Claroty Shifts CPS Security from Asset Focus to Business Impact with xDome Enhancements

In an era where cyber-physical systems (CPS) run the beating hearts of factories, hospitals, and energy grids, Claroty is making a decisive move to reframe how organizations assess and mitigate risk. Today, the industrial cybersecurity firm unveiled new capabilities in its cloud-native xDome platform, aiming to shift the security conversation from “what’s at risk” to “what’s at stake.”

Dubbed Device Purpose and Risk Benchmarking, these enhancements go beyond traditional asset-centric cybersecurity by embedding business context directly into risk prioritization. Rather than treating two identical PLCs as equally critical, xDome now helps users weigh what those devices actually do—whether they’re running a clean room in a semiconductor fab or managing lights in an empty hallway.

“The security of critical infrastructures are under growing scrutiny as adversaries increasingly target these systems of the greatest criticality,” said Yoram Gronich, Chief Product Officer at Claroty. “The teams managing these environments are facing mounting pressure from multiple fronts in their organizations and need tools that exponentially make their jobs easier… that means having the business context to meaningfully reduce risk.”

From Asset-Centric to Impact-Centric

Until now, most CPS security tools zeroed in on asset discovery, creating comprehensive inventories and identifying vulnerabilities by device type. But knowing what’s vulnerable doesn’t always mean knowing what matters. This is particularly true in sectors like healthcare, where identical infusion pumps might reside in both critical care units and outpatient wings—with vastly different consequences if compromised.

Claroty’s new Device Purpose feature maps assets to a vertical-specific hierarchy, incorporating business function and impact. That means security teams can now see not only which devices are exposed but what their failure would mean in dollars, downtime, or even lives. A tailored taxonomy helps organizations refine this view and assign impact scores, enabling smarter triage during threat response or system upgrades.

Risk Benchmarking, meanwhile, offers a broader strategic lens—letting organizations compare their CPS security posture to similar entities in their industry. It quantifies how well a company is securing its most critical devices and tracks progress across time and network segments.

Aligning Security with the Boardroom

This isn’t just a technical pivot—it’s a strategic one. As Gartner recently noted, boards and C-suites are waking up to the role CPS environments play in value creation. Whether it’s a production line generating revenue or a water treatment plant delivering essential services, these systems are no longer “set it and forget it” infrastructure. They’re mission-critical—and high-stakes targets for ransomware and nation-state threats alike.

Claroty’s impact-centric approach effectively creates a shared language between security teams, OT engineers, and business stakeholders. It anchors vulnerability management within Business Impact Analysis frameworks, a move that could improve funding, cross-team coordination, and incident preparedness.

The Bigger Picture

As sectors like energy, manufacturing, and healthcare accelerate digital transformation, they’re also expanding their attack surface—connecting legacy machinery to cloud services, IoT sensors, and third-party platforms. Claroty’s xDome platform is positioning itself as the connective tissue in this ecosystem, translating raw data into risk intelligence that matters to both the SOC and the C-suite.

For now, the success of Claroty’s enhancements will hinge on how well organizations can integrate business context into their daily operations and how effectively security and OT teams can collaborate around it. But one thing is clear: understanding what a device does may soon be just as important as knowing what it is.

With these changes, Claroty isn’t just enhancing its platform—it’s trying to rewire how we think about CPS risk altogether.