Claroty

What Claroty actually does

Claroty discovers and monitors cyber-physical systems — OT controllers, IoT devices, building management systems, and medical devices — that traditional IT security tools can’t see or protect. The platform uses passive network monitoring, active safe queries, and integration with existing IT security tools to build an asset inventory of every connected device in industrial, healthcare, and commercial environments.

The product line includes xDome (SaaS-based visibility and threat detection), xDome Secure Access (zero-trust remote access for OT environments), and Medigate (healthcare-specific device security, acquired and integrated). It identifies devices, maps communication flows, detects anomalies and known vulnerabilities, and enforces network segmentation policies.

The key challenge Claroty addresses is that OT and IoT devices don’t behave like IT assets. You can’t scan a PLC with Nessus. You can’t install CrowdStrike on an infusion pump. These devices use proprietary protocols, have long lifecycles, and often can’t be patched. Claroty provides the visibility layer that makes securing these environments possible.

Who it’s best for

• Manufacturing companies with industrial control systems (SCADA, PLCs, DCS)
• Healthcare organizations managing connected medical devices
• Critical infrastructure operators (energy, water, transportation)
• Commercial real estate and facilities with building automation systems
• Any organization with OT/IoT assets that need to meet NIST CSF, IEC 62443, or HIPAA security requirements

Pricing reality check

Claroty is priced per-asset under management, typically on annual subscription terms. The total cost depends on the number of monitored devices and the deployment model (SaaS vs. on-prem). Expect enterprise-level pricing — OT security is a specialized market, and the vendor options are limited.

Deployment requires understanding of your network architecture. Passive monitoring needs network TAPs or SPAN ports in the right locations. Active querying needs careful configuration to avoid disrupting sensitive OT processes. Budget for professional services during initial deployment, especially in complex industrial environments.

Alternatives to consider

• Nozomi Networks — The closest competitor. Strong in industrial OT visibility with a slightly different technical approach. Worth evaluating head-to-head for manufacturing and energy environments.
• Tenable OT Security — Good choice if you’re already a Tenable shop and want OT visibility integrated with your IT vulnerability management. Less depth in OT protocol coverage.
• Armis — Broader agentless device visibility across IT, OT, and IoT. Less specialized in deep OT protocol analysis than Claroty.
• Microsoft Defender for IoT — Formerly CyberX. Viable if you’re invested in the Microsoft security ecosystem. Less mature in OT-specific use cases.

The Charting Cyber take

If you operate industrial control systems, medical devices, or building automation, you need OT/IoT visibility. Not optional. These devices are on your network, they have vulnerabilities, and your IT security tools can’t see them. Claroty is one of a small number of vendors that actually solves this problem.

The market is narrow enough that most evaluations come down to Claroty vs. Nozomi Networks. Both are capable. Claroty’s acquisition of Medigate gives it an edge in healthcare. Nozomi may have a slight edge in certain industrial verticals. Either way, the decision to invest in OT visibility matters more than the vendor selection. Pick one and deploy it before an attacker finds the unmonitored PLC on your flat network.