Nozomi Networks ARC is a host-based security sensor designed for operational technology environments that provides endpoint detection, threat prevention, and network monitoring capabilities. The product operates as both an endpoint security agent and a lightweight network sensor, collecting data from OT endpoints and sending it to Nozomi Guardian or Nozomi Vantage for analysis and correlation. The solution monitors USB device usage, tracks user activity, performs local behavior analysis using Sigma rules, and implements threat prevention through YARA and STIX detection mechanisms. It offers three threat response modes: Detection Mode for visibility without intervention, Quarantine Mode to block and contain malicious files, and Delete Mode to immediately remove threats. As a network sensor, ARC performs passive traffic monitoring, discovers neighboring devices on the host's subnet, and enriches asset data through active queries. The product continuously monitors assets for inventory, security, and performance data while conducting vulnerability assessments. ARC Embedded extends the platform's capabilities to industrial controllers at Purdue levels 0-1, monitoring east-west communications, process variable readings, and controller logic changes. It tracks changes in software, firmware, hardware status, program logic, and operating state, while monitoring physical access including user logins and USB peripheral usage. The solution is designed to operate primarily in user space with minimal kernel-level access, distinguishing it from traditional endpoint protection platforms that may disrupt OT operations.