Gartner’s recently released “Critical Capabilities for Cyber-Physical Systems (CPS) Protection Platforms” report evaluates how security vendors support organizations in protecting operational technology and other cyber-physical environments. The report reflects a market at very different levels of maturity — where asset visibility is rapidly becoming a baseline capability, but real operational value lies far beyond simply knowing what’s connected to your network.

The timing of this research couldn’t be more critical. According to new research from Forescout’s Vedere Labs, 2025 set a record with 508 ICS advisories covering 2,155 vulnerabilities — the highest number ever documented. The average CVSS score climbed to 8.07, up 25% from 6.44 in 2010 — with 82% of advisories reaching high or critical severity. Manufacturing, energy, transportation, and healthcare face the highest risk, with vulnerabilities concentrated in the most critical assets: Purdue Level 1 field controllers, Level 2 control systems, and Level 3 operation systems.

But here’s what should keep security leaders awake at night: these published CISA advisories represent only 22% of the total OT/ICS vulnerability landscape. The remaining 78% – published directly by 134 vendors without associated CISA advisories – create blind spots for organizations relying solely on traditional vulnerability tracking. And 61% of these non-CISA vulnerabilities carried high or critical severity.

As Gartner notes in their evaluation, “organizations increasingly need platforms that move beyond visibility, simplify CPS security operations, and support broader risk-reduction strategies.”

GET GARTNER® RESEARCH

 

The Visibility Trap in CPS Protection Platforms

Most solutions in the CPS security market are built around a single idea: visibility for OT environments.

Discover more devices. Monitor more traffic. Add AI to analyze it faster.

That approach has shaped an entire category of OT-focused visibility tools, and it’s created something of a race — vendors competing on discovery coverage, protocol support, and AI-assisted analysis.

Forescout chose a different direction.

We didn’t build a point solution to compete in a visibility race. We built a platform designed to help organizations act on what they see, translating CPS visibility into prioritized mitigation workflows and real operational risk reduction.

The Forescout Vision for CPS Security

Forescout’s strength lies where operational organizations need it most: helping teams understand risk and take action across CPS environments. In this report, Gartner highlights four main use cases for CPS Protection Platforms:

  • Discover and Map CPS Assets
  • Improve Threat and Vulnerability Management
  • Prioritize CPS Security Issues and Remediation*
  • Monitor CPS Security; Align to Enterprise Efforts

In our view, the report highlights the Forescout 4D Platform™ for its Ability to Execute the likelihood and potential impact of cyber or operational incidents, helping organizations see more clearly what can affect operations and what needs to be addressed first.

Because that’s the point, really. Visibility alone is not enough. Being able to know what to do next is what really matters.

If it stops at showing you what’s there, it becomes an expensive inventory exercise. At Forescout, we’ve always taken a different view: our job isn’t to produce lists of problems. It’s to help customers solve them.

*This is where Forescout makes a true impact. Our ability to manage the high heterogeneity of equipment types, purposes, life cycles, configurations, architectures, operators, and risk profiles is built in.

“Organizations need capabilities to prioritize what actions will have the biggest effect on risk reduction, while minimizing production/operational impacts,” reflects Gartner in this research.

Our ability to understand how security controls cannot be deployed at will in operational environments is grounded in real-world experience. Forescout works with:

  • 3 of the top 5 Global 500 Manufacturing Companies
  • 7 of the top 10 Global 500 Automotive Companies
  • 6 of the top 10 Global 500 Electronic Manufacturing Companies
  • 35% of Global 500 Tech Companies
  • 40% of the top 10 Global 500 Retailers
  • 50% of Global 500 Managed Healthcare Providers
  • 7 of the top 10 Global 500 Aerospace & Defense Companies
  • More than 85% of U.S. federal executive departments

Our deep knowledge of Zero Trust architecture and network segmentation comes from over 25 years as a pioneer in network access control and our evolution into universal zero trust network access.

Where the CPS Security Market Needs to Evolve

Gartner observes that “asset discovery and network topology remain the leading use cases, but buyers need to define and prioritize what additional critical capabilities match their specific CPS security requirements.”

This is exactly where we believe the market needs to evolve.

Visibility may still be the entry point, but operational organizations ultimately need vendors that help them understand risk, take the right mitigation actions, and protect CPS environments without forcing them to rethink how they operate or redesign their infrastructure.

This need spans the entire CPS landscape — from government and utilities, where change happens slowly and infrastructure lifecycles stretch for decades, to industries like manufacturing or healthcare, where supply chains are dynamic and environments evolve constantly.

In all cases, organizations are looking for the same thing: security that adapts to the reality of their operations.

That’s what we consistently hear from our customers, and this is where the Forescout 4D Platform delivers the capabilities that help organizations move beyond visibility and drive operational resilience.

How the Platform Delivers in Practice

The Forescout 4D Platform shows how this vision translates into concrete capabilities. In real operational environments, our customers rely on the platform to address challenges that go well beyond visibility—from deploying security in heterogeneous infrastructures to prioritizing remediation and integrating CPS security into broader enterprise practices.

Support for Operational and On-Premises CPS Deployments

The Forescout 4D Platform™ is widely deployed across large and complex environments, which means we understand how these networks are built and how they actually run.

Operating in these environments means security must work everywhere and under any condition.

That’s why the platform is designed to overcome SPAN limitations and operate without constant cloud connectivity. Customers can deploy it on premises, in the cloud, or in hybrid architectures, using Forescout sensors, their own hardware, or existing network infrastructure.

A clear example is our Flyaway Kit, designed to deliver the platform’s capabilities in air-gapped environments—a critical requirement for many CPS deployments where cloud connectivity isn’t just unavailable, it’s prohibited by design.

Prioritizing CPS Security Issues and Remediation

CPS environments generate an enormous amount of security data, especially when detection relies heavily on network monitoring and behavioral analysis. With the volume of vulnerabilities growing—remember those 2,155 CVEs published in 2025 alone—events can quickly multiply into a flood of alerts.

Operational teams cannot address every alert.

CPS environments are mission-critical, production constraints are strict, and remediation must always be evaluated carefully to avoid disrupting operations. The real challenge is reducing the noise and understanding which issues require immediate attention.

This is where the Forescout 4D Platform™ stands out. Forescout ranked among the three highest-scoring vendors in the Use Case Prioritizing CPS Security Issues and Remediation.

By correlating asset intelligence, vulnerabilities, configuration issues, and network behavior, the platform evaluates both the likelihood and the potential operational impact of incidents. This helps customers quickly identify situations that could affect production instead of chasing isolated alerts.

In practice, remediation can be prioritized based on operational impact. A vulnerability on an isolated device may simply require monitoring, while the same vulnerability affecting a critical production system communicating across zones may require segmentation changes or other compensating controls.

This capability becomes even more critical when you consider that the average CVSS score for ICS vulnerabilities has climbed to 8.07, with the majority classified as high or critical severity. Organizations can’t patch everything immediately—they need intelligent prioritization that accounts for their specific operational context.

Integration with Enterprise IT Tools

CPS security does not belong in a separate corner of the organization anymore.

If you’re still keeping CPS security confined to plants or treating it as a standalone program, you’re leaving gaps in your overall posture and wasting investments you’ve already made across the enterprise.

Gartner notes, “The strongest capability of Forescout 4D Platform is integration with enterprise IT tools.”

We extend enterprise security practices to CPS environments, allowing operational systems to become part of the same enterprise workflows already used across the business.

Many integrations in this market are fairly basic—often limited to forwarding logs or exporting events to other systems. They look good on paper, but in practice they frequently lead to fragmented workflows and inconsistent outcomes.

Our approach is different.

We focus on enabling real operational workflows built around policies. Instead of simply sending data elsewhere, our users can define policies, decide how the platform should respond, and automate mitigation actions directly from the Forescout interface.

The integrations then become the execution layer. Policies defined in the platform can trigger actions across the tools our customers already use, allowing response and remediation activities to be coordinated across the existing technology stack and proven workflows.

Get the Full Picture

Want to understand which critical capabilities separate basic monitoring from comprehensive CPS protection? Gartner’s Critical Capabilities for CPS Protection Platforms provides independent evaluation criteria, platform comparisons across key use cases, and strategic guidance for maturing your cyber-physical security program.

Download your complimentary copy of the report to see how leading platforms address the toughest challenges in CPS security and make informed decisions about protecting your most critical assets.

Gartner, 2026 Gartner® Critical Capabilities Report for CPS Protection Platforms, Wam Voster, Ruggero Contu, Katell Thielemann, Sumit Rajput, March 9, 2026

GARTNER is a registered trademark and service mark of Gartner Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.