
Cyber-Physical Systems (CPS) Security
Claroty Platform
Cyber-physical systems protection with 450+ protocol coverage across OT, IoT, and IoMT.
Claroty Platform Overview
What it does
Claroty Platform is a unified cyber-physical systems (CPS) protection solution from Claroty, founded in 2015 by Derek Phillips, Amir Zilberstein, and Benny Porat, and headquartered in New York City. Led by CEO Yaniv Vardi, the company has raised $740M in total funding from investors including SoftBank Vision Fund 2, Bessemer Venture Partners, Schneider Electric Ventures, Rockwell Automation, and Temasek Holdings, reaching unicorn status with a $2.5B valuation in July 2022. Claroty was named a Leader in the inaugural 2025 Gartner Magic Quadrant for CPS Protection Platforms, positioned highest for Ability to Execute and furthest for Completeness of Vision among 17 vendors evaluated, and recognized as a Strong Performer in the 2024 Forrester Wave for Operational Technology Security Solutions.
How it works
The platform delivers comprehensive protection across Extended Internet of Things (XIoT) environments including industrial OT, healthcare IoMT, enterprise IoT, and building management systems, providing five core capabilities: Asset Inventory, Exposure Management, Network Protection, Secure Access, and Threat Detection. Available as cloud-based Claroty xDome (modular SaaS) or on-premise Claroty Continuous Threat Detection (CTD), the platform leverages unmatched protocol coverage of 450+ industrial protocols and multiple AI-powered asset discovery methods including passive monitoring, patent-pending Edge collector, and third-party integrations. Backed by award-winning threat research from Team82 (the company's research arm), the platform automatically correlates assets with vulnerability intelligence, provides business-impact risk scoring, and delivers network segmentation policies enforceable through existing firewall infrastructure.
Credentials and traction
Claroty holds SOC 2 Type II certification and is certified to ISO 27001:2022 and ISO 27701:2019, and maintains HIPAA and GDPR compliance. It was named a Leader in the 2026 Gartner Magic Quadrant for CPS Protection Platforms (published March 3, 2026, the report's second year) and a Leader in The Forrester Wave: IoT Security Solutions, Q3 2025. Claroty won Best in KLAS for Healthcare IoT Security in 2025 for the fifth consecutive year. The platform is deployed by over 1,000 customers at thousands of sites globally, including 24 of the Fortune 100 and US federal agencies.
Key Capabilities
mapped to solution categoriesDiscovers OT/ICS assets by analyzing existing network traffic (Modbus polls, Profinet broadcasts, EtherNet/IP connections), without sending any probe packets that could disrupt device operation.
Dissects OT protocol payloads at the function code level, detecting unauthorized read/write operations, unusual register ranges, and firmware upload commands in Modbus, DNP3, EtherNet/IP, PROFINET, and OPC-UA traffic.
Baselines normal device communication patterns (command frequency, connection pairs, timing), and alerts on deviations, detecting reconnaissance, manipulation, and lateral movement.
Maps actual traffic flows between IT and OT zones and between Purdue model levels, revealing unauthorized cross-zone connections and segmentation failures.
Classifies discovered assets and traffic flows into Purdue Model levels (Level 0-4), supporting IEC 62443 zone and conduit documentation and compliance assessment.
Forwards enriched OT security alerts into enterprise SIEM and SOAR platforms with OT-specific context, enabling unified SOC operations without requiring OT-specialized analysts.
Identifies and prioritizes vulnerabilities across discovered OT and ICS assets using device, firmware, and exposure context, recommending safe, operationally feasible remediation or compensating controls for environments where patching is constrained.
Discovers and fingerprints purpose-built connected devices (printers, cameras, infusion pumps, smart meters, building systems), classifying make, model, OS, firmware, and function, including unmanaged devices that cannot run an endpoint agent.
Identifies, prioritizes, and helps remediate device vulnerabilities, including outdated firmware and exposed network services, across the connected-device fleet.
Assesses overall device-ecosystem risk (device trustworthiness, exposure, and operational context) as a continuous posture, distinct from per-CVE vulnerability management.
Generates and enforces least-privilege network segmentation and microsegmentation policies for devices, with pre-deployment impact assessment so new policies do not break device operations.
Monitors device behavior and network traffic to detect anomalies, exploits, and threats targeting connected devices.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on May 28, 2026
Vendors
Is this your product?
Claim your profile to connect with the teams looking for your solutions.