Dragos acquires Phosphorus to expand xOT device security

2026-06-02 · Source: Tech Monitor · Field: Technology & Digital — Cybersecurity & Data Privacy, Internet of Things (IoT) & Connected Devices · Depth: Fundamental Awareness, quick

Summary

Dragos has acquired Phosphorus, a connected-device security company, to expand its operational technology (OT) cybersecurity platform into the "Extended Operational Technology environment" (xOT). This xOT encompasses traditional OT systems alongside billions of connected devices found in critical infrastructure like power grids, pipelines, manufacturing facilities, and data centers. The acquisition aims to provide deeper device visibility, automated remediation capabilities including password rotations and firmware updates, and continuous risk reduction across both OT and enterprise environments. Dragos anticipates this deal will increase its total addressable market opportunity to over \$50 billion, complementing its October 2024 acquisition of Network Perception, which focused on network architecture security.

Key takeaway

For Security Engineers managing critical infrastructure, this acquisition signals a crucial shift towards comprehensive "xOT" security. If your current cybersecurity programs overlook the billions of connected devices within operational environments, you should evaluate solutions that offer integrated device visibility and automated remediation. Prioritize platforms that can actively discover devices, provide risk context, and streamline compliance to reduce your overall attack surface effectively.

Key insights

Dragos's acquisition of Phosphorus extends OT security to "xOT," securing critical infrastructure's invisible connected devices.

Principles

• Connected devices in critical infrastructure are often invisible to cybersecurity.
• Securing xOT requires comprehensive visibility and automated remediation.
• Integrated platforms enhance defense across OT and enterprise.

Method

Phosphorus's platform actively discovers devices, provides detailed risk context, maintains situational awareness, and automates remediation workflows like password rotations and firmware updates.

In practice

• Integrate device discovery with existing infrastructure.
• Automate password rotations and firmware updates.
• Harden configurations for connected devices.

Topics

• Operational Technology (OT) Security
• xOT Environment
• Critical Infrastructure Security
• Connected Device Security
• Cybersecurity Acquisitions
• Automated Remediation

Best for: CTO, Investor, Security Engineer, Executive, Consultant

Related on AIssential

• Sophos acquires Arco Cyber to enhance CISO-level AI security services — Sophos acquired Arco Cyber to enhance CISO-level AI security services, providing clear, actionable cyber risk insights.
• Why IoT devices fail — IoT security requires a proactive "secure-by-design" approach to counter widespread "insecure-by-design" device proliferation.
• Zscaler acquires SquareX to extend Zero Trust controls into browsers — Integrating browser-level security with Zero Trust principles enhances protection for web applications and unmanaged devices.
• You Can't Patch a Running Plant: How Mythos Compresses the OT Security Timeline — AI-driven vulnerability discovery drastically accelerates cyberattack timelines, demanding urgent, tailored security responses for operational technology.
• Reclaiming Freedom: Who Holds Veto Over Your Data Stack — Control over tools dictates user freedom; open, adaptable systems with structural guardrails are crucial for data sovereignty.
• NIS2’s extended scope takes a deep dive: Unpacking the EU Commission’s proposed expansion to Submarine Data Transmission Infrastructure — NIS2's proposed expansion to submarine data transmission infrastructure aims to bolster critical digital infrastructure cybersecurity.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Tech Monitor.