Report:
Magic Quadrant for CPS Protection Platforms
How does Gartner define the CPS Protection Platforms market in 2026?
Gartner defines cyber-physical systems (CPS) protection platforms as products that discover, categorize, map and protect CPS in production or mission-critical environments outside of enterprise IT. They do so by analyzing or interacting with industrial/industry-specific protocols and operational network traffic. They understand physical process asset behavior and do not interfere with CPS operations. They can be delivered from the cloud, on-premises or in a hybrid form. Gartner defines CPS as engineered systems that orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). When secure, they enable safe, real-time, reliable, resilient and adaptable performance.
Key Facts for Magic Quadrant for CPS Protection Platforms in 2026
- Publication Date: 3 March 2026
- Document ID: G00830517
- Coverage: Global
- Authors: Katell Thielemann, Ruggero Contu, Wam Voster, Sumit Rajput
- Core Purpose: This Magic Quadrant helps cybersecurity leaders identify the right vendors to support their CPS security efforts by evaluating cyber-physical systems protection platforms that discover assets and how they connect in production or mission-critical environments (such as OT, ICS, IoT and robotics).
Strategic Planning Assumptions
No strategic planning assumptions provided.
How was the CPS Protection Platforms market evolved in 2026?
- The CPS protection platform market exists because the attack surface is growing as CPS become more connected, making them attractive targets for ransomware, industrial espionage, and geopolitically motivated attacks
- Threats are on the rise with malware purposely built for industrial environments such as INDUSTROYER.V2 and Pipedream emerging
- More vulnerabilities are surfacing and remain difficult to manage as CPS cannot be patched at will
- More regulations, directives and frameworks are emerging due to increased threats to critical infrastructure-related organizations
- Manual asset inventories are time inefficient and costly, and IT security tools are inappropriate for many CPS environments
- The market has matured beyond passive asset discovery to include multiple discovery methods including safe active querying, project file parsing, lightweight host-based executables, and third-party integrations
- CPS protection platforms now enable multiple security capabilities including exposure management, topology visualizations, alerts, playbooks, compliance reports, executive dashboards and benchmarking data
- AI is being embedded across all vendor offerings for asset augmentation, attack path modeling, natural language queries, and custom report creation
- New industry verticals are emerging including AI-driven data centers, retail automation, and smart transportation infrastructure
- Four vendors are positioned as Leaders: Armis, Claroty, Dragos, and Nozomi Networks
- Three vendors are Challengers: Forescout Technologies, Fortinet, and Tenable
- One vendor is a Visionary: Darktrace
- Five vendors are Niche Players: Cisco, Honeywell, Microsoft, Palo Alto Networks, and TXOne Networks
What product features are required to be included in this year's evaluation?
- Vendor-native asset discovery, visibility and categorization
- Support for modern, but also unique, industrial/industry-specific protocols (including reverse-engineered ones deployed decades ago), while not interfering with the operation of any device
- Detailed network topology and data flow diagrams
- Detailed pedigree of assets, including but not limited to the manufacturer, model, serial number, MAC and IP addresses, operating system, version, service pack, etc. — included for nested devices
- Vulnerability information and recommended actions to include contextualized CVE/CVSS scores and the likelihood of exploitability
- Threat intelligence information and simulations, as well as recommended actions, to include playbooks and policy enforcement remediation options
- Integration with IT security and asset management tools
- Risk scoring and recommended actions to include remediation options and impacts on alignment to standards
What are the common features of top products in the CPS Protection Platforms space?
- Baseline and configuration management
- Incident response and forensics
- Network-segmentation-related features and functionalities
- Security frameworks compliance reports
- Various role-based user interfaces, such as one for security teams, one for maintainers, one for engineers or one for OEMs, to support various use cases
- Machine learning capabilities to enhance asset discovery, establish behavioral baselines, improve anomaly detection and root cause analysis or fine-tune risk prioritization
- Strategic partnerships with original equipment manufacturers (OEMs) and other security vendors
Scope Exclusions
- Vendors requiring purchase of other products or services to access CPS protection platform capabilities
- Solutions not generally available as of 25 November 2025
- Vendors with fewer than 100 unique enterprise customers with deployed platforms in production
- Platforms not offering cloud-based or managed, hybrid and on-premises deployment options
- Vendors with fewer than 10 paying customers in at least 8 of 22 industry categories
- Vendors without revenue from at least 3 geographic regions with at least 2 at or above 10%
- Vendors with less than $50 million in revenue in 2024 unless they generated above $5 million and are on track to add more net new paying customers than 2024
Inclusion Criteria
Vendors must, among other requirements:
- Actively participating in the enterprise market with direct marketing to end-user customers
- Pure-play CPS protection platform without requiring purchase of other products
- Platform generally available as of 25 November 2025
- At least 100 unique enterprise customers with deployed platform in production
- Offer cloud-based or managed, hybrid and on-premises deployment options
- At least 10 paying customers in at least 8 of 22 industry categories
- Revenue from at least 3 geographic regions, with at least 2 at or above 10%
- At least $50 million in revenue in 2024, or above $5 million and on track to add more net new paying customers than 2024
Ability to Execute — Relative Weighting
- Product or Service - High
- Overall Viability - Medium
- Sales Execution/Pricing - Medium
- Market Responsiveness/Record - High
- Marketing Execution - Medium
- Customer Experience - High
- Operations - Medium
Completeness of Vision — Relative Weighting
- Market Understanding - High
- Marketing Strategy - High
- Sales Strategy - Medium
- Offering (Product) Strategy - High
- Business Model - Low
- Vertical/Industry Strategy - High
- Innovation - High
- Geographic Strategy - Medium
FAQs
Q: What does this research cover?
A: This research evaluates 15 vendors in the CPS protection platforms market based on their ability to execute and completeness of vision. It covers vendors offering products that discover, categorize, map and protect CPS in production or mission-critical environments outside of enterprise IT by analyzing or interacting with industrial/industry-specific protocols and operational network traffic. The evaluation includes mandatory features such as vendor-native asset discovery, support for industrial protocols, network topology diagrams, detailed asset pedigrees, vulnerability information, and threat intelligence capabilities.
Q: Who should use this research?
A: This research should be used by cybersecurity leaders, CISOs, security architects, and operations technology (OT) security professionals who are responsible for securing cyber-physical systems in production or mission-critical environments. It is particularly relevant for organizations in critical infrastructure sectors such as energy, utilities, manufacturing, healthcare, transportation, and government that need to evaluate and select CPS protection platform vendors to support their security programs, meet regulatory compliance requirements, and protect against growing cyber threats to operational technology environments.
Q: What are the mandatory features of vendors included in this market?
A: Mandatory features for vendors included in this market are: vendor-native asset discovery, visibility and categorization; support for modern and unique industrial/industry-specific protocols without interfering with device operations; detailed network topology and data flow diagrams; detailed asset pedigrees including manufacturer, model, serial number, addresses, operating system details for nested devices; vulnerability information with contextualized CVE/CVSS scores and exploitability likelihood; threat intelligence with simulations and recommended actions including playbooks and policy enforcement; integration with IT security and asset management tools; and risk scoring with remediation options and standards alignment impacts.
Q: What are some reasons for not being included in this report?
A:
- Not actively participating in the enterprise market as evidenced by lack of direct marketing to end-user customers
- Not offering pure-play CPS protection platform - requiring purchase of other products or services
- Platform not generally available as of 25 November 2025
- Fewer than 100 unique enterprise customers with deployed platform in production environments
- Not offering cloud-based or managed, hybrid and on-premises deployment options
- Fewer than 10 paying customers in at least 8 of 22 specified industry categories
- Revenue not from at least 3 geographic regions with at least 2 at or above 10%
- Revenue below $50 million in 2024 without meeting alternative growth criteria
Q: What differentiates Ability to Execute vs. Completeness of Vision?
A: Ability to Execute evaluates vendors on the quality and efficacy of their processes, systems, methods and procedures to be competitive, efficient and effective, focusing on current operational capabilities, product quality, sales effectiveness, customer relationships, and market responsiveness. Completeness of Vision evaluates vendors on their ability to articulate logical statements about current and future market direction, innovation, and customer needs, focusing on strategic planning, market understanding, innovation capabilities, and long-term product and geographic strategies.
Reference
- Gartner, Magic Quadrant for CPS Protection Platforms, 3 March 2026, ID G00830517
View Leaders
View Vendor Movements
