
Cyber-Physical Systems (CPS) Security
Asimily Platform
Exposure management that prioritizes and mitigates risk across IoMT, IoT, and OT devices.
Asimily Platform Overview
What it does
Asimily Platform is a comprehensive IoMT security solution designed specifically for healthcare organizations to protect connected medical devices throughout their entire lifecycle. Unlike generic IoT security tools, the platform addresses healthcare-specific challenges including FDA regulatory requirements, patient safety considerations, and the operational constraints of maintaining 24/7 device availability for critical care delivery while implementing security controls.
How it works
The platform provides automated device discovery and classification through passive network scanning and active monitoring to create a complete inventory of all medical devices regardless of manufacturer, age, or network location. Asimily uses behavioral analysis and machine learning to continuously assess vulnerabilities, prioritize risks based on patient impact and organizational context, detect anomalous behavior and emerging threats, and provide actionable remediation guidance including patches, workarounds, configuration changes, and targeted segmentation strategies when patching is not feasible due to regulatory or safety constraints.
Credentials and traction
Asimily maintains SOC 2 Type II attestation and Cloud Computing Compliance Criteria Catalogue (C5) compliance. It ranked #1 among all vendors in the 2026 Best in KLAS Healthcare IoT Security report with a score of 96.6 out of 100, and holds the top rating in Gartner Peer Insights for medical device security. Customers include Methodist Le Bonheur Healthcare, MemorialCare, Tufts Medicine, and St. Lawrence Health, with adoption concentrated among healthcare delivery organizations.
Key Capabilities
mapped to solution categoriesMaps identified vulnerabilities, network exposure, and control gaps to HIPAA Security Rule safeguards (164.312 technical safeguards), for compliance evidence.
Performs application-layer analysis of HL7 and DICOM communications to detect anomalous queries, data access outside normal patterns, and unauthorized device connections.
Discovers and classifies connected medical devices by device type, manufacturer, model, and firmware version, including devices that do not support standard endpoint agents.
Generates network segmentation recommendations for medical devices based on communication profile, vulnerability exposure, and clinical function, supporting VLAN design for device isolation.
Generates or ingests device SBOMs to track component CVEs across the medical device fleet, increasingly required by FDA and EU MDR for post-market security management.
Supports the documentation artifacts required by FDA cybersecurity pre-market guidance (threat model, SBOM, security architecture description, patch management plan), for device submission.
Continuously enumerates internet-exposed assets (domains, IPs, subdomains, certificates, cloud storage, APIs) using passive DNS, certificate transparency logs, and active probing, including assets outside the official inventory.
Ranks discovered exposures by combining exploitability signals, asset business context, and active threat intelligence to produce an actionable remediation queue.
Identifies cloud resources, SaaS applications, and exposed services deployed by business units without IT or security team visibility or approval.
Identifies software stacks, versions, and components running on discovered assets through passive banner analysis and active probing, mapping CVE exposure without authenticated scanning.
Discovers and fingerprints purpose-built connected devices (printers, cameras, infusion pumps, smart meters, building systems), classifying make, model, OS, firmware, and function, including unmanaged devices that cannot run an endpoint agent.
Identifies, prioritizes, and helps remediate device vulnerabilities, including outdated firmware and exposed network services, across the connected-device fleet.
Assesses overall device-ecosystem risk (device trustworthiness, exposure, and operational context) as a continuous posture, distinct from per-CVE vulnerability management.
Generates and enforces least-privilege network segmentation and microsegmentation policies for devices, with pre-deployment impact assessment so new policies do not break device operations.
Monitors device behavior and network traffic to detect anomalies, exploits, and threats targeting connected devices.
Monitors device configurations and manages firmware updates and configuration hardening at fleet scale, closing weak or default settings on connected devices.
Discovers OT/ICS assets by analyzing existing network traffic (Modbus polls, Profinet broadcasts, EtherNet/IP connections), without sending any probe packets that could disrupt device operation.
Dissects OT protocol payloads at the function code level, detecting unauthorized read/write operations, unusual register ranges, and firmware upload commands in Modbus, DNP3, EtherNet/IP, PROFINET, and OPC-UA traffic.
Baselines normal device communication patterns (command frequency, connection pairs, timing), and alerts on deviations, detecting reconnaissance, manipulation, and lateral movement.
Identifies and prioritizes vulnerabilities across discovered OT and ICS assets using device, firmware, and exposure context, recommending safe, operationally feasible remediation or compensating controls for environments where patching is constrained.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on May 27, 2026
Vendors
Is this your product?
Claim your profile to connect with the teams looking for your solutions.