Largest OT Cybersecurity Consolidation on Record
Global consulting and technology giant Accenture has announced plans to acquire a majority stake in Dragos — the leading industrial cybersecurity company — along with full acquisitions of runZero and NetRise, in a deal totalling $4.1 billion USD. Dragos alone is valued at $3.25 billion in the transaction, marking the largest single consolidation in the operational technology (OT) cybersecurity sector.
Both runZero and NetRise will operate under Dragos as independent brand units following the close of the deal.
What Each Company Brings
| Company | Specialty | Role Post-Acquisition |
|---|---|---|
| Dragos | ICS/OT threat intelligence, detection, and response | Majority stake — operates under Dragos brand |
| runZero | Network and asset discovery across IT/OT/IoT | Full acquisition — folds under Dragos |
| NetRise | Firmware and IoT device risk analysis | Full acquisition — folds under Dragos |
Dragos
Dragos is the dominant player in ICS and OT security, providing asset visibility, threat detection, and incident response for industrial environments including energy, manufacturing, water, and transportation. The company maintains one of the most comprehensive threat intelligence feeds targeting industrial control systems globally.
runZero
runZero (formerly Rumble Network Discovery) specializes in agentless network and asset discovery for complex, mixed IT/OT/IoT environments. Its passive scanning technology makes it particularly valuable for environments where installing agents on industrial hardware is impractical.
NetRise
NetRise focuses on firmware and software bill of materials (SBOM) analysis for embedded systems, IoT, and OT devices — a critical capability as regulators increasingly require SBOM transparency in critical infrastructure supply chains.
Why This Deal Matters
OT Security Demand Surge
Nation-state threat actors — particularly those linked to China, Russia, Iran, and North Korea — have increasingly pivoted to targeting critical infrastructure and industrial systems. Attacks on energy grids, water treatment facilities, and manufacturing plants have escalated dramatically through 2025 and into 2026.
Accenture is consolidating best-in-class OT capabilities into a single integrated offering to serve the growing enterprise and government demand for OT security at scale.
Regulatory Pressure Accelerates Investment
Regulations including the US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), the EU NIS2 Directive, and expanded CISA guidance on ICS/OT security have created urgent demand for comprehensive industrial cybersecurity programs. Organizations that previously delayed OT security investment now face regulatory compliance deadlines.
Convergence of IT and OT
The blurring of IT/OT boundaries — particularly with cloud-connected industrial systems and remote-access proliferation — has made the combined capabilities of Dragos (detection), runZero (discovery), and NetRise (firmware/SBOM analysis) increasingly complementary. Accenture's acquisition strategy reflects a belief that these three capabilities form an essential triad for modern industrial security programs.
Industry Reaction
The deal signals that OT cybersecurity has reached a level of maturity and urgency where enterprise buyers are willing to invest significantly in dedicated platforms rather than retrofitting IT security tools. Dragos CEO Robert Lee, who co-founded the company after leaving the NSA, has been a vocal advocate for treating industrial cybersecurity as a distinct discipline — a stance now validated by one of the world's largest professional services firms.
Security analysts note the acquisition also positions Accenture competitively against peers like Deloitte, IBM, and CrowdStrike (which acquired Claroty-rival Dragos competitor assets) in the critical infrastructure security market.
What Defenders Should Know
- OT/ICS environments require specialized tools — IT security platforms often lack visibility into Modbus, DNP3, and other industrial protocols
- Asset discovery remains the foundation of any OT security program; organizations cannot protect what they cannot see
- Firmware risk is underappreciated — many industrial devices run outdated, unpatched firmware with known CVEs
- SBOM requirements are expanding — procurement processes for OT equipment will increasingly mandate software bill of materials disclosures