On June 18, 2026, Accenture announced agreements to acquire 100% of runZero and NetRise and a majority stake in Dragos, for a combined enterprise value of approximately $4.175 billion. The transactions are expected to close in August or September 2026, subject to regulatory approval.

The OT cybersecurity market has seen acquisitions before: Tenable’s acquisition of Indegy, Microsoft’s acquisition of CyberX, and a series of smaller consolidation moves over the past decade. None approached this scale. At $4.175 billion combined, this is the largest acquisition of a pure-play OT cybersecurity platform on record.

It confirms what practitioners have long argued: industrial cybersecurity is no longer a niche technical concern. It is a strategic business risk tied directly to safety, uptime, resilience, national security, and operational continuity. Major institutions are now pricing it accordingly.

One piece of context helps clarify this deal. Earlier this year, ServiceNow completed its $7.75 billion acquisition of Armis, another major signal that asset visibility, cyber exposure management, and cyber-physical security are becoming strategic platform categories. The race to build at-scale industrial and OT security platforms is accelerating among multiple major players. These moves reinforce each other as market signals, and together they will reshape how the market organizes itself over the next several years.

The most important question is not what Accenture paid, but what happens next: to the Dragos platform, its service model, its customers, and its partner ecosystem.

Accenture Is Not New to OT Security

Before analyzing this deal, one framing point matters: Accenture is not entering operational technology security for the first time. The firm has been building industrial security capabilities for more than a decade, including the acquisitions of Cimation in 2015, Revolutionary Security in 2020, and several other OT-focused companies. By fiscal year 2025, Accenture’s cybersecurity practice had grown to $10 billion in annual revenue, up from $700 million in 2016.

This deal is a significant acceleration of an established strategy. The relevant questions are not whether Accenture understands OT security. They are about how this specific structural combination will evolve and what that means for customers and partners who have built programs around Dragos as an independent platform.

Dragos Was Never Just a Tool

Dragos has always been more than a platform.

The Dragos Platform is important, but a significant part of the company’s value has come from its services, threat intelligence, incident response experience, practitioner credibility, and a deep understanding of real-world industrial environments.

That distinction matters because OT cybersecurity is not IT cybersecurity. Industrial environments have legacy systems, fragile operations, vendor dependencies, safety considerations, undocumented assets, remote access challenges, and uptime requirements that do not align with traditional IT security approaches.

In that world, trust is earned through operational experience rather than software licensing.

Dragos built its reputation by combining product capabilities with field experience. Service work informed threat intelligence. Incident response work informed platform detections. Customer engagements shaped the understanding of how industrial environments operate.

Dragos’ services business was not a side offering. It was part of the engine that made the platform credible.

That raises one of the central questions after this deal: Can Accenture scale Dragos without altering the services-led intelligence model that made Dragos trusted in the first place?

The Majority Stake Structure Is Worth Understanding

A notable aspect of this announcement is that Accenture did not acquire all of Dragos. It took a majority stake. runZero and NetRise were acquired outright and will operate under Dragos. Dragos will continue as an independent business, led by co-founder and CEO Robert M. Lee.

That structural choice is meaningful. A majority stake may allow Accenture to gain strategic direction and scale benefits while preserving Dragos’ operating identity, both of which contribute to the platform’s value in ways that a full acquisition cannot replicate.

Accenture and Dragos have publicly committed to maintaining the platform’s vendor-neutral approach. That commitment is worth acknowledging and watching. Commitments made at the announcement are not the same as operating structures maintained through integration. Customers and partners will evaluate this through commercial evidence: pricing, partner program terms, support access, staffing, and service structure. Not press releases.

One structural asymmetry in this deal is worth noting. runZero and NetRise are fully acquired and will remain Accenture assets regardless of how the Dragos relationship evolves. That said, HD Moore, the CEO of runZero, and Thomas Pace, the CEO of NetRise, will become Dragos executives, not Accenture employees. The people who built these products will guide them from inside Dragos, while the products themselves are owned by Accenture. Dragos, with a majority ownership stake, falls into a different category. Customers building long-term programs around the integrated Dragos, runZero, and NetRise platform should understand that the integration depends on the Accenture-Dragos relationship remaining intact. If that relationship were ever to change, the question of how Dragos would continue to access and deliver the capabilities that define the expanded platform would become a real one.

The People Behind the Platform

One dimension of this deal that organizational structure analysis alone does not capture is that Dragos’s services-led intelligence model depends on specific individuals.

Dragos built its practitioner reputation through analysts, incident responders, and OT security engineers with years of direct experience in industrial environments. That institutional knowledge does not transfer in a transaction. It remains only if the people remain.

Robert Lee has committed to leading the combined business as CEO, providing significant continuity at the top. The more important signal over the next 12 months will be whether the broader practitioner team remains. Large acquisitions change the equity structure, career paths, culture, and operating environment in ways that prompt specialized practitioners to reevaluate their options.

Watch for significant departures from Dragos’s threat intelligence team, incident response practice, or senior OT engineering staff. Practitioner depth is harder to rebuild than a technology platform, and it is the foundation that makes the platform’s threat detection meaningful.

The Platform Question

The long-term future of the Dragos Platform is one of the most important open questions raised by this deal.

The case for a stronger platform is real. runZero brings asset discovery and exposure management. NetRise brings firmware, device, and software supply chain visibility. Combined with Dragos’ OT threat detection, intelligence, and response capabilities, this combination could become a significantly broader industrial security platform, one that helps operators answer questions they currently address with multiple separate tools.

  • What assets do we have?
  • What is exposed?
  • What firmware and software risks exist inside our devices?
  • What threats are targeting our environment?
  • What vulnerabilities actually matter operationally?
  • How do we respond without disrupting production?

That integration, if executed well, would be genuinely valuable. The more immediate architectural question for organizations running Dragos alongside other OT visibility tools is whether the combined platform consolidates those functions or whether they must rationalize their existing multi-vendor setups.

Enaxy has seen this gap in direct client work. We had one engagement that involved an operator using Dragos as their primary OT security platform. Dragos’s passive monitoring approach is deliberate and well-suited to safety-critical environments. Active scanning in an OT network can disrupt fragile controllers and cause unintended process effects, whereas passive monitoring avoids these risks by design. But passive monitoring alone leaves asset inventories incomplete. Devices that have never communicated, undocumented network segments, and unmanaged connections remain invisible until they surface in an incident.

During that engagement, we used runZero alongside Dragos to enrich the asset inventory. runZero’s active discovery approach, designed to minimize operational disruption in mixed IT/OT environments, surfaced devices and network segments that passive monitoring had missed. As a result, Dragos worked with better asset data.

That experience gives us a clear reason to view this integration as genuinely promising. A well-designed, OT-aware active asset component built into the Dragos platform addresses a real gap that practitioners have worked around for years with supplemental tools. Whether the integration is executed with the same operational discipline that has made Dragos trusted in industrial environments is one of the most consequential technical questions this deal raises.

One open question is how the combined product roadmap will be governed and whether the customer input that has historically shaped Dragos’ detections and features will remain a primary driver as the organization scales. Platform integration timelines and product rationalization decisions can reduce practitioner usability even as underlying capabilities expand. That is a reasonable concern worth monitoring, not a prediction of that outcome.

What Existing Dragos Customers Should Do

For existing Dragos customers, the short-term operational impact is likely minimal.

Existing contracts should remain intact. Support and account coverage are unlikely to change immediately. The platform will not stop working because of the change in ownership structure.

But customers should ask direct questions now, before the deal closes in August or September 2026, while contracts are under review and commercial relationships are being defined. This is the right time to get written answers, not reassuring language.

Specific questions worth raising directly with Dragos and Accenture:

  • Will Dragos remain available without requiring Accenture services?
  • Will existing support contracts remain under Dragos?
  • Will future renewals require Accenture involvement?
  • Will pricing or packaging change after close?
  • Will customer telemetry, asset data, or threat intelligence data be accessible to Accenture consulting teams?
  • Will there be contractual separation between Dragos product data and Accenture services delivery?
  • Will Dragos continue supporting non-Accenture implementation and advisory partners on equal commercial terms?
  • Will smaller and mid-market customers retain direct access and coverage?
  • Will existing integrations with third-party OT security platforms and IT security tools continue to be supported on equal terms?
  • If the ownership structure between Accenture and Dragos changes in the future, what contractual protections ensure continuity of the integrated platform capabilities?

The most important question may be the simplest: Can a company remain a Dragos customer without becoming an Accenture services customer? The answer will tell you most of what you need to know about how this combination will work in practice.

Customers That Do Not Use Accenture

Many Dragos customers do not use Accenture for services. Some have relationships with other firms. Others prefer specialized OT providers or avoid large consulting organizations due to cost, culture, prior experience, or procurement policy.

Those customers should expect Dragos and Accenture to work to earn their continued confidence through contractual clarity, not just reassuring language.

OT cybersecurity is built on trust. Customers share sensitive information about industrial processes, network architecture, vulnerabilities, remote access paths, and operational weaknesses. Clear data governance answers matter: who within the combined Accenture-Dragos structure can access customer telemetry, asset inventories, and threat data, and under what conditions.

The platform’s technical capability is unlikely to diminish. But in OT security, the relationship matters as much as the product. Customers who do not use Accenture should understand whether their operating relationship with Dragos changes in practice, not just in policy.

The Partner Ecosystem Gets More Complicated

Many organizations use consulting and advisory firms, including Deloitte, KPMG, EY, PwC, MSSPs, boutique OT firms, engineering firms, and systems integrators, to assess, implement, support, or operate OT cybersecurity programs. Some of these firms currently support or recommend Dragos.

Accenture now holds a majority stake in the platform and competes directly with many of those firms.

For existing Dragos deployments, most partners will likely continue supporting their customers. Industrial environments do not swap core OT security platforms lightly. These tools are embedded in operations, monitoring, architecture, and response processes.

Future recommendations are where the dynamics become more complicated, and the complexity is not uniform across contexts.

A large professional services firm with broad consulting and managed services conflicts will calculate this differently than a boutique OT firm that relies on platform recommendations as part of its advisory practice. A regional MSSP with a dedicated Dragos practice faces a different business question than a large systems integrator with dozens of platform relationships.

The common thread across all of them is the perception of neutrality. A firm competing against Accenture may weigh Dragos’s recommendations differently than it did six months ago, even if the platform’s technical capabilities are unchanged or improved. This is not a technology issue. It is a trust and channel issue.

Competitors, including Nozomi, Claroty, Armis, Forescout, Tenable OT, TXOne, Microsoft Defender for IoT, and others, now have a credible neutrality argument to make in partner conversations. Dragos has committed to vendor neutrality. Demonstrating it through commercial behavior, including program terms, support access, and pricing parity, will matter more than any announcement.

Government and Critical Infrastructure Trust

One dimension of this deal that has received little public analysis is what happens to Dragos’s relationships with government entities and with critical infrastructure information-sharing programs.

Over years of operational engagement, Dragos has built trusted working relationships with CISA, ICS-CERT, sector ISACs, and related government organizations. These relationships include threat intelligence sharing, vulnerability disclosure coordination, and incident support, all of which depend on trust built over time with an independent, mission-focused organization.

The question is not whether Accenture has government relationships. It has extensive ones. The question is whether the specific trust Dragos has established with government and ISAC entities carries forward under majority Accenture ownership, or whether some of those relationships require renegotiation, additional approvals, or new data governance agreements.

For operators in regulated sectors who participate in ISAC programs or rely on Dragos for government reporting obligations, this is a practical question to raise directly with Dragos. The answer will also serve as an early indicator of how genuinely independent Dragos will be within the Accenture structure.

What This Means for Non-OT Customers of runZero and NetRise

Most analysis of this deal focuses on OT security. However, both runZero and NetRise have substantial customer bases that extend well beyond OT.

runZero has broad adoption among IT security teams. The platform was built for asset discovery and exposure management across all network environments, and many organizations rely on it for IT infrastructure visibility that is unrelated to industrial control systems. NetRise similarly has customers using its firmware analysis and software supply chain security capabilities in enterprise IT and IoT contexts that are entirely outside OT.

Accenture’s framing of this acquisition is explicitly OT and critical infrastructure focused. That positioning is commercially logical given where the major growth opportunity lies. But customers using runZero for IT visibility or NetRise for enterprise device and software supply chain security should pay attention to where product investment flows after the deal closes.

The question is not whether runZero and NetRise will continue to function outside OT environments. They almost certainly will. The question is whether their product roadmaps, feature investment, and commercial packaging will remain balanced across IT and OT use cases, or whether development priorities will follow the OT market, where Accenture sees the largest opportunity.

For organizations that rely on runZero for IT asset discovery or on NetRise for enterprise device and software supply chain security, the same practical guidance applies: ask directly about the roadmap, pricing, and whether non-OT use cases will continue to receive development investment, with a timeline that meets your needs.

The clearer question is this: Do runZero and NetRise remain broadly applicable platforms that happen to work exceptionally well in OT environments, or do they become OT-first products under Accenture’s ownership? The answer will matter to the IT and enterprise security teams that have built programs around these platforms.

Smaller Operators May Be the Most Important Question

The organizations least likely to be prioritized in a large enterprise integration are not the Fortune 100 utilities, global manufacturers, or major energy companies. These organizations will always have access to major platforms and large consulting firms.

The more important question is what happens to smaller operators:

  • Municipal utilities
  • Electric co-ops
  • Regional manufacturers
  • Water and wastewater systems
  • Midstream operators
  • Food and beverage plants
  • Smaller chemical facilities
  • Regional logistics and distribution operations
  • Local government critical infrastructure

Enaxy works with operators across these segments, and the question we are already hearing is not whether the platform is capable; it is whether the commercial model will still reach them.

These organizations need OT cybersecurity. Many of them do not align with the natural economics of a global consulting-led delivery model, and that is a structural observation, not a criticism. Large consulting firms are built for major accounts, large programs, long-term transformation work, and scaled managed services. That is how their economics work.

Smaller industrial operators need something different: practical assessments, asset visibility, segmentation guidance, improved remote access, incident response planning, and monitoring strategies tailored to their budget and operational maturity.

If Dragos remains accessible through direct sales, flexible service models, and partners built for mid-market delivery, this deal could benefit smaller operators by providing access to a more capable platform. If the commercial model shifts toward enterprise-only engagement, smaller operators will need to be more intentional in identifying partners who can serve their scale.

The risk for smaller operators is not that the platform will disappear. It is that the specialized partner ecosystem that has served them, including regional specialists, independent OT advisors, and boutique implementers, faces commercial uncertainty about its long-term relationship with Dragos. Operators in that category should proactively clarify their coverage and alternatives rather than waiting for integration decisions to resolve.

This Deal Validates the Market, But It Does Not Solve the Problems

The $4.175 billion combined transaction is the clearest validation the OT cybersecurity market has received.

It confirms that industrial cyber risk has reached board-level priority. It confirms that visibility, threat detection, firmware intelligence, asset discovery, and operational resilience are converging into a platform category. It confirms that the market is shifting from isolated tools to integrated programs and services.

But market validation is not an operational resolution.

Many industrial operators still do not know what assets they have. Many still lack segmentation. Many still have risky remote access paths. Many still depend on unsupported systems. Many still struggle to translate vulnerabilities into operational risk decisions. Many still lack realistic incident response plans.

A larger, better-integrated platform may help address those gaps. Tools alone do not fix them. The real work still happens in the field, in plants, substations, control rooms, remote sites, and engineering environments, where every recommendation must be balanced against safety, uptime, production, and business realities. Platform maturity matters. Practitioner knowledge and operational judgment matter equally.

The Real Test

The real test for Accenture and Dragos is not whether they can build a more capable OT platform. The technical case for combining Dragos, runZero, and NetRise is credible.

The real test is whether they can scale it without losing the qualities that made Dragos trustworthy. That means preserving:

  • Practitioner credibility
  • OT-specific expertise and judgment
  • Services-led threat intelligence
  • Customer trust and data governance
  • Partner neutrality in commercial practice, not just messaging
  • Accessibility for non-enterprise customers
  • A product roadmap grounded in operational reality

The meaningful signals to watch for over the next 12 months are not platform roadmap announcements or partnership press releases:

  • Watch whether partner program terms change for non-Accenture firms
  • Watch whether pricing models shift post-close
  • Watch whether Dragos customer accounts begin requiring Accenture services conversations
  • Watch whether the threat intelligence team retains its depth and operational independence
  • Watch whether smaller operators continue receiving direct coverage

If Accenture and Dragos get this right, this could be one of the most important platform moves in OT cybersecurity, not because it created a new market, but because it brought serious organizational scale to a security challenge that has long deserved it.

If execution falters, the risk is not that the platform becomes technically weaker. The risk is that practitioner trust erodes faster than enterprise adoption grows, leaving a more capable product with a narrower, more expensive constituency.

For existing customers and partners: the next 60 days, while this transaction moves toward close, are the right time to ask direct questions and get written answers. Not because panic is warranted, but because clarity is available now, before integration decisions are locked in.

In OT cybersecurity, the platform matters. But trust, earned through operational experience, data governance, and consistent commercial conduct, matters just as much.