OT Firm Looks to Secure IoT, Industrial, and Medical Devices
On June 1, 2026, Dragos, a leader in operational technology (OT) cybersecurity, made headlines with the announcement of its acquisition of Phosphorus, a prominent player specializing in the security and management of Internet of Things (IoT) devices. This strategic move underscores Dragos’s intention to enhance its capabilities and catch up with competitors, particularly in the rapidly expanding IoT sector. Analysts believe that this acquisition is part of a broader strategy aimed at fortifying security across a diverse range of connected devices.
Historically, Dragos has concentrated its efforts on traditional operational technologies, focusing on components like programmable logic controllers, human-machine interfaces, and distributed control systems. According to Hollie Hennessy, who serves as the lead OT/IoT cybersecurity market analyst for the technology research and advisory group Omdia, Dragos’s new acquisition aims to align the company more closely with competitors that already offer comprehensive security solutions for IoT and medical devices. Hennessy noted that this shift reflects a growing recognition that the cybersecurity landscape is evolving beyond its traditional boundaries.
Michael Rothschild, the Vice President of Product Marketing at Dragos, emphasized that operational technology is no longer solely concerned with conventional machinery. He remarked, "Of course you have industrial controllers, but you also have these IoT and edge devices, as well as various enterprise-connected devices such as Building Management Systems." These systems, alongside physical security devices like cameras and access control systems, represent an increasingly complex web of interconnected technology. According to Rothschild, these devices are either part of the OT environment or serve as potential access points to it, making their security paramount.
In an interview with Information Security Media Group (ISMG), Rothschild elaborated on Dragos’s terminology shift towards what they now refer to as "extended operational technology" or xOT. This term describes the vast array of connected non-traditional OT devices, which can constitute up to half of a tech environment. Rothschild succinctly stated that failing to cover such devices renders cybersecurity efforts inadequate: "If you’re not addressing sensors or these other devices, you’re essentially covering nothing. You’re covering very little."
With the acquisition of Phosphorus, Rothschild indicated that Dragos is making a significant commitment to improving coverage, visibility, and management within this xOT ecosystem. He articulated the company’s vision to encompass all possible components of industrial infrastructure, reinforcing the idea that cybersecurity must evolve alongside technological advancements.
The importance of this venture is further illustrated by comments from Dragos CEO Rob M. Lee. In his LinkedIn post, he articulated a broader philosophy: "It’s about the control loop, the physics, not the operating system." This statement highlights that successful security strategies must focus on the underlying operational mechanics rather than just the technological interfaces.
Financial specifics surrounding the acquisition remain undisclosed, as both Dragos and Phosphorus are privately held entities. Nevertheless, Phosphorus has experienced significant growth since its inception in 2017, having raised three funding rounds totaling approximately $65 million. This financing has positioned the company—with its innovative platform that automatically logs into connected devices for security tasks—at a valuation exceeding $100 million.
The Phosphorus platform stands out for its capacity to detect connected devices within a network and conduct essential security tasks, such as password rotations, firmware updates, and configuration hardening. Hennessy noted that Phosphorus offers more than just granular visibility; it extends into control mechanisms, thereby elevating its significance in the IoT security landscape.
Research from Omdia highlights that security concerns are a major hurdle in IoT adoption. Hennessy stated that data, network, and device security are the foremost challenges in this domain, affirming the burgeoning demand for robust security solutions. The market is evolving—from merely focusing on visibility to incorporating management, hardening, and automation strategies.
Phosphorus’s ability to tackle this expansive issue is underscored by Sonu Shankar, the company’s President and COO. He addressed the scale of the challenge, noting that the complexities associated with managing numerous manufacturers, software versions, and billions of devices have rendered traditional methods obsolete. "This has already gone way beyond being a human-scale problem," Shankar explained.
The acquisition of Phosphorus marks an important milestone for Dragos, particularly as it builds upon its October 2024 acquisition of Network Perception. This prior purchase focused on network architecture security for xOT, while Phosphorus aims to enhance device-level security. With these strategic acquisitions, Dragos now estimates that its total addressable market exceeds $50 billion, further solidifying its position in the evolving landscape of cybersecurity in operational technology. As the lines between traditional and modern technologies continue to blur, companies like Dragos are taking proactive steps to ensure the security of an increasingly interconnected world.