. Discovery and autotagging provide awareness, but communication is only allowed after a device is onboarded, assigned a cryptographic identity, and bound to explicit policy.

This approach aligns directly with Zero Trust principles, ensuring that unmanaged or unauthorized devices cannot move laterally, access sensitive systems, or reach external resources without approval.

Why Device Discovery Matters

CSOI device discovery and autotagging help organizations:

• Maintain continuous awareness of network changes

• Instantly identify unmanaged or unexpected devices

• Reduce dwell time and risk from rogue or misconfigured assets

• Simplify security operations through centralized dashboards and alerts

• Enforce Zero Trust policies consistently across IT, OT, and hybrid environments

Rather than relying on static inventories or manual reviews, CSOI gives operators live, actionable insight into what is happening on their networks right now.