This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.
Gartner defines cyber-physical systems (CPS) protection platforms as products that discover, categorize, map and protect CPS in production or mission-critical environments outside of enterprise IT. They do so by analyzing or interacting with industrial/industry-specific protocols and operational network traffic. They understand physical process asset behavior and do not interfere with CPS operations. They can be delivered from the cloud, on-premises or in a hybrid form. Gartner defines CPS as engineered systems that orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). When secure, they enable safe, real-time, reliable, resilient and adaptable performance.
Integration with IT security and asset management tools
Support for modern, but also unique, industrial/industry-specific protocols (including reverse-engineered ones deployed decades ago), while not interfering with the operation of any device
Detailed network topology and data flow diagrams
Threat intelligence information and simulations, as well as recommended actions, to include playbooks and policy enforcement remediation options
Detailed pedigree of assets, including but not limited to the manufacturer, model, serial number, MAC and IP addresses, operating system, version, service pack, etc. — included for nested devices
Vulnerability information and recommended actions to include contextualized CVE/CVSS scores and the likelihood of exploitability
Risk scoring and recommended actions to include remediation options and impacts on alignment to standards
Vendor-native asset discovery, visibility and categorization
Claroty provides a cyber-physical systems protection platform to secure mission-critical infrastructure. Built on a foundation of deep industry expertise and asset visibility, the platform’s broad solution set comprises exposure management, network protection, secure access, and threat detection, and can be deployed in the cloud via Claroty xDome or on-premise with Claroty CTD. Backed by threat research from Claroty’s Team82 and a breadth of technology alliances, the Claroty Platform enables organizations to effectively reduce CPS risk with faster time-to-value and lower total cost of ownership.
Nozomi Networks Platform is a software designed for operational technology and industrial control system security. It provides visibility, monitoring, and threat detection for critical infrastructure and automated industrial environments. The software collects and analyzes data from operational networks to identify vulnerabilities and suspicious activity, helping organizations maintain the reliability and safety of their industrial systems. It integrates with asset management and security operations workflows to support incident response and risk management. The software addresses the business need for continuous monitoring and protection of industrial assets and processes, helping organizations manage cyber and operational risks across geographically distributed sites.
Darktrace / OT is a software designed to provide cyber threat detection and response for operational technology environments. It applies self-learning artificial intelligence to monitor network traffic across industrial control systems and critical infrastructure. The software identifies anomalies and potential threats in real-time by analyzing behavioral patterns without relying on prior knowledge of attack methods. It supports visibility across both IT and OT networks, helping organizations respond to incidents and maintain uptime. Darktrace / OT addresses the challenge of securing complex operational systems where traditional security tools may lack effectiveness due to proprietary protocols and legacy technologies.
Armis Centrix for OT/IoT Security is a cyber exposure management and security solution designed for organizations operating in converged IT and OT environments or those seeking cloud-based and/or on-premises protection for operational technology (OT) and Internet of Things (IoT) assets. It provides visibility, risk assessment, and threat mitigation capabilities across industrial, critical infrastructure, and enterprise environments that may be airgapped, converged or a combination of both. The solution includes policy enforcement, anomaly detection, and behavior analysis features that support early threat identification and help reduce cyber risks and operational disruptions. It integrates with existing security architectures to support resilience, streamline compliance processes, and enable real-time security management at scale.
Dragos Platform is a software designed to provide cybersecurity solutions for industrial control systems and operational technology environments. The software features asset identification, threat detection, incident response, and vulnerability management capabilities. It enables organizations to monitor networks, analyze data for potential risks, and respond to security events within industrial infrastructures. The software addresses business challenges related to safeguarding operational systems from cyber threats, improving visibility into network activity, and supporting compliance with regulatory requirements. It assists organizations in managing and mitigating risks associated with industrial environments while helping maintain operational reliability and security.
Fortinet OT Security Platform is software designed to safeguard operational technology environments by integrating network security, visibility, and control across industrial systems. The software addresses the need for secure connectivity within critical infrastructure by providing threat detection, asset visibility, and risk management capabilities. It offers centralized management for securing converged IT and OT networks and features specialized controls for industrial protocols and legacy assets often found in industrial networks. The software assists organizations in monitoring and enforcing security policies, segmenting networks, and responding to potential cyber threats within operational technology environments, thereby supporting the continuity and reliability of industrial processes.
Tenable.ot disrupts attack paths and protects industrial and critical infrastructure from cyber threats. From inventory management and asset tracking to threat detection at the device and network level, vulnerability management and configuration control, Tenable’s OT security capabilities gives IT and OT security personnel visibility, security, and control across the entire operation.
Zscaler Deception is a software designed to enhance network security by deploying decoys and traps within digital environments to detect and analyze unauthorized activities. The software provides comprehensive visibility into attacker behavior by simulating real assets and monitoring interactions with decoy systems. Through its threat detection capabilities, it allows organizations to identify malicious actors who attempt to infiltrate networks, enabling early threat identification and investigation. Zscaler Deception integrates with security operations workflows and offers automated alerts, helping organizations to address business challenges related to lateral movement, insider threats, and advanced persistent threats within enterprise ecosystems.
BOTsink (Legacy) is a software designed to function as a deception platform that helps organizations detect and respond to cyber threats by deploying decoys and traps within a network environment. The software presents attackers with false assets, such as emulated devices and data, to lure threats away from critical systems and observe malicious activities without risking operational systems. BOTsink (Legacy) features automated threat detection, analysis, and alerting capabilities in order to provide security teams with timely information on intrusion attempts and attacker behavior. This software addresses the business problem of identifying security breaches early, reducing the risk of data compromise, and providing actionable intelligence to support incident response strategies.
Forescout 4D Platform is a software designed to provide automated security and compliance management for connected devices across enterprise environments. The software enables organizations to discover, assess, and control devices on corporate networks, including managed and unmanaged assets. It integrates with existing security tools to deliver asset visibility, risk assessment, and policy enforcement without requiring device agents or prior knowledge of endpoints. Forescout 4D Platform addresses the business problem of managing device security in complex networks by supporting continuous monitoring, threat detection, and automated orchestration of responses to security incidents, helping organizations maintain regulatory compliance and reduce the risk associated with evolving cybersecurity threats.
FireMon Asset Manager is a software that provides organizations with visibility into their network assets, offering continuous monitoring and identification of devices and their configurations. The software gathers real-time asset data to build an accurate inventory and helps maintain compliance with security policies. It assists in detecting unauthorized changes, managing configuration drift, and supporting audit processes. FireMon Asset Manager is designed to address challenges related to asset discovery, compliance reporting, and risk management by automating inventory updates and highlighting potential vulnerabilities through comprehensive asset tracking capabilities.
Check Point Advanced Endpoint Threat Detection (Legacy) is software designed to identify and block advanced security threats targeting endpoint devices within an organization. The software integrates with existing security infrastructure to monitor activity, detect malicious behavior, and prevent unauthorized access to sensitive data and resources. It utilizes threat intelligence and behavioral analysis to uncover vulnerabilities, ransomware, zero-day attacks, and other sophisticated threats. The software streamlines security management by providing automatic responses to detected threats and offering comprehensive reporting tools that help organizations analyze and address incidents efficiently. Its main objective is to protect endpoints from cyberattacks and minimize potential risks to business operations.
Microsoft Defender for IoT is a software designed to provide security for Internet of Things (IoT) devices and networks. The software enables businesses to monitor, detect, and respond to threats across a range of IoT environments, including industrial and enterprise settings. It features threat detection capabilities that use behavioral analytics and threat intelligence to identify potential risks and vulnerabilities in IoT assets. The software assists in managing device inventory, assessing security posture, and automating alerts for suspicious activity. By integrating with existing security operations tools, it aims to address the challenge of securing diverse and distributed IoT devices within organizations.
Honeywell Cyber Insights and Honeywell Cyber Watch help secure operational technology (OT) environments against evolving cyber threats. Leveraging Honeywell’s system-agnostic technical expertise across connected industrials, process technologies and buildings, the solutions deliver comprehensive protection for cyber-physical systems (CPS). Honeywell Cyber Insights offers integrated capabilities including IT, OT and IoT asset visibility, vulnerability management, governance, risk and compliance, as well as advanced threat detection and intelligence.
Core Privileged Access Security is a software designed to help organizations manage and secure privileged accounts across IT environments. The software provides features such as credential management, session isolation, monitoring, and auditing to control access to sensitive systems and data. It aims to address business challenges related to unauthorized access, insider threats, and compliance by centralizing the management of administrator rights and enforcing security policies. Core Privileged Access Security enables organizations to track privileged activities, reduce risks associated with elevated permissions, and support regulatory requirements by maintaining comprehensive records of access and operations.
TXOne Stellar is software designed to protect operational technology environments by offering endpoint protection tailored to industrial systems. The software delivers features that include asset inventory, vulnerability assessment, and real-time threat detection to safeguard devices used in automation and critical infrastructure. It operates in diverse industrial environments such as factories and energy facilities to provide protection without interrupting essential processes. TXOne Stellar aims to address security challenges related to legacy systems, unpatched equipment, and specialized devices commonly found in OT networks by preventing malware, unauthorized access, and advanced cyber threats. The software supports both online and offline modes to accommodate varied network setups and integrates with existing security management platforms for centralized oversight.
Cisco Cyber Vision is a software designed for visibility and security management of industrial networks. It provides asset inventory by detecting and classifying connected industrial devices and collects data on network communications. The software enables security monitoring by identifying vulnerabilities and detecting threats through analysis of traffic patterns. Cisco Cyber Vision integrates with IT security systems to streamline security operations across operational technology and IT environments. It supports compliance initiatives by delivering reports and alerts related to the state of industrial assets and network activities. The software aims to address the challenge of protecting industrial processes by improving inventory accuracy, threat detection, and incident response within complex environments.
Cervello Platform is a cybersecurity software designed to protect railway networks and assets from cyber threats. It provides visibility into the operational technology and signaling systems used in railway environments, offering continuous monitoring and threat detection capabilities. The software enables centralized management of risks and incidents by integrating with existing railway infrastructure. With real-time alerts and insights on vulnerabilities, the software helps organizations address potential security risks in their rail operations. Its analytical tools assist users in assessing network activity and ensuring the integrity and availability of railway systems. Cervello Platform is utilized to enhance the safety and resilience of transportation networks by safeguarding critical assets against cyber attacks.
Opswat Metadefender is a cybersecurity software designed to help organizations detect and prevent threats through advanced content disarm and reconstruction, multi-scanning, and vulnerability assessment capabilities. The software scans files using multiple antivirus engines, analyzing and sanitizing potentially harmful content before it reaches critical systems. It enables businesses to assess device compliance, verify the integrity of files transferred through various endpoints, and enforce security policies across networks. By providing insight into potential vulnerabilities and enabling the removal of malicious code from files, the software supports efforts to protect sensitive data and reduce the risk of malware infections, supporting organizations in managing cybersecurity risks associated with file uploads, downloads, and device access.
Agger is a software developed to support cybersecurity operations by facilitating network detection and response. It provides features for real-time traffic monitoring, automated threat identification, and incident management. The software aims to enhance visibility into network activities, allowing organizations to analyze and address potential security issues efficiently. By consolidating event data and streamlining workflows, Agger assists security teams in responding to threats and managing risks across complex IT environments. Its functionalities are designed to address the challenge of maintaining network integrity and operational continuity in the face of evolving cyber threats.
This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.
