Dragos acquires Phosphorus to widen OT security reach

Dragos has acquired connected-device security company Phosphorus, expanding its reach across operational technology and connected devices in critical infrastructure.

The deal brings Phosphorus's technology for device discovery, firmware management, credential control, and remediation into Dragos's cybersecurity platform. The combined offering is meant to address a gap in industrial environments, where security tools often cover industrial control systems but have limited visibility into internet-connected and other networked devices operating alongside them.

Operational networks in sectors including energy, manufacturing, water, transport, and data centres increasingly combine traditional industrial assets with a growing number of connected devices. Dragos describes that broader environment as xOT, reflecting the spread of operational technology beyond conventional plant systems.

The acquisition is part of a broader strategy to secure that full operational environment rather than focus only on core control systems. Dragos argues that defenders need visibility and controls across both established OT assets and the many devices now embedded throughout critical infrastructure.

"The connected devices you find everywhere in critical infrastructure are largely invisible to the cybersecurity programs that protect operational environments," said Robert M. Lee, chief executive officer and co-founder of Dragos.

"With Phosphorus, we close that gap and secure xOT, the full environment that matters," Lee said.

Phosphorus has focused on identifying and managing connected devices across both OT and enterprise networks. Its platform is designed to discover devices, assess their status and risks, and automate tasks such as password rotation, firmware updates, certificate management, and configuration hardening.

Its tools work with existing customer infrastructure without requiring major architectural changes, an approach likely to appeal to operators of industrial sites, where replacing or redesigning networks can be disruptive and costly.

Integration plan

Customers will initially receive broader asset visibility and integrated device intelligence. Automated remediation workflows and a unified platform experience are expected to follow as the integration progresses.

Existing Phosphorus customers will continue to be supported during that process. Sonu Shankar will remain in charge of the Phosphorus business as general manager within Dragos as part of a phased integration.

"We built Phosphorus to solve the connected-device problem - the unmanaged devices, the default credentials, the firmware no one was updating. Together with Dragos, we can solve it with a depth and scale that wasn't possible before. That's what the next generation of OT cybersecurity looks like," said Sonu Shankar, president and chief operating officer of Phosphorus.

The transaction also extends Dragos's recent expansion beyond its original focus. In 2024, the company acquired Network Perception, adding OT network visibility, segmentation validation, and compliance functions to its platform.

Dragos described the two acquisitions as complementary: Network Perception focuses on mapping and securing network architecture, while Phosphorus adds controls for the devices connected to that architecture.

Market scope

The addition of Phosphorus raises Dragos's estimated total addressable market to more than USD $50 billion. The figure reflects its view that industrial cybersecurity is no longer confined to traditional OT tools and now includes a much broader estate of connected operational assets.

The acquisition also highlights a wider shift in industrial cybersecurity, as operators contend not only with classic industrial control systems but also cameras, sensors, badge readers, HVAC equipment, medical and building systems, and other internet-connected devices that can create weak points if left unmanaged. In many environments, these assets sit on or near operational networks but fall outside established OT security programmes.

That overlap has become a more urgent issue for critical infrastructure operators as attackers seek routes into industrial environments through exposed or poorly maintained devices. For defenders, the challenge is often basic but difficult to execute consistently at scale: knowing what is connected, whether credentials remain unchanged, whether firmware is current, and whether security settings are enforced.

By combining Dragos's OT monitoring and threat intelligence with Phosphorus's device-focused remediation tools, the company aims to provide both visibility and response across a broader range of operational assets.