Nobody buys three OT security companies at once by accident.
If Accenture’s reported acquisition of Dragos, runZero, and NetRise holds at the combined
reported value of approximately $4.2B, it’s the most consequential OT security consolidation
event in the enterprise market in years. Not because of the dollar figure. Because of the
coverage map.
Dragos, runZero, and NetRise don’t overlap. They stack.
Understanding why that matters requires a brief look at what each company actually does inside
an operational technology environment.
What Was Acquired: Three Distinct Layers
Dragos is the dominant OT and
ICS threat detection platform. If you’re running a power grid, a manufacturing line, a water
treatment facility, or any infrastructure that uses industrial control systems, Dragos is the
platform most enterprise security teams use to watch for adversarial activity at the OT layer. It started as an ICS-specific tool, purpose-built for environments where a Purdue model
network segmentation strategy was the norm, and expanded as IT/OT convergence created more
complex attack surfaces. Its threat intelligence is widely regarded as the best in class for
nation-state ICS threats. It’s also deeply embedded. Replacing Dragos isn’t a weekend project.
runZero is an asset discovery
and network visibility platform. Before you can secure an OT environment, you have to know what’s
in it. That problem is harder than it sounds: industrial environments accumulate devices over
decades, documentation is often incomplete or wrong, and many OT assets weren’t designed with
network-visible security properties. runZero finds what’s actually on the network, including the
legacy PLCs, the HVAC controllers, and the IP-enabled sensors that nobody inventoried. You can’t
protect what you can’t see. runZero makes the invisible visible.
NetRise addresses the firmware
and supply chain layer. An OT device that looks clean on the network can still be running
vulnerable firmware loaded with known CVEs or malicious implants. NetRise analyzes the software
bill of materials (SBOM) of embedded devices, the code that runs on PLCs, RTUs, routers, and
industrial sensors, and finds vulnerabilities that perimeter-based security tools miss entirely. As supply chain compromise has emerged as a primary attack vector for critical infrastructure,
the firmware security layer has moved from afterthought to priority.
Three tools. Three layers. One acquisition.
The Portfolio Logic
Accenture didn’t buy Dragos and then pick up runZero and NetRise as separate transactions that
happened to occur in the same quarter. Reporting characterizes this as a portfolio move.
The strategic logic is coherent if you think about what a global systems integrator does with
an OT security practice: it sells the assessment, implements the tools, and then manages the
environment. When the tools are independent vendors, the SI earns implementation fees but the
product revenue flows elsewhere. When the SI owns the tools, it captures the product margin, the
implementation margin, and the managed services margin simultaneously. That’s a different
economics model.
Who's Affected by Accenture's Reported OT Acquisition
For Accenture, acquiring all three layers of the OT security stack also creates a packaging
opportunity: a fully integrated OT security offering that spans discovery (runZero), detection
(Dragos), and supply chain assurance (NetRise) under a single Accenture contract. For enterprises
that want to consolidate vendor relationships, this is attractive. For enterprises that built
their security architectures on the independence of these three tools from each other and from
their SI, it raises immediate questions.
The Buyer Consequence Map
The enterprises most directly affected by this reported acquisition fall into three groups.
*Current Dragos customers* face the most immediate question: does Accenture ownership change how
Dragos’s threat intelligence gets shared? Dragos’s value proposition has always included its
independence, its threat intelligence database was built from Dragos-specific incident response
engagements, not filtered through a global consulting firm’s commercial interests. Accenture
ownership doesn’t automatically compromise that, but the question is legitimate, and Dragos
customers should be asking it formally rather than assuming continuity.
*Current runZero customers* face a roadmap question. runZero’s asset discovery platform works
across both IT and OT environments, and a meaningful portion of its customer base uses it for
IT asset management as well as OT visibility. If Accenture integrates runZero tightly with its
OT practice, the platform’s positioning for pure IT use cases may narrow. Watch for any
communication from runZero about product roadmap continuity in the next 30 days.
*Enterprise buyers using all three tools independently* face the most complex scenario. They
built a multi-vendor OT security stack deliberately, choosing independent best-of-breed tools
over integrated offerings because the integration risk and vendor lock-in tradeoffs were judged
too high. That calculus is now different. The tools haven’t changed yet. But the incentive
structure of the owner has.
The AI Infrastructure Connection
This acquisition’s relevance extends beyond traditional OT security. Industrial AI deployments
are increasingly co-located with or dependent on OT infrastructure. AI-managed energy grids,
robotics-driven manufacturing lines, and autonomous logistics operations all run on the same
industrial control systems and embedded device networks that Dragos, runZero, and NetRise secure.
Physical AI investment has accelerated substantially
in 2026, with capital flowing into companies building the sensing, processing, and automation
infrastructure for industrial environments. That capital is assuming that OT environments can be
secured reliably enough to run AI systems on. The Accenture consolidation doesn’t undermine that
assumption, but it does mean the OT security layer is now a Accenture-owned infrastructure
component for any enterprise using these three tools. AI system architects building on
OT-dependent infrastructure should factor vendor ownership concentration into their security
design review.
What to Do Now
Enterprise OT Buyer Action Checklist
- Review Dragos, runZero, and NetRise contracts for change-of-control provisions
- Map competitive alternatives for each tool before renewal cycle
- Request written confirmation of threat intel independence from Dragos
- Monitor for Accenture bundled OT security proposal as integration signal
- Confirm $4.2B is an announced portfolio figure vs. aggregated estimate
Verification
Partial Press reports, no primary source URL confirmed $4.2B figure requires source confirmation as announced combined value vs. aggregated per-deal estimates. All acquisition framing uses 'reportedly' until confirmed.The practical guidance for enterprise security teams isn’t complicated, but it requires action
before the first renewal cycle arrives.
Pull the contracts. Dragos, runZero, and NetRise agreements likely contain change-of-control
provisions. Review them before Accenture ownership is formally confirmed, understand whether
pricing, SLAs, or data handling terms can be renegotiated at change of control, and whether
early exit rights exist.
Map the alternatives. The OT security market isn’t Dragos-or-nothing. Claroty, Nozomi Networks,
and Armis all compete in the OT visibility and threat detection space. None are exact substitutes
– Dragos’s ICS threat intelligence is genuinely differentiated, but having a competitive
alternative mapped before negotiation is better than mapping it under deadline pressure.
Ask the independence question explicitly. Request written confirmation from each of the three
companies on whether and how Accenture ownership affects threat intelligence sharing, product
roadmap decisions, and customer data handling. The answers will be more informative than the
silence.
Watch for bundling. The first signal that integration is moving faster than anticipated will be
a Accenture proposal that includes Dragos, runZero, and NetRise as a bundled OT security
offering. That proposal will be presented as a convenience. It’s also a pricing and negotiating
leverage shift.
The consolidation of the OT security stack under a single global SI is a structural event, not
just a vendor news story. The enterprises that prepare now, contract review, alternative mapping,
independence verification, will have more options than those that wait for a renewal notice.
Watch the official announcement for confirmation that $4.2B reflects Accenture’s stated combined
figure rather than an aggregated estimate. That distinction will determine how the market reads
the economics. If it’s a confirmed portfolio price, Accenture paid a premium for integration. If it’s three separate deals summed, the strategic narrative is the same but the financial
discipline story is different. That’s the first hard data point to track.