最近一轮融资 01
$150M Series F [CO020] 尽调报告
Claroty
OT/ICS/XIoT 网络安全平台尽调报告
Claroty 是已经规模化的 OT/CPS 安全龙头,战略价值真实;但当前 ARR、优先股堆叠和 Series F 绝对估值未核验前,后期入场仍难承销。
封面要素
公司概况
Claroty 是一家总部位于纽约市的网络物理系统(CPS)安全公司,2015 年诞生于 Team8 网络安全孵化器。平台覆盖资产发现与可视化、暴露面与漏洞管理、网络防护、威胁检测、安全远程访问,以及面向医疗场景的 xDome 工作流,服务工业、医疗、商业和公共部门环境。到 2026 年初,Claroty 披露客户超过 1,000 家,其中包括 24 家 Fortune 100 公司;2023 年 ARR 超过 $100 million;January 2026 完成由 Golub Growth 领投的 $150 million Series F,此前还在 2024 年完成 $100 million 增长轮。运营层面看,公司已经具备 2027 IPO 或战略退出的条件,但作为私营公司,它对当前 ARR、利润率、留存、烧钱速度和优先股堆叠仍披露有限。
- 成立时间
- 2015-01-01
- 创始人
- Galina Antova, Amir Zilberstein, Benny Porat
- 创立地点
- Tel Aviv, Israel
- 总部
- New York, NY, USA
- 产品
- 统一的 CPS / XIoT 安全平台,覆盖资产可视化、漏洞与暴露面管理、威胁检测、网络防护、安全远程访问,以及面向医疗行业的 xDome 工作流。
- 客户
- 运行 OT、IoT、IIoT 和联网医疗设备环境的关键基础设施、医疗、制药、制造、公用事业、交通、商业地产和公共部门运营方。
- 商业模式
- 通过直销和渠道 / 联盟伙伴销售订阅软件与平台许可;安全远程访问、附加模块和专业服务支撑复杂企业部署。
- 阶段
- Series F / pre-IPO growth
- 融资情况
- January 2026 宣布 $150 million Series F,之前在 March 2024 完成 $100 million 增长轮;已披露累计融资约 $885 million 至 $900 million,第三方报道通常把最新估值放在约 $3 billion 附近,但公司未确认。
执行摘要
主要优势
- Claroty 在 OT/CPS 安全领域已经打到企业级规模,覆盖关键基础设施和医疗行业,客户超过 1,000 家,其中包括 24 家 Fortune 100。
- 平台覆盖可视化、漏洞与暴露面管理、威胁检测、安全远程访问和医疗 xDome 工作流,背后有强合作伙伴生态支撑。
- 近期由 Golub Growth 领投的 Series F、分析师认可和广泛垂直行业触达,让 2027 年 IPO 或战略退出路径具备可信度。
主要风险
- 公司仍未披露当前 ARR、增长、利润率、留存、烧钱或股权结构优先权条款,股权回报承销异常不透明。
- 已报道估值口径不一致:市场常引用的约 $3B 估值,与公司称估值较 2024 年 3 月轮次上升 80% 的说法对不上。
- OT 安全市场整合、巨头厂商打包销售,可能压低 Claroty 的独立估值倍数,并拉长本就复杂的企业销售周期。
未决问题
- 当前 ARR、收入增长、毛利率、净留存和烧钱仍未披露;公开证据只确认 2023 年 ARR 超过 $100M。
- Series F 的绝对估值和清算优先权堆叠未公开,标题企业价值可能高估普通股价值。
- 客户集中度、续约行为和按垂直行业拆分的 ARR 组合未公开披露。
目录
01公司概况
1.1 身份、使命与运营模式
Claroty 自称是保护网络物理系统(CPS)的公司,使命是守住支撑社会关键运转的技术,从而保护任务关键型基础设施。公司平台有四个主要方案支柱:暴露面管理、网络防护、安全访问和威胁检测;交付形态既可以是云端 SaaS(Claroty xDome),也可以是本地部署(Claroty Continuous Threat Detection,CTD)。两种部署都由 Claroty CPS Library 支撑。这套 AI 驱动的资产目录与 Series F 同步推出,能够细粒度呈现 CPS 资产,并定位漏洞归属。 公司瞄准四个垂直行业:工业(制造、油气、公用事业)、医疗(联网医疗设备)、商业楼宇和公共部门(关键基础设施与国防)。统一平台路线并非偶然。Claroty 认为,碎片化单点工具无法解决 IT 与 OT 团队之间的归属缺口、网络物理安全人才短缺,也无法补上成熟度模型缺失。它用一个平台把 OT、IoT 和医疗 IoT 安全收拢到一起,把自己定位成市场整合者;Nozomi Networks(2025 年以约 $1 billion 被 Mitsubishi Electric 收购)和 Armis(2025 年以 $7.75 billion 被 ServiceNow 收购)等同业已通过战略出售退出。截至 2026 年初,Claroty 表示更倾向于独立 IPO,而不是战略出售。 公司孵化于 Team8。Team8 是以色列网络安全孵化器,产出过多家企业级网络安全公司。Claroty 于 2015 年正式成立,总部位于纽约市;截至 2025 年中,员工超过 700 人,分布在北美、欧洲、中东、非洲和亚太的 27 个国家。 [CO001, CO002, CO003, CO004, CO005, CO006]
1.2 创始人、领导层与治理
Claroty 由 Galina Antova、Amir Zilberstein 和 Benny Porat 于 2015 年在 Team8 网络安全孵化器内共同创立。Antova 和 Zilberstein 仍在董事会任职,在外部 CEO 带队的公司里延续创始人-市场匹配。Yaniv Vardi 从创始团队之外加入后担任 CEO,是 Series F、IPO 表态等战略公告的主要公开发言人。 截至 2026 年 5 月,执行领导团队包括 Yaniv Vardi(CEO)、Udi Bar Sela(CFO/COO)、Grant Geyer(首席战略官,曾任 CPO)、Yoram Gronich(首席产品官,2024 年 6 月任命)、Gil Gur Arie(2026 年 1 月从 Ford Motor Company AI 职能加入并担任 CPO)、Upa Campbell(CMO)和 James Love(CRO)。双 CPO 反映产品领导层正在过渡:Gronich 于 2024 年 6 月从 Tufin/Symantec/Check Point 背景加入;Gil Gur Arie 则负责 AI 方向的 CPS Library 项目。Series F 新闻稿还提到,公司任命退役 U.S. Air Force Colonel Jen Sovada 领导公共部门团队。 董事会由 NightDragon 创始人兼 CEO Dave DeWalt 担任主席,他在 2025 年 11 月接任该职。DeWalt 有超过 20 年网络安全运营经验,包括 Intel 以 $7.7 billion 收购 McAfee。公开文件和新闻稿确认的其他董事包括联合创始人 Galina Antova 和 Amir Zilberstein、David Cowan(Bessemer Venture Partners)、Amit Lubovsky(SoftBank)、Yuval Shachar(Team8)、Robert Tuchscherer(Golub Capital)、Meir Ukeles(MoreVC)、Rossa Shanks(Istari)、Peter Marturano(Standard Investments)和 John Miller(Rockwell Automation)。董事会横跨国防 / 政府导向投资方(Istari)、工业自动化厂商(Rockwell)和后期成长股权机构(Golub),反映 Claroty 的多垂直行业战略和 IPO 前资本结构。 [CO009, CO010, CO011, CO012, CO013, CO014]
| 人员 | 职务 | 背景 / 创始人与市场契合度 | 关键人物依赖 |
|---|---|---|---|
| Yaniv Vardi | CEO | 外部聘任;所有战略公告的公开门面,包括 F 轮和 IPO 时间线 | 高 — 外部沟通、投资者关系和 IPO 执行高度集中在 CEO |
| Galina Antova | 联合创始人;董事会董事 | 2015 年来自 Team8 孵化器的联合创始人;原始创始团队;董事会连续性 | 中 — 董事会层面监督;不是运营高管 |
| Amir Zilberstein | 联合创始人;董事会董事 | 2015 年来自 Team8 孵化器的联合创始人;原始创始团队;董事会连续性 | 中 — 董事会层面监督;不是运营高管 |
| Benny Porat | 联合创始人;CPS 安全研究员 | 联合创始人;网络安全研究背景;承接原始产品愿景 | 低至中 — 研究职能;在公开公告中能见度较低 |
| Dave DeWalt | 董事会主席(自 2025 年 11 月起) | NightDragon 创始人 / CEO;前 FireEye 执行董事长;主导 Intel 收购 McAfee($7.7B) | 中 — 治理锚点;对 IPO 定位和网络安全可信度关键 |
| Udi Bar Sela | CFO / COO | 财务和运营高管;参与增长融资 | 高 — 财务报告和 IPO 前准备度 |
| Grant Geyer | 首席战略官(此前为 CPO) | 领导产品四年;2024 年 6 月转任 CSO;负责市场战略和邻近领域 | 中 — 战略职能对 IPO 叙事关键 |
| Yoram Gronich | 首席产品官(2024 年 6 月任命) | Tufin、Symantec、Check Point 背景;在 Tufin 将 R&D 从 10 人扩至 200+ 名工程师;有 IPO 经验 | 高 — IPO 所需的产品路线图和 R&D 执行 |
| Gil Gur Arie | 首席产品官(AI/CPS Library;2026 年 1 月任命) | 此前任 Ford Motor Co. AI 负责人;领导 CPS Library 和 AI 平台计划 | 中 — AI 产品差异化 |
领导层构成来自官方新闻稿和公司网站。部分职位未公开宣布,因此完整高管名单可能不完整。截至 2026 年初,Gronich 和 Gur Arie 两人均持有相当于 CPO 的头衔;这个双 CPO 结构是治理尽调事项。
[CO009, CO010, CO011, CO012, CO013, CO014]1.3 融资历史与资本结构
Claroty 的融资历史显示,自 2015 年成立以来,公司已披露累计融资约 $885 million 至 $900 million。2021 年 6 月完成的 $140 million Series D 由既有投资者领投,使当时累计融资达到约 $235 million;同轮还伴随收购医疗 IoT 安全公司 Medigate,几乎让 Claroty 规模翻倍,并扩大了可服务市场。到 March 2024 完成 $100 million 战略增长融资时,Claroty 披露累计融资 $635 million,意味着 2021 年中至 2024 年初之间发生过约 $400 million 的 Series E。 January 2026 的 $150 million Series F 由 Golub Growth 领投,既有投资者还可追加最高 $50 million 参与。该轮把累计融资推至 CRN 口径下约 $885 million,或 SecurityWeek 口径下约 $900 million。Golub Growth 隶属 Golub Capital,以后期 IPO 前贷款方闻名,它领投是 Claroty 轨迹上的实质信号。公司从未公开确认估值。Calcalist 报道 Series F 后估值约 $3 billion,较 March 2024 报道的 $2.5 billion 投后估值高约 20%。SecurityWeek 则指出,Claroty 确认估值较 March 2024 上升 80%;如果 March 2024 基准为 $2.5 billion,这与 $3 billion 估计在数学上不一致,说明真实估值可能更高,也可能 March 2024 参考数字被高估。该差异尚未解决,是重要尽调事项。 CEO Yaniv Vardi 告诉 Calcalist,Claroty 希望上市;如果市场条件配合,公司最早可在 2027 年推动 IPO。关键投资者包括 Bessemer Venture Partners(David Cowan)、SoftBank(Amit Lubovsky)、Team8(Yuval Shachar)、Golub Capital(Robert Tuchscherer)、NightDragon(Dave DeWalt)、Standard Investments(Peter Marturano)、MoreVC(Meir Ukeles)、Istari(Rossa Shanks)和 Rockwell Automation(John Miller)。投资者组合同时释放财务回报导向和战略协同信号,贴合 Claroty 的工业与国防客户基础。 [CO017, CO018, CO019, CO020, CO021, CO022]
| 指标 | 数值 / 状态 | 日期 | 置信度 | 缺口 |
|---|---|---|---|---|
| 成立 | 2015 | 2015 | 高 | |
| 总部 | New York City, NY | 2025-06 | 高 | |
| 员工数 | >700 | 2025-06 | 中 | 2025 年 6 月之后的准确员工数未公开确认 |
| 设有业务的国家 | 27 | 2025-06 | 中 | |
| 阶段 | 后期私营公司,F 轮 | 2026-01 | 高 | |
| 累计融资(USD M) | ~885–900 | 2026-01 | 中 | 公司不公布累计融资总额 |
| 最新轮次 | Golub Growth 领投的 F 轮 $150M | 2026-01-22 | 高 | |
| 隐含估值(USD B) | ~3(Calcalist);按 80% 增长说法可能更高 | 2026-01 | 低 | Claroty 从未公开确认估值;数学不一致仍未解决 |
| ARR(USD M) | >100 已在 2023 年确认;当前数字未披露 | 2023 | 低 | 公开来源没有确认 2023 年之后的 ARR 数字 |
| 客户 | 1,000+ | 2026-01 | 中 | |
| Fortune 100 客户 | 24 | 2026-01 | 中 | |
| Team82 CPS 漏洞披露 | 650+ | 2026-01 | 中 | |
| Gartner MQ 状态 | 领导者(CPS 防护平台)— 连续第 2 年 | 2026 | 高 | |
| KLAS Best in KLAS 奖项 | 医疗 IoT 安全 — 连续 5 年 | 2021–2025 | 高 | |
| IPO 展望 | 最早 2027 年,前提是市场条件配合(CEO 表态) | 2026-01 | 低 | 推测性;取决于市场条件 |
财务数字(估值、ARR、累计融资)来自公开媒体报道和公司新闻稿;Claroty 不公开披露估值或 ARR。置信度评级反映来源质量和时效性。
[CO001, CO017, CO019, CO020, CO021, CO022]| 利益相关方 | 角色 / 工具 | 经济或控制重要性 | 尽调问题 |
|---|---|---|---|
| Golub Growth(Golub Capital) | F 轮领投方($150M,2026 年 1 月) | 后期 IPO 前贷款方;Rob Tuchscherer 进入董事会;成长股权聚焦 B2B SaaS | 确认治理条款;了解清算优先权和反稀释条款 |
| Team8 | 创始孵化器;早期投资者;董事会席位(Yuval Shachar) | 孵化起点;持续治理角色;以色列人才管线 | 了解 Team8 孵化带来的保留 IP 或授权义务 |
| Bessemer Venture Partners | 早期机构投资者;董事会席位(David Cowan) | 一线 VC,拥有深厚网络安全投资组合;D 轮之前已参与 | 确认当前持股比例和老股交易活动 |
| SoftBank | 投资者;董事会席位(Amit Lubovsky) | 大资产负债表投资者;Vision Fund 时代资本;2024 年后战略价值不确定 | 确认轮次参与情况和 F 轮带来的稀释 |
| NightDragon(Dave DeWalt) | 投资者;自 2025 年 11 月起任董事会主席 | 聚焦网络安全的基金;董事会主席角色增强治理和 IPO 定位 | 评估同时作为投资者和董事会主席可能产生的利益冲突 |
| Standard Investments | 投资者;董事会席位(Peter Marturano) | 带有工业 / 网络安全取向的家族办公室 | 确认投资逻辑和任何商业协议 |
| Rockwell Automation | 战略投资者;董事会席位(John Miller) | 工业自动化既有巨头;渠道和 OT 客户协同 | 评估产品集成或排他协议 |
| MoreVC | 投资者;董事会席位(Meir Ukeles) | 以色列风险投资公司;早期财务取向 | 确认当前持股比例 |
| Istari | 投资者;董事会席位(Rossa Shanks) | 由 Temasek 支持、聚焦网络安全的投资和咨询公司 | 评估政府 / 国防客户触达能力及任何咨询义务 |
投资者详情来自官方新闻稿、董事会主席公告,以及已确认投资者的组合页面。各轮所有权比例未公开披露。B、C、E 轮可能还有公开来源未逐一列名的其他投资者。
[CO017, CO020, CO021, CO022, CO023, CO024]1.4 规模、牵引力与市场认可
截至 January 2026,Claroty 披露全球客户超过 1,000 家,部署在数千个站点,其中包括 24 家 Fortune 100 公司;这一数字高于 March 2024 新闻稿提到的 20 家 Fortune 100 客户,也延续了当时披露的自 2020 年以来客户增长 300%。10 周年新闻稿(June 2025)点名的客户包括 General Motors、BHP、Noble Energy、Britvic、Yale New Haven Health System、Boar's Head、South Tees Hospitals NHS Foundation Trust、BW Offshore、Port Authority of New York and New Jersey 和 Haleon。公司在 27 个国家拥有超过 700 名员工。March 2024 新闻稿称,2023 年 ARR 超过 $100 million;当前 ARR 未公开确认。 Team82 是 Claroty 内部威胁情报与漏洞研究团队。按 Series F 公告,截至 January 2026,Team82 已披露 650 多个 CPS 漏洞。该团队是声誉资产,用自有威胁情报拉开平台差异,并推动企业决策和监管互动。 第三方分析师和行业认可持续且更新。Gartner 在 2025 年(首版)和 2026 年(连续第二年)的 CPS Protection Platforms Magic Quadrant 中均将 Claroty 评为领导者;2025 年报告中,Claroty 在执行能力上排名最高,在愿景完整性上位置最靠前。KLAS Research 连续五年(2021–2025)授予 Claroty Healthcare IoT Security 领域 Best in KLAS,评分 95.4/100。Forrester 在 The Forrester Wave: IoT Security Solutions, Q3 2025 中将 Claroty 评为领导者。Forbes 在 2026 年连续第四年将 Claroty 纳入 Cloud 100。Deloitte 也连续三年把公司列入 Technology Fast 500。 [CO026, CO027, CO028, CO029, CO030, CO031]
1.5 里程碑、竞争背景与反向事件
Claroty 的里程碑显示,公司从 2015 年 Team8 孵化器拆分出来,到 2026 年已快速扩张为后期、IPO 前的市场领导者。2021 年收购 Medigate 是最关键的结构性动作:它几乎让员工规模翻倍,新增医疗 IoT 这一独立市场,也让 xDome SaaS 平台得以成形,成为公司云部署战略的锚点。2024 年扩展的 FOCUS 伙伴计划纳入全球集成商和经销商生态;xCelerate 伙伴计划则进一步强化公司的渠道驱动型 GTM。 2025 年,竞争格局发生实质变化。此前 Claroty 在纯 OT 安全领域最接近的同业 Nozomi Networks 于 2025 年 9 月同意以约 $1 billion 被 Mitsubishi Electric 收购。ServiceNow 于 2025 年 12 月宣布计划以 $7.75 billion 收购更广义的 IoT 安全平台 Armis。这些退出既验证了 CPS 安全品类,也减少了 Claroty IPO 时可参考的独立上市可比公司——对估值是双刃剑。Claroty 管理层把整合描述成抢份额机会,尤其是面向那些不希望 OT 安全嵌入更大工业或企业级供应商的客户。 公开资料能识别的反向与风险事项包括:(1)估值不透明——Claroty 从未公开确认估值;如果 March 2024 基准是 $2.5 billion,公司称估值上升 80% 与第三方 $3 billion 估计在数学上不一致;(2)ARR 模糊——公司最后一次确认 ARR 超过 $100 million 是 2023 年,更新数字未公开披露;(3)IPO 依赖——IPO 叙事假设 2027 年市场条件配合,但这一点无法保证;(4)CPO 职能的领导层过渡风险,Yoram Gronich 和 Gil Gur Arie 在 2026 年初同时持有 CPO 头衔。单看每项都不足以否决投资,但每项都是后续章节必须追问的尽调问题。 [CO034, CO035, CO036, CO037, CO038, CO039]
| 日期 | 事件 | 类型 | 金额 / 估值 / 状态 | 参与方 | 含义 |
|---|---|---|---|---|---|
| 2015 | Claroty 由 Galina Antova、Amir Zilberstein 和 Benny Porat 在 Team8 网络安全孵化工厂内创立 | 创立 | Team8、Antova、Zilberstein、Porat | 确立创始团队、孵化起点和以色列 CPS 安全根基 | |
| 2016 | Bessemer Venture Partners 完成首次投资(A 轮) | 融资 | 未披露 A 轮 | 投资方:Bessemer Venture Partners、Team8 | 确立公司早期即获得一线 VC 支持 |
| 2021-06 | D 轮 $140M 完成;累计总额达到 $235M;收购 Medigate | 融资 | $140M D 轮;Medigate 收购 | 现有投资者 | 独角兽估值确立;加入医疗 IoT 垂直;奠定 xDome SaaS 基础 |
| 2021 | Medigate 收购使 Claroty 规模接近翻倍,并加入医疗 IoT 产品线 | 产品 | 未披露收购价格 | Claroty、Medigate | 医疗成为核心垂直行业;xDome SaaS 路线图提速 |
| 2023 | 年经常性收入(ARR)首次超过 $100M | 规模 | ARR >$100M | 公司里程碑 | 确认收入规模门槛;为后期增长融资定位 |
| 2024-03 | $100M 战略增长融资完成;累计总额达到 $635M;估值据报约 $2.5B | 融资 | $100M;估值约 $2.5B | 现有投资者银团 | 确认独角兽以上估值;报道 20 个 Fortune 100 客户;ARR >$100M 已确认 |
| 2024-06 | Yoram Gronich 被任命为 CPO;Grant Geyer 转任 CSO | 治理 | Claroty 领导团队 | 产品领导层交接;Gronich 带来 Tufin 的 IPO 邻近经验 | |
| 2025-06 | Claroty 庆祝 10 周年;确认 1,000+ 客户、700+ 员工、27 个国家 | 规模 | 当时提及融资 >$500M | 参与者:CEO Yaniv Vardi、Dave DeWalt | 在 IPO 准备前,用公开里程碑锚定规模叙事 |
| 2025-09 | Nozomi Networks 同意被 Mitsubishi Electric 以约 $1B 收购 | 反向 | 约 $1B 收购 | Nozomi Networks、Mitsubishi Electric | 领先 OT 安全同行通过战略出售退出;减少 Claroty 的可比 IPO 样本 |
| 2025-11 | Dave DeWalt 被任命为董事会主席 | 治理 | NightDragon、Claroty 董事会 | 治理强化和 IPO 准备信号;DeWalt 带来网络安全退出经验 | |
| 2025-12 | ServiceNow 宣布以 $7.75B 收购 Armis | 反向 | $7.75B 收购 | ServiceNow、Armis | 更广义 IoT/CPS 市场整合;抬高品类估值,但移除独立同行 |
| 2026-01 | Golub Growth 领投的 F 轮 $150M 完成;CEO 确认 2027 年 IPO 目标 | 融资 | $150M F 轮;总额约 $885–900M;Calcalist 报道估值约 $3B(未确认) | Golub Growth、现有投资者 | IPO 前融资,引入后期贷款方;24 个 Fortune 100 客户;650+ 个 Team82 漏洞 |
里程碑日期和金额来自 Claroty 官方新闻稿,并由独立媒体报道交叉印证。公司未单独披露 A、B、C、E 轮金额;中间轮次规模由累计数字推断。反向事件(同行被收购)来自第三方报道并可独立验证。
[CO017, CO018, CO019, CO020, CO021, CO034]1.6 图表
02市场分析
2.1 市场边界 — CPS / XIoT / OT 安全
Claroty 的可服务市场最好定义为网络物理系统(CPS)安全,这一品类由 Gartner 在 CPS Protection Platforms Magic Quadrant(2025)中正式化。它覆盖三个正在收敛的细分市场:运营技术(OT)/ 工业控制系统(ICS)安全——保护能源、制造、水务和交通中的 PLC、RTU、DCS、SCADA 和现场设备;医疗 OT(HTM)安全——保护医院环境中的医疗设备、临床网络和楼宇管理系统;扩展 IoT(XIoT)——位于 IT 与 OT 交界处的企业级 IoT 设备,包括智能楼宇控制器、物流传感器和联网工业设备。 这个定义排除通用企业 IT 安全(端点检测、面向 IT 流量的 SIEM、没有 OT 协议感知能力的传统防火墙)和消费级 IoT。专用 OT 安全工具的现状替代品,是手工资产清单、周期性现场盘点,以及套用没有 OT 特定协议情报的标准 IT 安全工具;这些做法都会让关键基础设施系统性看不见活跃资产暴露。 CISA 监管 16 个关键基础设施行业,其中几乎全部包含 OT 或 CPS 组件。NIST SP 800-82 Rev.3(2023)是保护这些环境的权威联邦指南;ISA/IEC 62443 则是工业自动化网络安全的全球共识标准,得到 United Nations 背书,并应用于 20+ 个行业。监管脚手架不仅是合规勾选项,更是主要需求信号:缺少符合 ISA/IEC 62443 的安全计划,组织会面临越来越高的采购、保险和监管风险。 [CM001, CM007, CM008, CM011, CM012, CM013]
| 细分 / 类别 | 纳入支出 | 排除支出 | 买方 / 付款方 | 对 Claroty 的意义 |
|---|---|---|---|---|
| OT/ICS 资产安全 | PLC/RTU/DCS/SCADA 的资产发现、清单、漏洞管理 | 通用 IT 端点防护、没有 OT 协议支持的 SIEM | OT 安全团队、工厂 CISO | 核心平台 — 主要 TAM 细分 |
| CPS 网络安全 | OT 网络分段、被动流量监控、异常检测 | 没有 OT 协议解码的标准 IT 防火墙 / IDS | 网络架构师、IT/OT 融合团队 | 相比 IT 优先供应商的关键差异点 |
| 医疗 OT / HTM | 医疗设备安全、临床网络分段、BMD 安全 | 一般医院 IT 安全、EHR 平台 | CISO、生物医学工程 / HTM 团队 | 高增长受监管垂直行业 |
| 楼宇管理系统(BMS) | 智能楼宇控制器、HVAC、门禁、能源管理 | 消费 IoT、办公生产力 IT | 设施管理、房地产 CISO | XIoT 邻近领域;平台覆盖正在扩大 |
| XIoT / IoT-OT 融合 | IT/OT 边界上的企业 IoT — 工业传感器、物流、机器人 | 消费 IoT、企业 IT SaaS | IT/OT 架构师、企业 CISO | 平台扩展到更广阔的 XIoT TAM |
细分边界由作者根据 Gartner CPS 防护平台类别和 CISA 关键基础设施行业定义划定。支出分配为指示性判断,现阶段不是实证来源数据。
[CM007, CM022]2.2 市场规模 — 多重口径与明确限制
第三方分析师对 OT/ICS/CPS 安全市场的预测差异很大,核心原因是范围定义不同。MarketsandMarkets(April 2025 报告)估计,全球 OT 安全市场 2025 年约 $25 billion,到 2030 年增长至 $50.29 billion,CAGR 为 16.5%。该口径覆盖 OT 环境中所有垂直行业的网络安全、资产发现、漏洞管理、IAM、数据安全和托管服务。美国子市场 2025 年为 $4.64 billion,2030 年增至 $9.37 billion(CAGR 15.1%);欧洲为 $5.70 billion,增至 $11.93 billion(CAGR 15.9%)。 SNS Insider(经新闻聚合源引用)把 ICS 安全市场放在 2033 年 $41.82 billion,意味着产品范围比 OT 安全大伞更窄,但仍是双位数 CAGR。Precedence Research 用更宽定义预测 “OT 安全” 到 2034 年达到 $122.22 billion,该口径很可能把 OT 环境中的相邻网络和云安全支出也算入。分析师并不一致地纳入或排除托管检测与响应、IT/OT 融合平台或政府部门支出,因此直接比较并不可靠。 自下而上构建 Claroty 的 SAM,应先从全球 TAM 收窄到:(1)CPS 平台已有实质渗透的行业——能源、制造、医疗、水务、交通;(2)Claroty 具备监管触达和渠道触达的地区;(3)规模足以支撑平台采购的组织。作者估算的 SAM 到 2030 年约 $10–15 billion,SOM 约 $3–5 billion,取决于竞争份额和 XIoT 平台扩张。这些估算置信度低,应结合 Claroty 的 ARR 轨迹和垂直行业赢单数据验证。 [CM001, CM002, CM003, CM004, CM005, CM006]
| 发布方 | 报告年份 | 地区 | 市场规模 | CAGR | 方法说明 | 置信度 | 关键限制 |
|---|---|---|---|---|---|---|---|
| MarketsandMarkets | 2025 | 全球 | $25B(2025)→ $50.3B(2030) | 16.5% | 自下而上的供应商和需求分析;覆盖解决方案 + 服务 | 中 | 范围较宽,可能包含 IT/OT 混合支出 |
| MarketsandMarkets(美国) | 2025 | 美国 | $4.64B(2025)→ $9.37B(2030) | 15.1% | 全球 OT 安全报告中的地区细分 | 中 | 仅美国;不含 EMEA 和 APAC 市场 |
| MarketsandMarkets(欧洲) | 2025 | 欧洲 | $5.70B(2025)→ $11.93B(2030) | 15.9% | 地区细分;纳入 NIS2 监管顺风 | 中 | 欧元区基线;NIS2 扩张带来的增量不确定 |
| SNS Insider(经新闻) | 2024 | 全球 | 到 2033 年达 $41.82B | ~18% | ICS 安全范围;经 Yahoo Finance / 新闻聚合引用 | 低 | ICS 范围比 OT 更窄;无法访问原始报告 |
| Precedence Research(经新闻) | 2024 | 全球 | 到 2034 年达 $122.22B | ~19% | 最宽口径 OT 安全定义,包含邻近云 / 网络 | 低 | 范围很宽,抬高 TAM;方法不透明 |
估计值来自 MarketsandMarkets 报告文本和二级新闻来源。SNS Insider 和 Precedence Research 数字经 Google News RSS 聚合取得;原始报告未独立验证。各分析机构的 CAGR 区间和范围定义差异很大。
[CM001, CM002, CM003, CM004, CM005, CM006]Claroty 所在全球 CPS/OT 安全市场的三层金字塔,从最宽口径的全球 TAM,到作者估算的 SAM 和 SOM。
SAM 和 SOM 由作者基于细分市场和地域覆盖假设估算;这些具体切片没有一手来源。TAM 使用 MarketsandMarkets 2025 年 4 月数值。所有数字均以美元计。
[CM001, CM002, CM017]2030–2034 年 OT/ICS/CPS 安全市场低 / 中 / 高规模估算,范围差异很大,反映各机构对口径定义不一致。
MarketsandMarkets 的低 / 高边界是在中位值上下 ±10–12%(隐含置信区间),SNS Insider/Precedence 的区间更宽(方法不透明)。所有数值均以十亿美元计。单位:$B。Precedence 的估算高得多,可能因为市场边界更宽,把 OT 环境里的通用网络 / 云安全也纳入其中。
[CM041, CM031, CM001, CM005, CM006]2.3 垂直行业 — 各行业的威胁暴露与监管压力
能源和公用事业是最成熟、监管最重的 OT 安全细分市场。NERC CIP 标准要求北美大电力系统(BES)资产具备网络安全保护,形成由合规驱动的预算底线。国家级威胁行为体——包括 Latvia SAB 标记并由 CISA 公告记录的俄罗斯 APT 组织——主动瞄准电网基础设施,把合规支出转化为真正的安全投资。MarketsandMarkets 用专门的 ICS Security in Energy and Power 报告覆盖该行业,说明分析师认可其行业特定市场动态。 制造业面对另一种威胁画像,核心是勒索软件:运营中断、供应链勒索和保险要求是主要采用触发点。OT 环境一旦连接 ERP 系统和云分析,Purdue 网络分段模型就越来越不够用。 医疗 OT 是增长最快的受监管细分市场。HHS 已发布与 HIPAA 对齐的网络安全指南,要求受监管实体处理医疗设备和临床网络安全。FDA 医疗设备安全指南进一步强化合规驱动;输液泵或 MRI 控制器被攻陷会牵动患者安全,也抬高了组织付费意愿。 水务和污水运营方单体预算更小,但也面对 WaterISAC(Water Information Sharing and Analysis Center)和 EPA 指南记录的活跃威胁。交通行业,包括海事与铁路 OT,受 TSA 网络安全指令约束:U.S. Coast Guard 要求到 January 2026,所有 IT/OT 人员必须接受网络安全培训。 [CM014, CM015, CM016, CM024, CM025, CM026]
| 垂直行业 | 买方 | 用户 | 付款方 / 预算所有者 | 主要采用触发因素 | 预算层级 |
|---|---|---|---|---|---|
| 能源 / 公用事业 | CISO + 运营副总裁 | OT 安全分析师、电网运营员 | CIO/CFO;资本开支 / IT 预算 | NERC CIP 合规;国家级威胁 | 高(单企业数百万美元级) |
| 制造业 | 工厂经理 / IT 经理 | 工厂工程师、SOC 分析师 | CFO/CTO;OpEx / OT 预算 | 勒索软件扰动;网络保险要求 | 中高($200K–$2M) |
| 医疗健康 | CISO / CIO / CPHIMS | 生物医学工程师、HTM 员工 | 医院 CFO;IT 安全预算 | HIPAA / FDA 医疗设备指南;患者安全 | 中($100K–$1M) |
| 供水 / 污水处理 | CISO / IT 负责人 | OT/SCADA 操作员 | 公用事业董事会 / 市政机构;基础设施预算 | EPA 指南;WaterISAC 威胁警报 | 低-中($50K–$500K) |
| 交通运输 / 海事 | CISO / 基础设施 VP | OT 安全专家 | 交通主管机构 CFO;关键基础设施预算 | TSA 网络安全指令;海岸警卫队强制令(2026 年 1 月) | 中($200K–$1M) |
预算分层是基于行业规模和监管复杂度的指示性估计,未用独立核验的合同金额数据验证。实际客单价会随组织规模和部署范围变化。
[CM014, CM015, CM016, CM024, CM028, CM030]矩阵展示五个关键垂直行业的监管驱动强度、预算层级和采用成熟度。
[CM014, CM016, CM024, CM028, CM030, CM035]2.4 买方、用户与付款方格局
OT 安全平台的购买权因垂直行业和买方安全组织成熟度而异。在能源和公用事业,CISO 与运营副总裁通常共同评估方案,采购一般走 IT 安全或技术资本预算。制造业里,工厂经理或 IT 经理常常推动评估,CFO 或 CTO 批准支出。医疗买方通常是 CISO,并与 Biomedical Engineering 或 Healthcare Technology Management(HTM)团队协作,由医院 CFO 控制审批。水务公司和市政机构往往只有一名 IT 主管兼负安全责任,资金则绑定基础设施补助和公用事业董事会审批周期。 OT 安全平台的用户是 OT 安全分析师、工厂工程师或 SOC 运营人员——他们网络安全背景可能有限,但深懂工艺域。OT 域知识与安全专业能力之间的张力,是结构性采用约束:同一份 SANS 2026 调查显示,60% 组织把技能缺口列为首要 OT 网络安全挑战,42% 表示这些缺口阻碍采用新安全技术。 付款方并不只看安全 ROI。合规要求、网络保险要求和运营韧性目标,才是主导预算理由。早期 OT 安全项目中,专业服务收入——集成、部署和托管检测——往往超过软件许可价值,反映棕地环境的复杂度。 [CM019, CM020, CM035, CM036, CM037, CM039]
2.5 增长驱动与采用约束
首要增长驱动,是针对关键基础设施的攻击频率和严重程度加速上升。Google Cybersecurity Forecast 2026 警告,ICS/OT 风险正同时受到网络犯罪和国家级行为体推动而升级。按 Cydome 研究,2025 年海事 OT 网络攻击激增 150%。CISA Known Exploited Vulnerabilities 目录经常纳入 OT/ICS 产品 CVE,推动资产所有者产生紧迫感。 监管顺风会复合放大需求:NERC CIP、EU NIS2 Directive、TSA 网络安全指令、FDA 医疗设备指南,以及 CISA 面向 OT 资产采购的 Secure by Demand 指南,正在共同抬高每个关键基础设施垂直行业的合规底线。SANS 2026 数据显示,监管对 OT 安全招聘的影响在一年内从 40% 组织跃升到 95%,这是预算分配的领先指标。 IT/OT 融合是结构性驱动:工业环境采用 IIoT、云分析和远程维护访问后,OT 攻击面大幅扩张,需要专门为 OT 协议打造的安全能力,而不是把 IT 工具改装后套用。 最大约束是结构性的 OT 安全人才短缺。SANS 2026 报告称,27% 组织经历过与能力缺口直接相关的入侵,42% 表示这些缺口阻碍采用新安全技术。这一约束一方面创造了托管 OT SOC 服务需求,另一方面又放慢自营平台部署。关键基础设施中 12–36 个月的长采购周期、部署期间对运营风险的规避,以及 IT 与 OT 安全项目之间的预算竞争,也进一步压低采用速度。 [CM019, CM020, CM021, CM023, CM024, CM025]
| 因素 | 方向 | 时间 | 对 OT 安全支出的影响 | 尽调要点 |
|---|---|---|---|---|
| 针对关键基础设施的国家级攻击和勒索软件攻击 | 驱动因素 | 立即 / 持续 | 提升高管层紧迫感;预算从被动响应转向主动防护 | 跟踪 CISA ICS 通告频率和分行业事件率 |
| NERC CIP / NIS2 / TSA / FDA 强制要求扩展 OT 安全要求 | 驱动因素 | 2024–2027 年推进 | 在公用事业、交通、医疗健康形成合规驱动的预算底线 | 监测监管是否扩展到新兴 XIoT 和 BMS 领域 |
| IT/OT 融合和 IIoT 部署扩大攻击面 | 驱动因素 | 持续多年 | IT-OT 边界消融,TAM 扩大;平台粘性上升 | 评估 Claroty 客户群中的 IIoT / 工业 4.0 采用率 |
| 缺少加密或认证的老旧 ICS 系统 | 约束(切换成本) | 存量场景多年迁移 | 部署放慢;被动监测优先打法增加专业服务成本 | 评估已安装基数中使用老旧协议(Modbus、DNP3、旧版 OPC)的比例 |
| OT 网络安全技能短缺(SANS 2026 称 60% 组织缺技能) | 约束 | 结构性,2026 年以后 | 托管 OT SOC 需求上升;自运营平台采用放慢 | 跟踪 Claroty 收入结构中托管 OT SOC 相对平台 ARR 的增长 |
| IT 与 OT 安全项目争夺预算 | 约束 | 持续 | 相比 IT,OT 安全常常投入不足;CISO 需要为独立 OT 投资做论证 | 从行业调研中寻找分细分市场 OT 预算分配数据 |
| 采购和部署周期长(关键基础设施为 12–36 个月) | 约束 | 单笔交易 | 限制先落地再扩张速度;需要非扰动、被动优先的 POC | 跟踪平均销售周期、价值实现时间指标,并与 Claroty 指引对照 |
时间与影响是基于监管文件、行业调查(SANS 2026)和新闻报道的定性判断。每个因素的量化预算影响没有独立可得数据。
[CM008, CM009, CM019, CM020, CM021, CM032]六阶段采用漏斗,从初始认知到平台续约,标出关键基础设施 OT 安全采购中的主要摩擦点。
漏斗转化率为示意性估算,依据典型企业安全平台转化率和 OT 采购周期描述;并非来自 Claroty 特定赢单 / 输单数据。
[CM032, CM034, CM039]2.6 图表
03竞争格局
3.1 竞争格局概览
OT/CPS 安全市场给 Claroty 呈现的是分层竞争场。核心层是三家纯 CPS 安全厂商——Claroty、Dragos 和 Nozomi Networks——在工业控制系统和 OT 环境的资产发现、威胁检测和漏洞管理上直接竞争。第二层是相邻平台玩家——Armis(IT/OT/IoT/医疗融合)、Tenable(暴露面管理)和 Palo Alto Networks(网络安全 + OT)——覆盖多个域,但 OT 协议深度通常更浅。第三层是细分和嵌入工业自动化的玩家——Cisco Industrial Threat Defense(网络原生)、Rockwell Automation 旗下 Verve/SecureOT(制造商服务制造商)和 Radiflow(聚焦 MSSP/SIEM 集成)——服务特定买方细分或渠道动作。评估 CPS 安全平台的买方,还必须权衡维持现状的替代方案:由 Accenture、Deloitte、EY 等咨询机构提供托管 OT 安全服务,或把 SIEM、IT XDR 工具扩展到 OT 资产的自建路径。随着 Gartner Magic Quadrant for CPS Protection Platforms 在 2024 年正式成形并纳入多家领导者,企业预算分配更具合法性,RFP 活动加速,整体竞争强度正在上升。 [CP001, CP002, CP003, CP004, CP005]
3.2 纯 OT/ICS 安全领导者 — Dragos 与 Nozomi
Dragos 是 Claroty 最具技术可信度的直接对手。Dragos 由前 NSA ICS 安全从业者创立,总部位于 Washington DC 都市区,声誉来自威胁情报:其 WorldView 情报源跟踪 26 个工业威胁组织(2025 年有 11 个活跃),发布年度 OT Cybersecurity Year in Review 报告,并运营免费的 OT-CERT 资源项目和面向小型公用事业的 Community Defense Program。Gartner 在 March 2026 连续第二年将 Dragos 评为 CPS Protection Platforms Magic Quadrant 领导者。Dragos Platform 以被动资产可视化为核心,配套自有 “Now, Next, Never” 漏洞优先级模型;该模型称只有 3–6% 的 ICS 漏洞需要立即处理,并提供带上下文的响应剧本。Dragos 的 OT Watch 托管检测与响应服务把平台延伸为托管方案。相对 Claroty,Dragos 的主要弱点是资产覆盖更窄——它重心高度放在纯 ICS/OT 环境,无法匹配 Claroty 在 BAS、医疗设备和企业 IoT 上的 XIoT 广度。Nozomi Networks 是纯 OT/ICS 层的另一根支柱。Nozomi 创立于 2013 年,源自瑞士,披露监控超过 115 million 台 OT、IoT 和 IT 设备,覆盖全球 12,000 多个安装点,并声称客户留存率 100%。Nozomi 的差异化来自 AI 驱动分析、极深的伙伴生态(Schneider Electric、ABB、Siemens、Mandiant、GE、Honeywell、IBM Security、Hitachi),以及把有线和无线传感器结合起来的端点到网络可视化。Nozomi 面向大规模关键基础设施,常获战略工业伙伴认证,可与其 OT 自动化产品一起交付安全能力,形成独特的联合销售渠道。相对 Claroty,Nozomi 的弱点是医疗设备和 BAS 覆盖较薄,在 CPS Protection Platforms 品类中的分析师认可历史上也不够激进。 [CP006, CP007, CP008, CP009, CP010, CP011]
| 竞争对手 | 类别 | 规模 / 融资 | 目标细分市场 | 差异化 | 相对 Claroty 的关键短板 |
|---|---|---|---|---|---|
| Dragos | 纯 OT/ICS 厂商 | 私营;已融资约 $420M+;最近估值约 $1.7B(2021) | 能源、制造业、供水、交通运输 | OT 原生威胁情报(WorldView,跟踪 26 个威胁组织),2026 年 Gartner MQ 领导者 | 资产覆盖更窄——BAS、医疗设备、XIoT 广度有限 |
| Nozomi Networks | 纯 OT/IoT 厂商 | 私营;Schneider、ABB、Siemens 支持;监测 115M+ 台设备 | 关键基础设施、制造业、公用事业 | AI 驱动分析、深度工业伙伴联合销售、12K+ 个安装点、声称 100% 留存 | 医疗 / BAS 覆盖不够广;在 CPS PP MQ 中分析师认可度较弱 |
| Armis | IT/OT/IoT/医疗设备(CAASM) | 私营;估值约 $4.2B(公司声称) | 企业 IT 邻近场景、医疗健康、政府 | 覆盖 IT+OT+IoT+医疗设备,资产广度最强;Centrix VIPR Pro 用于漏洞优先级排序 | ICS 协议深度较浅;在重工业场景,CAASM 定位可能输给 OT 专业厂商 |
| Tenable OT | 暴露面管理(IT+OT) | 上市公司(TENB);OT 是 Tenable One 平台内的产品线 | 受监管行业、IT 主导的 OT 项目 | 统一 IT+OT 暴露面平台、Safe Active Query、VPR 评分、合规映射强 | OT 专属威胁情报和响应 playbook 有限;没有 OT MDR 服务 |
| Palo Alto Networks | 网络安全(OT 套装) | 上市公司(PANW);OT 作为 NGFW 增购 | 已部署 PANW 的企业 | 打包进 NGFW 续约、实时 OT 协议检测,有 BorgWarner、Grupo Bimbo 客户背书 | 没有独立 OT 业务;ICS 威胁情报有限;在绿地 OT 优先客户中较弱 |
| Cisco (Industrial TD) | 网络原生 OT 安全 | 上市公司(CSCO);OT 是产品组合附加项 | Cisco 占比高的工业网络、公用事业 | 以网络作传感器(Cyber Vision)、部署摩擦低、面向 OT 的 ZTNA、XDR/Splunk 集成 | OT 威胁情报较弱;相比专注厂商,OT 专业化 GTM 有限 |
| Verve/SecureOT (Rockwell) | 托管 OT 安全(制造业) | 私营;Rockwell Automation(ROK)子公司 | 制造商、能源、制药、汽车 | OT 优先平台 + 托管服务,「由制造商打造」,具备 Rockwell 的 OT 可信度 | 主要由服务驱动;平台范围更窄;全球规模不及前三家 |
| Radiflow | OT 安全(MSSP/SIEM) | 私营;全球 20K+ 个站点 | MSSP 交付的安全、IEC 62443 垂直行业 | 非侵入式监测、符合 IEC 62443、SIEM 集成(IBM)、低带宽远程站点 | 威胁情报投入较小;平台广度有限;主要走 MSSP 渠道 |
私营公司的融资 / 估值数据来自公司声称的披露和新闻稿;实际 ARR 和当前估值未披露。规模数字由公司自行报告。
[CP006, CP007, CP011, CP012, CP016, CP020]把八家竞争厂商放在平台宽度(从仅 OT 到完整 CPS/XIoT 覆盖)和 OT 深度(协议支持、威胁情报成熟度、ICS 原生检测)两条轴上。
轴向评分(1–5 序数刻度)为作者判断,基于 2026 年 5 月收集的官方产品覆盖声明、分析师认可和功能矩阵数据。没有独立基准;应视为方向性定位,而非实证测量。
[CP001, CP006, CP011, CP016, CP020, CP026]3.3 相邻平台竞争者 — Armis、Tenable OT、Palo Alto Networks
Armis 主要在 IoT、BAS 和医疗设备安全细分市场与 Claroty 竞争,也越来越多进入更广义的 CPS 暴露面管理。Armis Centrix™ 是一个无代理、云交付的网络暴露面管理平台,覆盖 IT、OT、IoT 和医疗设备安全。Armis 点名客户高度多元——Colgate-Palmolive、United Airlines、Takeda Pharmaceuticals、Mondelēz、DocuSign——显示其在企业 IT 相邻场景渗透强,但 OT 深度和 ICS 协议覆盖浅于 Claroty 或 Dragos。Armis 更像 CAASM(网络资产攻击面管理)厂商,而不是纯 OT 安全平台;这降低了它在能源和水务账户中的正面重叠,但在联网企业和医疗环境中构成真实竞争。Tenable 通过 Tenable One OT Exposure 把漏洞管理领导地位带入 OT,用单一暴露面管理平台统一 IT 和 OT 资产清单。Tenable 的差异化元素包括 “Safe Active Query”(用原生协议对 OT 设备做非破坏性询问)、AI 驱动的修复建议,以及业内领先的 Vulnerability Priority Rating(VPR)评分,用真实世界可利用性为 CVSS 打分提供上下文。Tenable 支持云、本地和混合部署,并自动映射 NERC CIP、IEC 62443、NIST 和 PCI DSS 合规要求。但与 Dragos 和 Claroty 相比,Tenable 在 OT 专属威胁情报和响应剧本上更弱。Palo Alto Networks 通过 Industrial OT Security 产品线竞争,该产品使用基于 NGFW 的 OT 协议检查,在既有 Palo Alto 网络基础设施中嵌入实时资产清单和风险管理。点名企业客户包括 BorgWarner 和 Grupo Bimbo。PANW 的关键竞争优势,是能把 OT 安全打包进既有 Palo Alto 企业安全支出;已经使用 Palo Alto 的买方可以用边际增量成本激活 OT 安全,从而在 IT 安全栈成熟的中型市场和企业账户中形成强替代路径。 [CP016, CP017, CP018, CP019, CP020, CP021]
| 能力 | Claroty | Dragos | Nozomi | Armis | Tenable OT | Cisco ITD |
|---|---|---|---|---|---|---|
| 被动 OT/ICS 资产发现 | 是 | 是 | 是 | 是 | 是 | 是(网络原生) |
| 主动 / 安全查询 | 是 | 有限 | 是 | 否 | 是(Safe Active Query) | 是(原生协议) |
| OT 威胁情报源 | 是(Team82) | 是(WorldView) | 是(Labs) | 有限 | 有限 | 否 |
| 医疗设备安全 | 是(专用模块) | 否 | 有限 | 是 | 有限 | 否 |
| BAS / 智慧建筑安全 | 是 | 否 | 有限 | 是(Centrix) | 否 | 否 |
| 托管检测与响应 | 是(经由合作伙伴) | 是(OT Watch) | 是(经由合作伙伴) | 是 | 否 | 否 |
| 合规报告(IEC62443/NERC) | 是 | 是 | 是 | 部分 | 是 | 是 |
能力评估基于截至 2026 年 5 月的官方厂商产品页面;“有限”表示厂商页面显示功能不完整。没有可用的独立基准测试。
[CP007, CP009, CP013, CP017, CP021, CP027]展示六家领先厂商在七项关键 OT 安全购买标准上的能力覆盖(是 / 有限 / 否)。
能力声明来自厂商官方产品页面;“有限”表示截至 2026 年 5 月,厂商公开材料记录了部分覆盖。没有第三方基准验证这些声明。
[CP007, CP009, CP013, CP017, CP021, CP027]3.4 细分与工业自动化玩家 — Cisco、Verve/SecureOT、Radiflow
Cisco 通过 Cisco Industrial Threat Defense 竞争,这是一套以 Cisco Cyber Vision(OT/ICS 资产可视化与行为分析)、Cisco Secure Equipment Access(OT 零信任远程访问)、Cisco Secure Firewall for industrial DMZ 和 Cisco Identity Services Engine(按 ISA/IEC 62443 做区域与通道执行)为锚点的产品组合。Cisco 的竞争优势是既有工业网络交换机和路由器装机基础;这些设备无需额外硬件部署,就能成为 Cyber Vision 的被动传感器。这种“网络即传感器和执行器”路线大幅降低 Cisco 中心型工业环境的部署摩擦——Cisco Validated Designs 提供参考架构和物料清单,压低实施风险。Cisco 与 Cisco XDR 和 Splunk 集成,实现统一 IT/OT 威胁关联。弱点是 OT 专属威胁情报有限,OT 安全 GTM 也不如 Dragos 或 Claroty 专门。Verve Industrial Protection 现在改名为 Rockwell Automation 旗下 SecureOT,定位是“由制造商打造,服务制造商”。SecureOT 方案组合把供应商中立的 OT 专属资产清单与风险管理平台(原 Verve Security Center),同 24/7 OT SOC 和 NOC 等专业与托管安全服务结合起来。Rockwell 所有权带来显著制造业可信度,也带来与 Rockwell Automation 既有控制系统客户的深厚关系。SecureOT 的策略是端到端服务,而不是只拼平台技术;其差异化来自部署支持、NIST CSF 成熟度提升案例,以及与 Rockwell 设备的运营集成。Radiflow 是一家以色列 OT 安全厂商,全球服务超过 20,000 个站点,尤其擅长 MSSP 和 SIEM 集成场景。Radiflow 提供非侵入、非破坏性的 OT 网络监控,Smart Collectors 可把远程站点遥测以带宽高效方式传到中央 SOC。Radiflow 与 IBM 安全产品集成,瞄准偏好 IEC 62443 合规和 MSSP 交付安全的行业。它的市场足迹明显小于前三家纯厂商,也缺少 Claroty、Dragos 或 Nozomi 的平台广度和威胁情报深度,但仍是 SIEM 中心型 OT 安全架构中的参考厂商。 [CP026, CP027, CP028, CP029, CP030, CP031]
| 厂商 | 主要 GTM 模式 | 定价结构 | 关键渠道 | 定价透明度 |
|---|---|---|---|---|
| Claroty | 企业直销 + MSSP/SI 合作伙伴 | 按资产数量和模块计费的企业订阅 | MSSP、SI、技术合作伙伴(Splunk、ServiceNow) | 不透明——无公开标价 |
| Dragos | 企业直销 + OT Watch MDR | 平台许可 + OT Watch MDR 订阅 | 直营销售团队、合作伙伴生态 | 不透明——无公开标价 |
| Nozomi Networks | 合作伙伴主导(Schneider、ABB、Siemens 联合销售) | 平台订阅、专业服务 | OEM / 战略工业合作伙伴、VAR | 不透明——无公开标价 |
| Armis | 企业直销 + 渠道 | 按资产 / 用户数计费的 SaaS 订阅 | 渠道合作伙伴、MSSP | 不透明——无公开标价 |
| Tenable OT | 打包进 Tenable One 或独立销售 | Tenable One 附加项或独立 OT 许可 | 直销 + 既有 Tenable 安装基础 | 通过 Tenable.com 部分披露 |
| Palo Alto Networks | 与 NGFW/Prisma 续约打包 | 按设备计费,或与 Palo Alto 硬件 / SASE 打包 | 企业直销、渠道合作伙伴 | 可通过 PANW 门户查看公开标价 |
定价信息来自官方产品和合作伙伴页面;所有 OT 安全厂商都采用企业定制定价。没有公开可核验的合同金额。
[CP022, CP024, CP030, CP034, CP038]3.5 竞争护城河与替换风险
Claroty 最持久的竞争优势,是 XIoT 平台广度和资产知识图谱深度。一个统一平台同时覆盖 OT、IoT、BAS 和医疗设备,使 Claroty 的切换成本高于单域厂商:一家医疗机构用 Claroty 映射了输液泵、楼宇自动化和工业流程设备后,替换它就要跨多层重新部署。Team82 威胁研究职能和 Global CPS Research Report 持续在安全从业者中强化品牌,类似 Dragos 的 WorldView 和年度回顾报告,既带来自然媒体声量,也成为分析师认可的素材。Claroty 的伙伴计划(MSSP、SI、技术伙伴)和医疗行业深度,也构成纯厂商对手 Dragos 与 Nozomi 尚未完全复制的分销优势。最可信的替换风险并不来自直接 OT 安全对手,而是大型平台安全厂商。Palo Alto Networks 和 Cisco 可以在企业安全续约对话中,把 OT 安全作为打包能力提供;CISO 可以借既有供应商关系解决 OT 可视化,并降低采购复杂度。Tenable 向既有漏洞管理装机基础交叉销售,尤其是在已经用 Tenable 做 IT 扫描的受监管行业账户中,会带来真实增购风险——这些账户可能把 OT 安全视为漏洞管理延伸,而不是独立项目。多供应商共存风险为中等:已经使用 Dragos 或 Nozomi 做 OT 威胁检测的买方,可能为了医疗设备或 BAS 覆盖再加 Claroty,而不是完全替换,形成共同部署而非零和竞争。2026 Dragos Year in Review 确认,针对工业实体的勒索软件攻击同比增加 64%,加剧专用 OT 安全预算的紧迫性,并利好该细分市场所有厂商。 [CP035, CP036, CP037, CP038, CP039, CP040]
| 护城河主张 | 威胁 | 严重性 | 缓释措施 / 尽调问题 |
|---|---|---|---|
| XIoT 资产广度带来高切换成本 | Armis 加深 OT 能力;PANW 打包 OT | 中 | 核验多领域留存数据;跟踪 Armis 在医疗健康 / 制造业 OT 项目中的胜率 |
| Team82 威胁研究建立品牌和买方信任 | Dragos WorldView 和年度 Year in Review 直接竞争;Nozomi Labs 发布竞品研究 | 中 | 监测分析师引用频率;索取企业 RFP 中相对 Dragos 的赢单 / 输单数据 |
| 医疗健康垂直深度和医疗设备专精 | Armis 是强劲的医疗设备安全替代方案;收购 Medigate 扩大 Claroty 的医疗健康护城河 | 低-中 | 确认 Medigate 整合已完全运营化;复核医疗健康客户留存 |
| 合作伙伴 / MSSP 分销能力 | PANW 和 Cisco 借既有企业关系打包 OT,摩擦更低 | 高 | 评估渠道与直销分别贡献的销售管线;判断 MSSP 合作伙伴是否也列入 Dragos 体系 |
| 监管顺风(NIS2、NERC CIP、TSA)延展 TAM | 监管合规是入口,但合规达标后不保证平台留存 | 低 | 跟踪哪些合规要求驱动首次购买,哪些驱动平台扩张合同 |
严重性评级(低 / 中 / 高)是作者基于 2026 年 5 月收集的竞争证据作出的定性判断;没有独立基准可用——应视为方向性风险优先级,而非实证测量。
[CP035, CP036, CP037, CP039, CP040, CP042]截至 2026 年 5 月,反映 Claroty 相对直接同业竞争位置的关键指标。
威胁统计来自 Dragos 2026 OT Cybersecurity Year in Review,并由 industrialcyber.co 报道。安装量为公司自报,未经审计。
[CP006, CP007, CP011, CP033, CP041]3.6 图表
04财务情况
4.1 资本形成历史与逐轮融资年表
Claroty 自 2015 年在 Team8 网络安全孵化器内成立以来,已汇集约 $885–900 million 的已披露机构资本。资本形成轨迹覆盖六轮公开承认的融资;但公司从未发布完整融资时间线,SEC EDGAR 记录显示,围绕 2021 年 12 月融资事件存在特殊目的载体,而公司未单独公告该事件。 最早可识别的机构资本,可追溯至公司在 Team8 内孵化时期。SEC Form D 文件显示,Team8 – Claroty, L.P.(CIK 0001754014)于 October 2018 提交备案。该文件登记了一只 Cayman Islands 基金的 $5 million 豁免发行,确认 Team8 从创立时期就持有结构化股权。Series D 于 June 2021 完成,募资 $140 million,由 Bessemer Venture Partners 和 Standard Industries 旗下 40 North 平台共同领投;该轮当时是工业网络安全领域有史以来最大单笔投资。Series D 完成时,累计融资约 $235 million。 June 2021 至 March 2024 之间,Claroty 又融资约 $400 million,但从未作为独立轮次公开宣布。SEC EDGAR 记录了 2022 年初两份 Form D:Team8 – Claroty II, L.P.(CIK 0001903605,January 2022 提交)和 Marker-Claroty Series E LP(CIK 0001908673,February 2022 提交,SPV 初始发行金额 $7.3 million)。CB Insights 据此记录了一轮 December 2021 机构融资。March 2024 Series E-II 完成时披露的累计融资为 $635 million,意味着 2021 年中至 2024 年初之间有约 $400 million 的 Series E。这是 Claroty 融资史上最大的披露缺口,也是首要尽调事项。 March 6, 2024 的 Series E-II 募资 $100 million,被称为“战略增长融资”,由股权投资者 Delta-v Capital 领投,AllianceBernstein 旗下 AB Private Credit Investors、Standard Investments、Toshiba Digital Solutions、SE Ventures、Rockwell Automation 和 SVB 参与。AllianceBernstein 私人信贷参与表明,该结构同时包含股权和私人信贷;纯风险投资轮很少出现这种安排,并可能影响股权结构表中的优先级。该轮未提交 SEC Form D。 January 22, 2026 的 Series F 募资 $150 million,由 Golub Capital 关联方 Golub Growth 领投,并有既有投资者确认可追加最多 $50 million 参与;若完全交割,总额最高可达 $200 million,累计已披露资本约 $885–900 million。Golub Growth 专注为 IPO 前 B2B SaaS 公司提供灵活债权和股权资本。Series F 未提交 SEC Form D。公司确认估值较 March 2024 轮上升 80%,但拒绝披露绝对数字。CRN 报道总融资为“至少 $885 million”;SecurityWeek 报道为“约 $900 million”。 [CI001, CI002, CI003, CI004, CI005, CI006]
| 轮次 | 约略日期 | 金额(USD) | 领投方 | 累计融资 | 备注 |
|---|---|---|---|---|---|
| 种子轮 / Team8 孵化 | 2015–2018 | 未披露 | Team8 Cyber Foundry | 未披露 | SEC Form D(Team8-Claroty LP,Oct 2018)确认股权结构 |
| Series A/B 轮 | 2019 | ~$60M(估计) | 投资方:Bessemer Venture Partners、Team8、ICV | ~$100M(估计) | 金额和确切日期未公开确认;估计基于已知投资方 |
| Series C 轮 | 2020 | ~$75M(估计) | SoftBank Vision Fund、40 North、现有投资方 | ~$175M(估计) | 近似值;Claroty 未公布 Series C 细节 |
| Series D 轮 | June 2021 | $140M | 投资方:Bessemer Venture Partners、40 North(Standard Industries) | ~$235M | 当时最大一笔工业网络安全投资;创下纪录 |
| Series E 轮(未披露) | Dec 2021(估计) | ~$400M(推算) | 未披露 | ~$635M | 由 Series E-II 时 $635M 累计融资额推算;Form D SPV 于 Jan–Feb 2022 提交 |
| Series E-II 轮 | March 6, 2024 | $100M | Delta-v Capital(股权领投);AllianceBernstein(私人信贷) | ~$735M | 包含 AllianceBernstein 的私人信贷;未提交 Form D |
| Series F 轮 | January 22, 2026 | $150M(+最高 $50M) | Golub Growth(Golub Capital 关联方) | ~$885–900M | 估值较 March 2024 上调 80%;目标 2027 年 IPO |
Series A/B/C 金额是基于投资方披露和 CB Insights 数据的分析估计;Claroty 未确认。Series E 是根据 2024 年 3 月 Series E-II 交割时 $635M 的累计融资额,以及 2022 年初 SEC EDGAR Form D SPV 文件推算。Claroty 未公布完整融资历史。
[CI001, CI004, CI005, CI006, CI007, CI008]每根柱代表一轮新增融资,到 2026 年 1 月累计约 $885–900M。
种子轮、Series A/B 轮和 Series C 轮金额为分析估算,依据 CB Insights 数据和投资者披露。Series E 轮由 Series E-II 轮完成时 $635M 的累计融资额推算。所有数字均以百万美元计。
[CI007, CI032]4.2 收入模式、定价架构与 ARR 披露
Claroty 的收入模式围绕经常性软件订阅展开,主要由两条产品线交付:云原生 SaaS 平台 Claroty xDome,以及本地部署软件 Claroty Continuous Threat Detection(CTD)。两款产品覆盖同样四个功能支柱——暴露面管理、网络防护、安全访问和威胁检测——但面向客户不同的 IT/OT 架构偏好。SaaS(xDome)产品预计毛利率更高,长期净收入留存也更强;本地部署的 CTD 则能进入不允许云连接的气隙隔离环境。 Claroty 在 2026 年初增加了第三项独立产品:CPS Library。这是一个 AI 驱动的资产目录,号称业内首个能跨厂商呈现信息物理资产可见性并归因漏洞的产品。CPS Library 可能在核心平台之上叠出新的订阅收入流,目标客户是需要汇总 OT/IoT 资产情报、且信息范围超出自有 Claroty 传感器部署的企业安全团队。 收入主要来自企业合同,通常是与 Fortune 500 和关键基础设施运营商谈成的多年期协议。定价据信按资产计费(按设备或按站点订阅),部署和持续支持的专业服务另按标价收取。公司没有公布价格;Claroty 竞争靠的是平台广度和 OT 专属领域经验,而不是价格,这也符合其高端企业级供应商的定位。 唯一公开披露的年经常性收入(ARR)里程碑,是公司在 2023 年超过 $100 million ARR,这一点在 2024 年 3 月 6 日的 Series E-II 新闻稿中宣布。CB Insights 根据二级市场数据估计 2026 年 ARR 约为 $200 million。一篇 Forbes 专访提到「过去三年」ARR 为 $300 million,这看起来是累计口径,或可能指代与公司自身 2023 年 $100 million 里程碑不同的指标——这一数字相互冲突,不能可靠作为某一时点的 ARR 参考。当前 ARR 和收入增长率均未披露。按地区划分的收入、渠道结构以及按垂直行业划分的收入集中度也都未披露。 [CI011, CI012, CI013, CI014, CI015, CI016]
| 收入流 | 交付模式 | 定价基础(估计) | 估计毛利率区间 | 战略作用 |
|---|---|---|---|---|
| Claroty xDome(SaaS 平台) | 云端 SaaS,多租户 | 按资产或站点计费的订阅,企业合同 | ~75–85%(行业基准) | 主要增长驱动;支持远程部署 |
| Claroty CTD(本地部署软件) | 本地部署永久授权 / 订阅 | 按资产授权 + 年度支持 | ~65–75%(行业基准) | 覆盖隔离网 / 受监管环境 |
| CPS Library(资产智能) | 云端附加模块 | 可能打包销售,或按席位附加订阅 | ~80–90%(软件智能层) | 2026 年 1 月推出;新兴收入来源 |
| 专业服务 | 部署与集成 | 按项目计时计料,或固定收费 | ~25–40%(服务行业基准) | 支撑部署;不是主要增长驱动 |
| 支持与维护 | 年度合同续约 | 按授权金额比例(~15–20%) | ~80%+(续约毛利率) | 经常性收入;随多数企业合同打包 |
定价依据和毛利率估计,是基于公开 SaaS 网络安全行业基准做出的分析近似。Claroty 未披露定价、毛利率或收入结构数据。
[CI015, CI016, CI017, CI018]| 指标 | 值 | 参考日期 | 来源类型 | 可信度 | 备注 |
|---|---|---|---|---|---|
| 年经常性收入(ARR)里程碑 | >$100M | 2023 年期间 | 官方(公司披露) | 高 | 已在 2024 年 3 月 Series E-II 新闻稿中确认 |
| ARR 估计(2026 年老股市场) | ~$200M | 2026(估计) | 分析师(CB Insights 老股交易数据) | 低 | CB Insights 基于老股市场交易估计;未经验证 |
| ARR「过去三年」(Forbes) | $300M | 未注明日期 | 第三方汇总(Forbes) | 很低 | 似乎是累计值或过时数据;与公司自己披露的 2023 年里程碑冲突 |
| 客户总数 | 1,000+ | 2026 年初 | 官方 | 高 | 已在 Series F 新闻稿中确认 |
| Fortune 100 覆盖率 | Fortune 100 中的 24 家 | 2026 年 1 月 | 官方 | 高 | 来自 Series F 公告;较 2024 年 3 月的 20%(200 家公司)提升 |
只有「2023 年期间 >$100M ARR」和客户数由公司确认。CB Insights 估计和 Forbes 引用均为第三方信息,可信度低。当前(2026 年)ARR 未披露。
[CI011, CI012, CI013, CI014]收入从企业合同流入,经 SaaS 和本地化交付渠道沉淀为 ARR,另有服务尾部收入,新的 CPS Library 模块则是正在出现的附加项。
[CI011, CI014, CI017]4.3 单位经济、成本结构与财务不透明度
Claroty 尚未公开披露完整财务尽调所需的任何核心单位经济指标:毛利率、净留存率(NRR)、总流失率、获客成本(CAC)、回本周期、平均合同价值趋势,或每账户平均收入。公司处在考虑 IPO 前 12–24 个月的后期私营阶段,通常会把披露推迟到 S-1 招股说明书阶段;这一做法与其状态一致。 可比企业级 SaaS 网络安全公司能提供粗略参照:成熟 SaaS 安全平台的软件毛利率通常在 70% 到 85% 之间,本地部署软件通常低 5 到 10 个百分点。如果 Claroty 的毛利率落在这一区间,且 ARR 约为 $150–200 million(综合 2023 年里程碑和 CB Insights 估计),隐含年度毛利润池约为 $105–170 million。这只是没有可验证支撑的粗略估算,不应视为权威数字。 根据公司新闻稿,截至 2025 年中,Claroty 在 27 个国家约有 700+ 名员工。若 ARR 约为 $200 million,则人均 ARR 约 $285,000——对企业级 SaaS 公司而言是合理的生产率指标,但研发、销售和服务之间的员工结构未披露。2022 年初收购 Medigate 时,公司员工数几乎翻倍;交易价格未披露,因此无法分析收购倍数,也无法判断商誉对资产负债表的影响。 资本消耗值得注意:Claroty 已消耗约 $882 million 公开披露融资,换来 $100+ million ARR(2023 年里程碑),意味着在 Series E-II 时资本 / ARR 比约为 8–9x。安全平台在达到规模前重投研发和企业销售,这并不少见;但与资本效率更高的同业相比,该比率偏高,也凸显 IPO 后需要改善经营杠杆。公司没有任何盈利能力披露——没有 EBITDA、经营现金流,也没有烧钱速度指引——因此烧钱分析完全是推测。 [CI018, CI019, CI020, CI021, CI022, CI023]
| 指标 | 已知 / 估计值 | 依据 | 可信度 |
|---|---|---|---|
| 累计总融资额(所有轮次) | ~$885–900M | 来源:CRN($885M)、SecurityWeek(~$900M)、CB Insights($882M) | 高 |
| 估计累计消耗资本 | $700–800M(粗略估计) | 由公司规模、员工数、收购推导;完全属于推测 | 很低 |
| 估计账面净现金(Series F 后) | 未披露 | 没有公开文件或指引 | N/A — 未披露 |
| 年度烧钱速度 | 未披露 | 没有公开文件或指引 | N/A — 未披露 |
| 估计现金跑道(Series F 后) | 没有烧钱速度,无法估算 | $150M+ 新增资本缓冲;实际现金跑道未知 | N/A — 未披露 |
| IPO 目标窗口(CEO 表述) | 最早 2027 年 | CRN 援引 Calcalist / Yaniv Vardi 表述 | 中 — 已表述的目标,取决于市场 |
烧钱速度和账面现金完全未披露。估计累计消耗资本只是粗略分析近似,可信度很低,不应作为依据。
[CI020, CI026, CI031]Claroty 2026 年 ARR 与估值的点估计和区间估计,对比已披露里程碑、第三方估算和数学推导区间。
所有数值均以百万美元计。估值数字为分析师估算或数学推导;Claroty 尚未公开确认任何绝对估值。
[CI028, CI029, CI030]4.4 资本充足性、估值背景与 IPO 路径
2026 年 1 月的 Series F 为 Claroty 的全球扩张补充了新资金。Golub Growth 的领投角色,对判断战略意图很关键:Golub Capital 是后期增长信贷和股权平台,过去常在被投公司 IPO 前 12–36 个月切入,用灵活的债务和股权结构提供 IPO 前资本,同时管理既有股东稀释。Series F 采用股权结构(而不是收入分成融资或可转债),说明公司的治理和股权结构表正在向公开市场标准靠拢。 CEO Yaniv Vardi 曾通过 Calcalist 公开表示,并由 CRN 报道,Claroty 最早可能在 2027 年寻求首次公开募股(IPO),前提是市场条件允许。这意味着从 Series F 交割起,公司进入 12–18 个月 IPO 准备窗口。作为背景,Armis 在 2022 年完成最后一轮私募融资(估值 $4.6 billion),随后于 2025 年被 ServiceNow 以 $7.75 billion 收购;Nozomi Networks 在 2025 年被 Mitsubishi Electric 以约 $1 billion 收购前也曾融资。Claroty 目前是市场上主要的大规模、独立纯 CPS/OT 安全公司。 估值方面,公司确认较 2024 年 3 月基线提高 80%。2024 年 3 月融资被广泛报道为投后估值约 $2.5 billion(据 CRN,引用「此前报道」)。从 $2.5 billion 提高 80%,意味着当前估值约 $4.5 billion。不过 Calcalist 报道 Series F 估值约 $3 billion——SecurityWeek 明确指出,这一数字与 80% 增长和 $2.5 billion 基线的组合在数学上不一致。这个差异需要向公司直接核验;它意味着至少存在三种可能:2024 年 3 月 $2.5 billion 数字被高估,Calcalist 的 $3 billion 被低估,或 80% 增长所对应的基线低于 $2.5 billion。 目前没有发现 2024 年 Series E-II 或 2026 年 Series F 的 SEC Form D 备案。这种缺失与使用 Cayman Islands 或其他非美国基金结构相符(2022 年 Team8-Claroty II 和 Marker-Claroty 的 Form D 备案已有类似迹象),也可能说明使用的是根据 Regulation D 不构成需 Form D 备案股权证券的债务或结构化信贷工具。AllianceBernstein 私募信贷参与 Series E-II,支持了这些轮次至少一部分涉及结构化工具的假设。 [CI026, CI027, CI028, CI029, CI030, CI031]
| 财务指标 | 是否公开披露? | 细节层级 | 最佳可用来源 |
|---|---|---|---|
| 累计融资总额 | 是 | 部分(仅主要轮次;Series E 未披露) | 公司新闻稿、CRN、SecurityWeek |
| 估值(绝对值) | 否 | 公司仅确认百分比变化;未给出美元金额 | Calcalist($3B 估计)、推算值($4.5B) |
| 当前年经常性收入(ARR) | 否 | 仅公开披露 2023 年里程碑(">$100M") | 公司 Series E-II 新闻稿;CB Insights 估计 |
| 收入增长率 | 否 | 未披露 | 无公开来源 |
| 毛利率 | 否 | 未披露 | 仅行业基准近似 |
| 净收入留存率 | 否 | 未披露 | 无公开来源 |
| EBITDA / 盈利能力 | 否 | 未披露;公司未说明走向盈利的时间表 | 无公开来源 |
| 烧钱速度 / 现金跑道 | 否 | 未披露 | 无法从公开数据估算 |
| 员工数 | 部分 | 700+ 人,覆盖 27 个国家(2025 年中新闻稿) | Claroty Series F 新闻稿 / 公司新闻稿 |
| 客户集中度 | 否 | 未披露头部客户名称;仅披露汇总客户数 | 无公开来源 |
披露口径符合 IPO 前私营公司特征。如果 IPO 推进,预计 S-1 招股说明书会完整披露财务数据。
[CI033, CI034, CI035]按披露状态归类关键财务指标,展示潜在 IPO 申报前限制外部财务分析的信息缺口范围。
[CI033]4.5 财务结论与主要尽调阻碍
Claroty 的财务画像符合一家资本充足、后期私营公司冲刺 2027 年 IPO 的特征。已确认的 $100 million ARR 里程碑(2023 年)以及由 IPO 前投资人领投的 Series F,说明公司已经达到订阅收入规模;但当前 ARR、增长率和单位经济仍未核实。累计融资($882–900 million)与已披露 ARR(截至 2023 年 $100M+)相比,体现出企业安全平台典型的资本密集型增长模式,市场预期其 IPO 后经营杠杆会改善。 主要财务尽调阻碍包括:(1)Series D 到 Series E-II 之间约 $400 million 的融资缺口,期间轮次的条款、投资人或结构没有公开披露;(2)估值数字在数学上无法调和——以 $2.5 billion 为基线增长 80% 意味着 $4.5 billion,而 Calcalist 报道为 $3 billion——说明至少一个公开数字有误;(3)毛利率、留存、烧钱速度和单位经济数据完全缺失,导致无法估计现金跑道;(4)Series E-II 中的结构化信贷部分(AllianceBernstein 私募信贷)条款、契约和受偿顺位未知。 正面信号包括:Golub Growth 领投 Series F,隐含对 IPO 准备度的认可;估值提升 80%,确认 2024 年以来企业价值有实质创造;1,000+ 客户基础,其中包括 24 家 Fortune 100 公司;以及同时获得 Gartner Magic Quadrant 领导者和 Forrester Wave 领导者认可。MarketsandMarkets 给出的可服务市场背景(OT 安全市场到 2030 年增至 $44.8 billion,CAGR 17.6%)为 ARR 增长提供了大的顺风。 评估 Claroty 的收购方分析师和投资人需要独立核验:当前 ARR(以及增长率)、净留存率(NRR)、按产品线划分的毛利率、烧钱速度和现金余额、股权结构表中的受偿顺位结构(尤其是私募信贷工具),以及未披露的 2021–2022 年 Series E 的性质和条款。这些问题无法从公开来源解决。 [CI033, CI034, CI035, CI036, CI037]
05产品与技术
5.1 平台范围与部署架构
Claroty Platform 是一套企业级信息物理系统(CPS)保护套件,围绕六个支柱组织:资产清单、暴露面管理、网络防护、安全访问、威胁检测和运营效率。它通过两款主产品交付:Claroty xDome,一款云原生 SaaS 产品,面向重视快速部署和低基础设施负担的组织;Claroty Continuous Threat Detection(CTD),一套稳健的本地部署方案,面向有严格数据驻留或延迟要求的气隙隔离工业环境。两款产品共用同一检测引擎、分析框架和 CPS Library 集成,因此客户选择任一路径都能获得功能上等价的覆盖。第三个组件 Claroty xDome Secure Access(原 Claroty SRA)为内部和第三方 OT 人员提供零信任远程访问,不需要传统 VPN 基础设施或共享凭据。 Claroty Edge 作为零基础设施边缘数据采集器,扩展了平台覆盖范围。它运行在现有 Windows 基础设施上——本地或云端均可——不需要网络传感器或物理占位,让组织能够发现远程站点、气隙隔离区域以及无法支撑完整 CTD 部署的分布式环境中的资产。平台支持四种发现方法:被动监测(非侵入式流量检查)、Safe Queries(为脆弱 OT 系统调校的低影响主动查询)、Project File Analysis(离线 PLC/DCS 项目文件解析)和 Ecosystem Enrichment(摄取防火墙、交换机和 CMMS 集成数据)。Claroty 声称这些方法合计覆盖 450+ 种工业协议,并将其称为业内最深的协议库。 CPS Library 于 2025 年 11 月推出,是一个 AI 驱动的资产目录,使用 LLM 和统计推断建模,把碎片化设备标识符解析为规范、经厂商验证的记录。该库解决的是一个系统性 OT 数据质量问题:Claroty 自有 Team82 研究发现,88% 的 CPS 资产不会传输精确产品代码,76% 传输的产品名称与厂商官方记录不同。与 Rockwell Automation 和 Schneider Electric 的 OEM 合作支撑了资料库准确性。MCP Server 层允许生成式 AI 工具查询 CPS 资产清单,加快事件响应,也让团队能在 CPS 安全数据之上使用自己偏好的 AI 助手。[CE001, CE002, CE003, CE004, CE005, CE006]
| 模块 / 产品 | 主要用户 / 买方 | 部署模式 | 状态 / 成熟度 | 关键差异点 | 尽调缺口 |
|---|---|---|---|---|---|
| Claroty xDome | CISO / OT 安全团队 | SaaS(云端) | GA / 成熟 | 模块化 SaaS;AI 增强;最快见效 | 部分受监管行业受数据驻留限制 |
| Claroty CTD(本地部署 Continuous Threat Detection) | CISO / OT 安全团队 | 本地部署 | GA / 成熟 | 不依赖云;深度被动 OT 流量分析 | TCO 更高;需要配置硬件 |
| Claroty xDome Secure Access(安全访问) | OT/ICS 工程师;供应商访问管理 | SaaS + 本地网关 | GA;认证绕过 CVE 已于 2025 年 10 月修补 | 零信任远程访问;会话录制;MFA | CVE 修补后的安全保障节奏;第三方审计状态 |
| Claroty Edge | IT/OT 融合团队;MSSP | Windows 主机上的代理 | GA / 成熟 | 零基础设施;可在远程 / 隔离网点运行 | 覆盖完整性相对于纯被动部署的差异 |
| CPS Library(AI 驱动) | 安全分析师;资产经理 | 云端(集成 xDome) | 2025 年 11 月起 GA | LLM-RAG + 统计推断;OEM 验证的设备 ID | Rockwell / Schneider / Siemens 以外厂商覆盖 |
| xDome for Healthcare(IoMT 医疗) | 生物医学 / 临床工程;CISO | SaaS | GA / 成熟 | CMMS 集成;MDS2/SBOM/VEX;Siemens Healthineers 合作伙伴数据 | FDA/MDR 合规映射公开文档不完整 |
| xDome for Government(政府版) | 联邦 / SLED 安全团队 | SaaS + 本地 CTD | GA;已映射 BOD 26-02 | NERC CIP、NIST CSF、FedRAMP 路径(状态未确认) | FedRAMP 授权状态不清楚 — 需尽调 |
状态基于截至 2026 年 5 月的 Claroty 官方产品页和新闻稿。xDome Secure Access CVE 修补日期经 Dark Reading 确认(2025 年 10 月)。FedRAMP 状态未确认。
[CE001, CE002, CE003, CE004, CE005, CE006]产品层级从物理资产层向上延伸到检测 / 分析和管理平面,展示 xDome、CTD、SRA 与 CPS Library 的关系。
层级结构来自 Claroty 官方产品页面和新闻稿;没有通过独立的平台架构审计验证。
[CE001, CE003, CE004, CE005, CE006, CE022]5.2 产品模块、用例与垂直行业
Claroty 的上市打法围绕四个垂直行业拆分——工业、医疗、商业建筑和公共部门——每个行业都在共用平台之上叠加定制化方案。工业垂直(制造、油气、公用事业、制药)是公司最大的垂直行业,依赖 CTD 或 xDome 获得深度 OT 资产可见性,并用 xDome Secure Access 支撑工程师和供应商远程访问。医疗垂直通过 Claroty xDome for Healthcare 覆盖,这是一套模块化 SaaS 方案,为 Internet of Medical Things(IoMT)设备增加临床语境增强:输液泵、患者监护仪、输注系统、智能 HVAC 以及其他联网临床资产。医疗专属差异化包括:与 Computerized Maintenance Management Systems(CMMS)集成;支持医疗设备 OEM 合作伙伴提供的 MDS2(Manufacturer Disclosure Statement for Medical Device Security)、SBOM 和 VEX(Vulnerability Exploitability eXchange)文件;以及 Siemens Healthineers 技术合作,把厂商整理的漏洞和缓解指引直接嵌入 xDome 工作流。 商业建筑垂直面向数据中心、零售、酒店和园区环境;这些场景里的 Building Management Systems(BMS)、HVAC 和物理访问控制器,构成了经常被低估的 CPS 攻击面。Claroty 的公共部门叠加方案,为 NERC CIP(电力公用事业)、CISA BOD 26-02(联邦网络边缘设备替换)、NIST CSF 等联邦框架提供具体合规映射,并包含 xDome for Government 版本。在所有垂直行业里,合规和报告模块都会自动收集证据,并为 NIS2、NERC CIP、IEC 62443、HHS Section 405(d) 和 NIST CSF 等框架生成可用于审计的报告。 xDome Secure Access 模块(原 Claroty SRA)为 OT/ICS 网络提供零信任远程访问。它强制执行细粒度按设备访问策略、会话录制、即时凭据托管和多因素认证——这些是补偿性控制,用来覆盖未打补丁的老旧 PLC 无法原生执行认证的环境。Gartner 2026 Market Guide for CPS Secure Remote Access 将 Claroty 列为代表性厂商,确认其在该细分市场的可见度。不过,SRA 产品曾被发现并修补一个关键认证绕过漏洞(CVE,2025 年 10 月),凸显访问层本身就是目标,也需要严格的安全保证。[CE009, CE010, CE011, CE012, CE013, CE014]
| 用户任务 / 工作流 | 未使用 Claroty 时的当前痛点 | Claroty 方案组件 | 可衡量收益(宣称) | 已知限制 |
|---|---|---|---|---|
| 多站点 OT 网络资产发现 | 缺少完整 OT 资产清单;存在影子设备 | xDome + Claroty Edge + 被动监测 | 450+ 种协议;保护 40M+ CPS(公司宣称) | 隔离网 / 纯被动场景缺口需要部署 Edge |
| OT 漏洞优先级排序 | IT 扫描器产生误报;脆弱 OT 设备无法扫描 | CPS Library + 暴露面管理引擎 | 确定性地把 CVE 归因到资产;减轻分析师负担 | 顶级合作伙伴生态以外存在 OEM 覆盖缺口 |
| 供应商 / 工程师安全远程访问 | 共享 VPN 凭据;看不到会话;访问不可控 | xDome Secure Access(零信任) | 会话录制;按设备 MFA;JIT 凭据 | 2025 年 10 月认证绕过 CVE(已修补);持续保障风险仍在 |
| OT/ICS 威胁检测 | IT SIEM 规则漏掉 OT 专有协议;误报率高 | CTD / xDome 威胁检测引擎(450+ 个协议解析器) | 感知协议的检测;异常基线建模 | 行为基线需要 30–90 天学习窗口 |
| 合规报告(NIS2、NERC CIP、IEC 62443) | 审计证据手工收集,耗时数天 | Claroty 合规与报告模块 | 数分钟自动生成可供审计的报告(公司宣称) | 自定义框架映射可能需要专业服务 |
| 医疗 IoMT 设备风险管理 | IT 工具无法识别临床设备;缺少上下文风险 | xDome for Healthcare + Siemens Healthineers 合作伙伴数据 | MDS2/SBOM/VEX 修复指导;临床上下文威胁检测 | 与医疗设备 OEM 的联盟仍在扩展 |
标注「公司宣称」的收益来自 Claroty 官方页面,本章未用客户访谈独立验证。限制来自公开报道和产品架构分析。
[CE007, CE008, CE009, CE010, CE011, CE014]| 层 / 组件 | 在平台中的作用 | 关键依赖 | 技术风险 |
|---|---|---|---|
| 被动流量监测(SPAN/TAP) | OT 发现与威胁检测的主要数据源 | 网络交换机 SPAN 端口或 TAP 设备访问 | 会漏掉未在受监测网段广播的资产 |
| Claroty Edge(基于代理) | 面向远程 / 隔离网站点的零基础设施发现 | 目标站点现有 Windows 主机 | 覆盖质量取决于客户部署纪律 |
| Safe Queries | 低影响主动询问 CPS 资产 | 用资产画像数据调校查询参数 | 需要细致调校;不适合高度脆弱的遗留设备 |
| 项目文件分析 | 离线分析 PLC/DCS 程序,用于资产归因 | 需要访问工程项目文件(如 Rockwell、Siemens 导出文件) | 需要人工交接;非实时 |
| CPS Library(AI/LLM-RAG) | 确定性设备身份解析与 CVE 归因 | OEM 合作伙伴数据馈送(Rockwell、Schneider、Siemens) | 顶级 OEM 合作伙伴以外设备的准确率下降 |
| CTD / xDome 检测引擎 | 感知协议的异常检测、策略执行 | 协议特征与行为基线(30-90 天学习) | 部署初期的基线期会造成检测盲区 |
| xDome Secure Access(SRA 网关) | 面向 OT 网段的零信任远程访问 | 本地 SRA 网关节点 + 云管理平面 | SRA 认证绕过 CVE 已于 2025 年 10 月修补;安全攻击面仍在 |
| 集成层(SIEM/SOAR/EDR/NAC) | 流向 IT 安全栈的双向数据流 | 客户侧 SIEM/SOAR 配置与凭据管理 | 集成复杂度可能压垮精简 OT 安全团队 |
架构层来自 Claroty 官方平台页面、Industrial Cyber 报道和 SecurityBrief 报道。风险评估反映公开已知问题和架构推断;未经独立审计。
[CE003, CE005, CE007, CE031, CE032, CE033]客户如何借助 Claroty 平台,从初始资产发现走到风险优先级排序,再到修复动作。
工作流来自 Claroty 官方产品页面和 SecurityBrief UK 对 Visibility Orchestration 的报道;反映的是已记录的产品能力,而非特定客户部署审计。
[CE007, CE008, CE025, CE026]5.3 Team82 威胁研究与开发者触面
Team82 是 Claroty 内部网络安全研究部门,公司将其定位为自有竞争护城河。该团队披露了 750+ 个 ICS 漏洞——超过任何其他 OT 安全厂商或研究组织——并依据正式 Coordinated Disclosure Policy 发布协调披露,同时提供公共 PGP 密钥用于安全厂商沟通。近期披露包括 Trane Tracer SC/SC+/Concierge 楼宇控制器中的多个 CVE(2026 年 3 月)以及 Schneider Electric Modicon M241/M251/M262 PLC 中的多个 CVE(2026 年 3 月)。在 2026 年 3 月报告「Analyzing CPS Attack Trends」中,Team82 分析了 12 个月内 200+ 起已验证事件,发现 82% 的攻击利用远程访问协议,66% 瞄准 HMI 和 SCADA 系统——这些研究直接支撑 Claroty 围绕 SRA 和监测的产品叙事。 Team82 在 github.com/claroty 维护 GitHub 组织,拥有 10+ 个公开开源研究工具,包括:Arya(用于 YARA 测试的伪恶意文件生成器)、EtherNet/IP & CIP Stack Detector(识别 OT 网络中特定厂商固件栈)、OPC UA Fuzzer 和 OPC UA Exploit Framework、MMS Stack Detector、BusyBox AFL 模糊测试框架、netunnel(HTTP/S 网络隧道工具)、WinCE-Debugger 和 PCOM-Tools。该组织有 145 名 GitHub 关注者,反映出 OT/ICS 安全研究社区里小众但真实的从业者参与。这些工具被防御方和其他研究者使用,使 Claroty 成为开放 OT 安全工具链的上游贡献者。 Team82 扮演双重角色:一边生成威胁情报并反哺平台检测规则,一边提供公益型漏洞研究来建立品牌可信度。这种投入是差异化的,少数 OT 厂商能够按规模复制。Team82 的研究直接加速协议库和检测引擎更新;EtherNet/IP 栈检测器和协议专属模糊测试器已经推动了新协议覆盖,否则这些协议可能需要数月逆向工程。Vulnerability Disclosure Dashboard(可在 claroty.com/team82 公开访问)实时追踪所有 Team82 CVE,并包含厂商归因和 CVSS 分数。[CE016, CE017, CE018, CE019, CE020, CE021]
| 活动 / 产出 | 描述 | 规模 / 指标 | 对平台的相关性 |
|---|---|---|---|
| ICS 漏洞披露 | 跨厂商协调披露 OT/IoT/IoMT 漏洞 | 披露 750+ 个 CVE(公司宣称,截至 2026 年) | 供给检测规则更新和 CPS Library CVE 映射 |
| 开源研究工具 | GitHub.com/claroty:模糊测试框架、协议栈检测器、漏洞利用框架 | 10+ 个公开仓库;145 名 GitHub 关注者 | 展示协议深度;被一线实践者社区使用 |
| 威胁情报报告 | CPS 攻击趋势、行业风险年度 / 半年度报告 | 报告:'Analyzing CPS Attack Trends'(2026 年 3 月);医疗 / 建筑报告 | 支撑产品叙事;内部验证 2025 年 200+ 起事件 |
| 协议模糊测试(OpENer、OPC UA、BusyBox、MMS) | 为工业协议栈集成 AFL 模糊测试器 | 开源 4+ 个协议模糊测试器 | 推动 CTD/xDome 覆盖新的协议解析器 |
| 厂商协作(Trane、Schneider、Rockwell) | 与主要 OT OEM 协调披露 | 触发 2 份 CISA ICS-CERT 通告(2026 年 3 月:Trane、Schneider) | 强化 OEM 关系;提升 CPS Library 数据质量 |
Team82 CVE 数量(750+)是公司截至 2026 年的说法;2026 年 3 月,2 份 CISA ICS 通告提到 Claroty Team82 披露,提供独立佐证。GitHub 关注者数已在 2026-05-18 确认为 145。
[CE016, CE017, CE018, CE019]Team82 研究流水线的关键依赖,以及研究产出如何回流到平台能力和生态关系。
依赖边为作者根据 Team82 产出和平台文档的公开描述推断。内部 R&D 流程细节未公开披露。
[CE016, CE017, CE018, CE019, CE020, CE021]5.4 集成生态与技术联盟
Claroty 的集成策略遵循「CTAP」(Claroty Technology Alliance Program)认证框架。集成类别覆盖:SIEM/SYSLOG 导出(IBM QRadar、Microsoft Sentinel、Splunk、ArcSight)、SOAR/工单(ServiceNow、PagerDuty、Jira)、防火墙和 NAC(Palo Alto Networks、Fortinet、Cisco、Claroty 分段策略)、终端 / EDR(CrowdStrike Falcon、Microsoft Defender for Endpoint——用于 OT 资产增强)、漏洞管理(Tenable、Rapid7)以及 OEM 级设备增强(Rockwell Automation AssetCentre、Schneider Electric、Siemens Healthineers)。xDome 平台内置 EDR、云和 SNMP 集成的应用内编排,并可在同一个用于可见性评分的建议页面配置。 Rockwell Automation 集成是旗舰案例:Rockwell 客户可以在 Rockwell 的 FactoryTalk AssetCentre 中获得 Claroty 的漏洞和威胁情报增强,让 OT 团队无需切换控制台就能执行安全建议。Schneider Electric 在 CPS Library 发布时贡献了设备数据。Siemens Healthineers 与医疗 xDome 的合作,为 xDome 用户提供厂商整理的 MDS2、SBOM 和 VEX 修复指引。Claroty 将这些关系归类为 CTAP 认证,并注明集成「由 Claroty 或合作伙伴构建并支持」,从而明确支持归属。 在发现和数据采集侧,xDome 集成医疗场景中的 CMMS 系统、用于用户身份归因的 Active Directory/LDAP,以及通过 EDR 集成(CrowdStrike Falcon、Microsoft Defender)接入的终端代理,用进程级语境增强 OT 资产画像。CPS Library 的 MCP Server 让生成式 AI 工具(客户自选的大语言模型)可以用自然语言接口查询 CPS 安全数据,使 Claroty 在企业 AI 工作流集成上领先于多数 OT 同业。Claroty xDome 平台还与 Cisco 工业交换机和防火墙集成,用于主动网络流量可见性和策略执行点。[CE022, CE023, CE024, CE025, CE026]
| 控制 / 认证 / 集成 | 类别 | 状态 | 范围 / 缺口 |
|---|---|---|---|
| Rockwell Automation(AssetCentre 集成) | 合作伙伴证明 / OEM 增强 | CTAP 认证;GA | 工业 OT;FactoryTalk AssetCentre 数据同步 |
| Schneider Electric(CPS Library OEM 数据) | 合作伙伴证明 / OEM 增强 | 2025 年 11 月起 GA | 工业 OT;Modicon、Pelco 设备数据 |
| 合作伙伴:Siemens Healthineers(xDome Healthcare) | 合作伙伴证明 / 医疗设备 OEM | GA;CTAP 认证 | 医疗 IoMT;MDS2/SBOM/VEX 数据馈送 |
| CrowdStrike Falcon(EDR 集成) | 技术联盟 / 端点增强 | CTAP 名录合作伙伴 | 借 EDR 遥测增强 OT 资产信息;不是面向 OT 的完整 EDR |
| SIEM 集成:IBM QRadar / Microsoft Sentinel / Splunk | 技术联盟 / SIEM 导出 | 支持集成 | 告警和资产数据可导出;SIEM 配置复杂度落在客户侧 |
| 合规框架:NIS2 / NERC CIP / IEC 62443 / NIST CSF | 合规映射 | 可生成自动报告(公司声称) | 自定义框架的映射覆盖可能需要专业服务 |
| HHS Section 405(d) / HICP(医疗) | 监管合规 | xDome Healthcare 合规模块 | 医疗专用;FDA 上市前网络安全映射仍有缺口 |
| Gartner Peer Insights(CPS Protection Platforms 客户评价) | 第三方验证 | 4.9/5 评分;119 条评论;97% 推荐(截至 Mar 2026) | Gartner Peer Insights 由客户自行提交;未经独立审计 |
CTAP Certified 状态依据 Claroty 合作伙伴页面。合规映射依据 Claroty 官方产品页面(公司声称)。 Gartner Peer Insights 分数来自 SecurityBrief UK 对 Claroty 披露的引用。
[CE022, CE023, CE024, CE027, CE028, CE029]根据产品页面深度、分析师认可和专用功能证据,估算 Claroty 核心平台能力在四个垂直行业的成熟度。
成熟度评级(高 / 中 / 低)是分析师依据产品文档深度、垂直行业合作伙伴关系以及分析师认可度做出的推断, 不基于客户调研数据或独立技术基准。
[CE009, CE010, CE011, CE012, CE028]5.5 关键优势与差异化
Claroty 最核心的技术差异化在于协议深度、研究投入和平台广度。450+ 协议库——历时十年构建,并通过 Team82 的逆向工程持续扩展——是分析师和客户评估中最稳定被提及的护城河。截至 2026 年 3 月,Gartner Peer Insights 的 CPS Protection Platforms 市场评分为 4.9/5,基于 119 条评分,且「愿意推荐」比例为 97%,反映实施满意度强。公司被评为 2026 Gartner Magic Quadrant for CPS Protection platforms 的领导者(连续第二年),并成为 2026 Gartner Market Guide for CPS Secure Remote Access 的代表性厂商。Forrester Wave for IoT Security Solutions Q3 2025 同样将 Claroty 置于领导者区间。 CPS Library 和 AI 驱动的资产识别流水线,是近期最具差异化的产品投入。Claroty 将 LLM-RAG 和统计推断建模嵌入平台,把碎片化 OT 协议广播规模化转成确定性、经厂商验证的设备身份——这解决了过去每个站点往往需要数周人工核对的问题。平台覆盖四大 CPS 垂直行业(工业、医疗、商业、公共部门),并提供垂直专属合规映射和合作伙伴集成,这也让点状方案厂商很难快速复制。Team82 的开源工具链和协调披露纪律进一步强化了平台检测能力的技术可信度。[CE027, CE028, CE029, CE030]
5.6 技术风险与限制
有几类技术风险需要重点审视。第一,SRA 认证绕过 CVE(据 Dark Reading 报道,2025 年 10 月修补)显示,平台最关键的访问控制组件曾存在高严重性漏洞。虽然已修补,但 SRA 作为进入 OT 网络的网关,意味着任何未来 SRA 漏洞都可能成为高度诱人的攻击向量;SRA 的持续安全保证流程是关键尽调项。第二,被动优先的发现理念虽然在运营上安全,却意味着不在受监测网段广播的资产、气隙隔离设备以及仅固件可见的设备,如果没有补充 Safe Queries 或 Edge 部署,可能仍然不可见。管理异构、多站点环境的客户经常会发现,要做到完整资产清单,必须组合全部四种发现方法,从而增加部署复杂度。 第三,平台 SaaS(xDome)模式需要云连接,一些有严格数据驻留要求的 OT 环境无法接受;本地 CTD 填补了这一缺口,但 TCO 更高。第四,Claroty 的 CPS Library AI 准确性高度依赖 OEM 合作覆盖——Rockwell/Schneider/Siemens-Healthineers 联盟之外厂商的设备,在新增合作伙伴接入前,属性解析质量可能较低。第五,集成目录(SIEM、SOAR、EDR、NAC、漏洞管理)覆盖面广且技术上成立,但需要专门实施投入;没有成熟 IT 安全运营团队的客户,可能会觉得集成面不是增益,而是负担。最后,Claroty 在 GitHub 上有 145 名关注者,工具参与度也偏小众;与 IT 原生安全厂商相比,更广泛的开发者社区较小,限制了可加速功能路线验证的众包反馈循环。[CE031, CE032, CE033, CE034, CE035]
5.7 图表
06客户情况
6.1 客户基础与垂直行业结构
Claroty 全球服务 1,000 多家客户——这一里程碑在 2023 年达成——其 Claroty xDome SaaS 平台和本地部署 Continuous Threat Detection(CTD)已在全球 8,000 多个站点部署。24 家 Fortune 100 是具名客户,使 Claroty 在最大企业层级的信息物理系统(CPS)保护市场中确立了主导供应商地位。业务覆盖北美、EMEA 和亚太,并由 27 个国家的 700 多名员工支撑。公司覆盖四个主要垂直行业:(1)医疗——由 Claroty xDome for Healthcare 牵头,覆盖医院环境中的 IoMT、联网医疗设备和 OT 楼宇管理系统;(2)工业 / OT——服务能源、油气、公用事业、制造、食品饮料和化工;(3)公共部门——覆盖联邦文职、Department of War(DoW)、情报界、SLED 机构和关键基础设施运营商;(4)商业 / 零售——面向零售商、物流公司、仓储和数据中心运营商。与 Dragos 等纯 OT 厂商相比,垂直多元化降低了集中度风险;不过考虑到连续五年 KLAS 认可,医疗垂直看起来最深。每个垂直行业都有专门网页、方案组合和合作伙伴生态。Claroty 的商业页面显示支持 40+ 个垂直行业、覆盖 450+ 种 OT/IoT 协议、保护 8,000+ 个站点——显示广泛协议覆盖是其对抗更窄竞争对手的竞争护城河。 [CU001, CU002, CU003, CU005, CU006]
| 垂直行业 | 主要买方 / 用户 | 核心用例 | 规模 / 覆盖 | 收入 / 战略价值信号 | 证据缺口 |
|---|---|---|---|---|---|
| 医疗 | 医院系统、医疗网络、IDN | IoMT 可视化、医疗设备安全、HHS/HIPAA/NIS2 合规 | 35 家 KLAS 评估机构;具名:South Tees NHS、Yale、Ohio State、PANYNJ 邻近案例 | 高 — KLAS Best in KLAS 连续 5 年,2026 年 92.5/100;评估者数量最高 | NRR 和医疗 ARR 占比未披露 |
| 工业 / OT | 制造商、能源生产商、油气、公用事业、食品饮料 | OT 资产可视化、NERC-CIP 合规、勒索软件防护、ICS 分段 | 具名:Britvic、Phlow Corp.、全球制造商(匿名);总站点 8,000+ | 高 — 多家 Fortune 100,生产环境部署 > 2 年 | 垂直行业收入拆分未披露 |
| 公共部门 | 联邦民事机构、DoW、情报界、SLED | FRCS 安全、获得 ATO、CMMC 合规、零信任 OT | 40+ 家聚焦 SLED 的合作伙伴;Carahsoft NASPO ValuePoint(May 2026);DoW 导弹防御 ATO | 战略性 — Dec 2025 首批国防 / 情报界 ATO 落地;政府渠道刚制度化 | 合同金额和管线规模未披露 |
| 商业 / 零售 | 零售商、物流运营商、仓储、数据中心、机场 | OT/ICS 供应链韧性、楼宇管理、货运自动化安全 | 具名:Coop Switzerland、欧洲机场(匿名) | 中 — 案例研究扎实,但公开证据少于医疗 | 案例研究有限;零售门店铺开仍处计划阶段 |
垂直行业分类依据 Claroty 发布的案例研究和垂直行业落地页。按垂直行业划分的收入拆分未披露。 规模指标采用公司发布里程碑中的代理指标。
[CU001, CU005, CU019, CU026, CU024]展示四个垂直行业的买家如何从认知推进到客户背书,并标出每个阶段的产品 / 渠道触点和扩张触发因素。
阶段推进来自现有案例研究和新闻稿的泛化;单个客户旅程会随垂直行业和起点成熟度变化。节点到阶段的映射代表主导模式。
[CU005, CU007, CU014, CU024, CU035]6.2 具名客户证明与案例研究
Claroty 发布了 40 多个具名和匿名案例研究,覆盖多个垂直行业;本章审视的公开具名客户中,有 8 家确认已进入生产部署。The Port Authority of New York and New Jersey(PANYNJ)——美国最大的交通机构之一,管理主要机场、桥梁、隧道、World Trade Center 综合体和一个大型巴士总站——在一次详尽的 265 问技术评估后部署了 Claroty CTD 和 Enterprise Management Console(EMC);当时只有三家厂商回应,且没有一家能匹配 Claroty 的覆盖深度。面向数百套 ICS、包含数千资产的初始实施约耗时两年,其中最关键系统的大部分在前 8–10 个月内完成上线。South Tees Hospitals NHS Foundation Trust 在英国 6 家设施部署了全部 xDome 模块,服务 1.5 million 人,并与 Fortinet FortiNAC 集成做网络访问控制,同时利用 AWS 云实现可扩展性。Britvic(英国饮料)先混合部署 CTD 和 SRA,验证合规与 OT 可见性,然后扩展到 xDome,并在法国和巴西新增站点——这是明确的先落地再扩张模式。Coop Switzerland(零售 / 批发)在物流、仓储和生产站点实现 100% OT/ICS/IoT 资产可见性,已执行网络分段,并正在推进零售门店铺开。制药领域,Phlow Corp.——一家美国医药 CDMO,在 Virginia 拥有 cGMP 设施——部署 xDome 做实时监测、微分段,以及实验室 / 制造 / 仓库可见性。一家欧洲大型机场(年客流 50M+)在货运系统和楼宇基础设施中部署 CTD、Secure Access 和 EMC,实现受管第三方供应商访问和完整 OT 画像。Connecticut 最大医疗服务提供者 Yale New Haven Health System 使用 Claroty 进行全企业 IoMT 和 IoT 资产风险评分,并正在推进 Cisco ISE 网络分段项目。公开具名案例研究中的行业与地理多样性,再叠加多年生产运行时间,按行业标准构成了高质量参考证明。 [CU007, CU008, CU009, CU010, CU011, CU012]
| 客户 | 细分 | 部署 / 用例 | 生产环境 / 试点 | 可衡量结果 | 局限性 |
|---|---|---|---|---|---|
| 客户:Port Authority NY/NJ (PANYNJ) | 公共部门 / 交通 | 全量 OT 风险管理:机场、桥梁、隧道、WTC、铁路、巴士总站;CTD + EMC | 生产环境(已运行 2+ 年) | 8–10 个月内 100% ICS 接入;实时威胁检测;NIST CSF 合规 | 具体资产数量和漏洞细节已遮盖 |
| South Tees Hospitals NHS | 医疗 | 全部 6 个设施、全部 xDome 模块;集成 Fortinet FortiNAC;覆盖 1.5M 患者人群 | 生产环境(多年) | 完整设备清单;网络分段;向利益相关方证明 ROI;DSPT 合规 | 精确设备数量和成本未发布 |
| 客户:Yale New Haven Health System | 医疗 | 全企业 IoMT + IoT 风险评分;Connecticut 最大医疗系统 | 生产环境(持续运行) | 全面的风险评分清单;Cisco ISE 集成推进中;识别 PHI 设备 | 集成阶段仍在推进;使用率指标不完整 |
| Britvic PLC | 制造业(食品饮料) | 英国制造站点部署 CTD 混合版 + SRA;扩展到 xDome 以及法国、巴西站点 | 生产环境(扩展中) | 安装后 2 小时内看到数据;实时 OT 可视化;满足合规 | 收入贡献未披露 |
| Coop Switzerland | 商业 / 零售 | xDome 覆盖物流、仓储、生产;正扩展到门店零售 | 生产环境(扩展中) | 100% OT/ICS/IoT 可视化;执行细粒度网络分段;减少人工维护 | 门店铺开尚未完成;单站点 OT 人员数未知 |
| Phlow Corp. | 制药(CDMO) | xDome 覆盖 Virginia 的 cGMP 制造、研发实验室、自动化仓库 | 生产环境 | 实时资产可视化;微分段;保障 IT/CPS 融合安全 | 单一区域小规模部署;规模指示有限 |
| 欧洲机场(未具名) | 交通 | CTD + Secure Access + EMC;50M+ 旅客 / 年;货运自动化 + 楼宇基础设施 | 生产环境 | 完整 OT 资产画像;管理第三方供应商访问;切断暴露在互联网的设备 | 客户身份未披露;机场规模未正式确认 |
| 美国军方导弹防御站点 | 公共部门 / 国防 | 通过 Mission IT 部署 Claroty CTD;多个 DoW 导弹防御控制系统获得 ATO | 生产环境(已授予 ATO) | 多个涉密站点获得 ATO;设备覆盖规模比文件记录大数倍 | 涉密细节已遮盖;站点数未披露 |
部署由 Claroty 发布的案例研究和新闻稿确认。除非另有说明,所有部署均为生产环境。 涉密或敏感细节在来源中已被遮盖。
[CU007, CU010, CU012, CU014, CU015, CU016]基于有来源的案例研究和独立验证,横向评估各垂直行业的证据质量、公开案例可得性、生产环境确认和扩张信号强度。
[CU007, CU010, CU015, CU016, CU019, CU024]6.3 医疗垂直深度与 KLAS 验证
医疗是 Claroty 最深、也最经独立验证的垂直行业。公司连续五年(2021–2025)被 KLAS Research 评为医疗 IoT 安全的 Best in KLAS,并在 2026 Best in KLAS Awards 中获得 Top Performer,整体得分 92.5/100——在所有被评估厂商中位列第二,且在所属类别中客户评价数量最多(35 家独立医疗组织)。KLAS 还将 Claroty 选为「Consistent High Performers 2025」报告中的 30 家厂商之一,该报告衡量三年滚动客户满意度;Claroty 是名单上唯一一家医疗 IoT 安全厂商。KLAS 发布的客户引述显示强忠诚度:一位医院 CTO(2025 年 12 月)称「我们绝对会再次购买 Claroty 的系统」;一位医院经理(2025 年 5 月)形容 xDome 是「我们围绕医疗设备做分段时的主干……Claroty 是我们的唯一答案。」具名医疗案例包括 South Tees Hospitals NHS Foundation Trust(英国)、Yale New Haven Health System(美国)和 Ohio State University Wexner Medical Center(美国)。Claroty 的医疗平台覆盖来自 HHS Section 405(d)、HIPAA Security Rule、EU NIS2 和 NHS Data Security and Protection Toolkit(DSPT)的监管压力,带来合规驱动的粘性。医疗客户证据的广度——五次独立评分 KLAS 调研、35 家评估组织、具名生产部署和多年续约信号——使医疗成为 Claroty 收入耐久性的锚定垂直行业。 [CU019, CU020, CU021, CU022, CU023, CU035]
| 指标 | 数值 / 信号 | 细分 | 置信度 | 尽调问题 |
|---|---|---|---|---|
| KLAS 2026 评分 | 92.5 / 100(评估厂商中第二高) | 医疗 IoT | 高(独立 KLAS 研究) | 索取完整 KLAS 报告,包括逐字评论和评分拆分 |
| KLAS 连续 Best in KLAS | 5 年(2021–2025) | 医疗 IoT | 高(每年发布) | 确认没有降低门槛的类别调整 |
| KLAS Consistent High Performers 2025 | 入选;1,000+ 个测评产品中唯一医疗 IoT 安全厂商 | 医疗 IoT | 高(独立、3 年滚动指标) | 确认方法论:按订阅数还是满意度加权 |
| 客户扩张 — Britvic | CTD 升级至 xDome;新增法国和巴西站点(多年扩张) | 制造业 | 高(发布的案例研究) | 索取从 CTD 升级到 xDome 档位带来的 ARR 提升 |
| 客户扩张 — Coop Switzerland | 核心站点已加固;正扩展到所有门店零售点 | 零售 | 高(发布的案例研究) | 索取时间表和计划门店站点数量 |
| NRR(净留存率) | 未公开披露 | 全部 | 低(估计;私营公司) | 直接询问;高增长 SaaS 基准目标为 NRR >110% |
| GRR / logo 流失 | 未公开披露 | 全部 | 低 | 索取合同开始后第 1、2、3 年的队列数据 |
Claroty 未披露 NRR 和 GRR。KLAS 分数和客户扩张信号可作为医疗细分满意度与留存的代理指标; 正式留存数据需在尽调中获取。
[CU019, CU020, CU021, CU014, CU015, CU034]在正式 NRR 和流失数据未公开的情况下,用 KLAS 满意度分数作为代理,估算 Claroty 医疗垂直的留存队列。
留存百分比按 KLAS 平均满意度 92.5/100、连续三年入选「Consistent High Performers」以及案例研究中的扩张模式(Britvic、South Tees)推算。 上排代表保守估算;下排代表乐观估算,反映 KLAS 忠诚度指标。正式 NRR/GRR 数据未公开;这些数字仅用于情景规划近似。
[CU019, CU020, CU021, CU034, CU035]6.4 渠道、合作伙伴与公共部门触达
Claroty 的上市模式高度依赖 xCelerate Partner Program 下的渠道合作伙伴模式,该计划让经销商、增值经销商(VAR)、托管安全服务提供商(MSSP)、技术联盟和分销商销售、部署并支持平台。2026 年 4 月,Claroty 任命 John Ryan 为 Worldwide Partner Ecosystem 副总裁以加速该战略;他此前曾任 Orca Security 和 Illumio 的全球渠道副总裁。2026 年 CRN Security 100 和 CRN IoT 50 认定强化了渠道可信度。在美国公共部门,Claroty 与 Carahsoft Technology Corp. 于 2026 年 5 月宣布分销合作,使 Claroty 平台可通过 Carahsoft 的 NASPO ValuePoint Master Agreement(#AR2472)提供给联邦、州、地方、教育和医疗(SLED)机构。Carahsoft 庞大的经销商网络,为 Claroty 覆盖那些靠直销难以触达的机构。与 Mission IT 的合作(2025 年 12 月)使 Claroty CTD 在 Department of War(DoW)旗下多个军事导弹防御站点获得 Authority to Operate(ATO),并为一个机密情报界(IC)Facility Related Control System(FRCS)获得 ATO,支持 ICD 503 和 UFGS-25 05 11 合规。在导弹防御站点,Mission IT 发现的设备足迹比此前记录大数倍——这证明了 Claroty 在机密环境中做资产发现的核心价值主张。Claroty 生态中有 40+ 家合作伙伴,并由专门的公共部门总经理 Jen Sovada 领导政府扩张,渠道触达显著放大了其直销能力。Carahsoft NASPO ValuePoint 合同消除了过去拖慢政府采用的采购摩擦。 [CU024, CU025, CU026, CU027, CU028, CU029]
| 指标 | 值 | 日期 | 来源 | 置信度 | 含义 | 缺失分母 |
|---|---|---|---|---|---|---|
| 客户总数 | 1,000+ | ~2023 | Claroty 10 周年新闻稿 | 中 | 市场渗透较广;规模已可纳入 IPO 考量 | 精确数量未披露;2026 无更新 |
| 全球受保护站点 | 8,000+ | 2025–2026 | Claroty 商业网络安全页面 | 中 | 平均每客户 ~8 个站点;多站点采用已有分量 | 部署密度分布未知 |
| Fortune 100 客户 | 100 家中 24 家 | ~2023 | Claroty 10 周年新闻稿 | 中 | 最大型企业采用强;ARR 贡献可能不成比例偏高 | 单账户收入集中度未披露 |
| ARR 里程碑 | $100M+ | 2023 | Claroty 10 周年新闻稿(CEO 声明) | 高 | ARR 规模支撑 IPO 路径;2023 以来增长未确认 | 当前 ARR 未披露 |
| 医疗 KLAS 评估机构 | 35 家不同机构 | Feb 2026 | KLAS 2026 Best in KLAS Awards 新闻稿 | 高 | 该类别评估机构最多;医疗 IoT 中评价密度最高 | 医疗客户总数未单独披露 |
ARR 和客户数来自新闻稿中公司披露的里程碑;截至 May 2026,2023 数据尚未公开更新。 站点数来自 Claroty 商业垂直行业页面。
[CU001, CU002, CU003, CU004, CU019]基于 2023–2026 年里程碑,估算从全球可触达市场到活跃客户、多站点部署和 Fortune 100 渗透的转化漏斗。
全球可触达机构数和评估机构数只是用于提供背景的粗略估算;只有「活跃客户(1,000+)」和「Fortune 100 客户(24)」是公司披露数字。 评估机构数按企业 CPS 安全供应商常见竞争胜率推断。
[CU001, CU002, CU003]6.5 留存、扩张与客户满意度信号
Claroty 没有公开披露净留存率(NRR)或总流失率——这限制了定量尽调——但多项定性信号指向高留存和有意义扩张。35 家评估组织给出的 KLAS 2026 得分 92.5/100、KLAS 三年「Consistent High Performers」入选、以及多年 Best in KLAS 认定,都是医疗细分市场的替代留存指标。案例研究记录了扩张:Britvic 从本地 CTD 迁移到云端 xDome,并把部署延伸到法国和巴西的新制造站点;Coop Switzerland 完成核心物流 / 仓储部署,正在把 Claroty 扩展到门店零售场景。South Tees NHS 部署了所有 xDome 模块,并增加 Fortinet 集成,提高了平台深度和切换成本。典型先落地再扩张动作从单站点 CTD 或 xDome 部署做资产可见性开始,随后随着客户信任提升,扩展到安全访问、威胁检测、暴露面管理和网络防护模块。平均每客户 8 个站点(8,000+ 站点 / 1,000+ 客户)说明多站点采用有实质规模。24 家 Fortune 100 账户是高价值且难以流失的关系,因为它们需要深度 OT 网络集成。缺失证据包括:没有公开披露 NRR、合同期限、队列留存或具体每队列 ARR——这些都是私营公司标准保留信息。投资人和潜在收购方应在任何尽调流程中索取这些指标。 [CU003, CU014, CU015, CU022, CU023, CU034]
6.6 客户集中度、反向证据与部署风险
主要客户风险在于 NRR 和流失数据不透明。Claroty 的私营状态意味着正式留存指标不可得,只能依赖替代信号(KLAS、案例研究扩张、KLAS 三年滚动指标)。G2 评论者——尽管样本很小(截至 2024 年 10 月为 4.7/5,6 条评论)——指出有意义的部署摩擦:「部署需要大量细致调优」「软件缺陷会让事件处理变得笨重」「初始设置的复杂度可能有挑战」以及「需要专家团队安装」。这些信号说明实际价值达成时间可能长于营销承诺,部署需要熟练 OT 安全人员(稀缺资源),没有内部专业能力的客户可能面对更高总拥有成本。收入层面的客户集中度未知:24 家 Fortune 100 账户可能贡献了不成比例的 ARR,失去任何一个大客户都可能产生重大影响。公共部门销售周期长,且受采购门槛约束,因此 Carahsoft 和 Mission IT 合作必要但不足以带来政府收入快速爬坡。医疗垂直集中度虽经验证,但如果医院 M&A 整合客户基础,或报销压力压缩网络安全支出,也可能变成负担。本研究没有发现公开流失事件、失败部署或重大客户投诉;不过,公开反向证据缺失,一部分也可由 Claroty 的保密惯例和 OT 客户事件敏感性解释。 [CU031, CU032, CU033, CU034, CU043, CU044]
| 因素 | 类型 | 严重程度 / 规模 | 尽调路径 |
|---|---|---|---|
| 先落地再扩张(CTD → xDome 多模块) | 扩张驱动 | 高 — Britvic、South Tees、Coop 均有记录;推动 SaaS ARR 复合增长 | 索取账户平均收入随时间变化;确认 xDome 附加率 |
| 现有账户内站点扩张 | 扩张驱动 | 高 — 8,000+ 个站点 / 1,000+ 家客户意味着多站点是常态;Coop 零售铺开 | 确认每客户平均站点数走势和站点级定价 |
| 公共部门 ATO 管线(Carahsoft + Mission IT) | 扩张驱动 | 中高 — Dec 2025 首批 ATO 落地;Carahsoft NASPO 渠道于 May 2026 制度化 | 跟踪活跃联邦 RFP 数量和 DoW ATO 管线 |
| 医疗垂直行业集中 | 集中度风险 | 中 — KLAS 优势暗示医疗 ARR 占比高;若医院 M&A 减少账户,存在整合风险 | 索取垂直行业 ARR 拆分;评估前 5 大医疗账户占总 ARR 的比例 |
| 头部客户收入集中 | 集中度风险 | 中高 — 24 家 Fortune 100 客户可能贡献不成比例的 ARR | 索取前 10 大客户收入集中度(占 ARR %);确认无单一客户 >10% |
| 实施复杂度 / 部署摩擦 | 扩张风险 | 中 — G2 评论提到“significant fine-tuning”,需要专家团队;拖慢 SMB / 政府采用 | 询问平均部署周期、专业服务附加率、按部署类型划分的 CSAT |
严重程度评级是基于现有证据的定性判断。收入集中度数据由客户层级构成估算; 公开渠道没有正式客户收入拆分。
[CU014, CU015, CU024, CU026, CU031, CU035]6.7 图表
07风险
7.1 市场、竞争与商业风险
Claroty 最尖锐的近期商业风险,是 OT 安全市场正在快速围绕大型平台厂商整合。ServiceNow 于 2024 年 12 月以 $7.75 billion 收购 Armis,把 Claroty 的主要竞争对手之一——一家在 CPS 和 OT 资产管理能力上高度重叠的平台——嵌入全球最大 ITSM 厂商体系内。Mitsubishi Electric 于 2025 年 9 月以约 $1 billion 收购 Nozomi Networks,带来第二起整合事件,让一家大型工业自动化集团拥有了垂直整合的 OT 安全产品,可与既有工业关系中的 SCADA、DCS 和 ICS 硬件一起销售。这两笔交易已经实质改变了 Claroty 执行 2027 年 IPO 逻辑时所处的竞争格局。 结构性销售周期摩擦进一步放大竞争风险。OT 买方——工厂工程师、过程控制经理和运营副总裁——把生产连续运行置于安全态势之上。典型企业 OT 安全采购从初始筛选到合同签署需要 9–18 个月,这要求 Claroty 维持大型交易管线,才能实现可预测的季度收入确认。这一动态会持续制造在险收入,并使 Claroty 的 ARR 增长对能源、制造和水务客户群中的宏观预算冻结敏感。 Cisco、Palo Alto Networks,以及如今通过 Armis 切入的 ServiceNow 所带来的平台捆绑压力,正在挤压独立 OT 专家的大企业账户定位。随着这些厂商把原生 OT 能力延伸进既有安全和 IT 管理产品组合,它们可以向 IT 和安全买方提出单一供应商简化论证;Claroty 作为专注的同类最佳专家,即便保有技术深度优势,也难以在采购简便性上匹配。这一风险在医疗和政府账户中尤其高,因为供应商整合本就是明确的采购目标。 估值背景还带来具体执行压力。据报道,Claroty 的 Series F 后估值约为 $3 billion,对应未披露 ARR 的倍数与高端 SaaS 估值一致,但进入 IPO 窗口前 18 个月的增长减速容错空间有限。如果新交易胜率因竞争替代而恶化,或现有客户在续约时整合到大型平台厂商,IPO 可实现倍数可能显著压缩。 [CR001, CR002, CR003, CR004, CR005, CR007]
7.2 产品、技术与安全风险
Claroty 平台在关键基础设施 OT 环境中占据特权网络可见性位置。这个位置既是其竞争价值来源,也是主要产品安全责任:Claroty 传感器、管理服务器或云连接器中的任何漏洞,如果允许横向移动进入底层 OT 网络,都将严重破坏客户信任,并引发尖锐监管事件。 迄今最重要的已披露产品安全事件,是 Claroty Continuous Threat Detection 产品中的认证绕过漏洞。如果该漏洞在修补前被利用,将允许未认证的管理员访问客户 OT 网络可见性数据。Claroty 通过负责任披露流程处理了该问题,但该事件说明任何 OT 安全平台都面临同一类风险:被设计来保护 OT 网络的产品,本身也必须能顶住它要检测的攻击者。 Team82 的主动漏洞研究带来第二层风险面。该研究部门是有意义的品牌差异化,但其定期发布第三方 ICS 漏洞披露,也会吸引监控 CVE 发布、寻找老旧 OT 环境可利用窗口的国家级和犯罪攻击者。CISA Known Exploited Vulnerabilities 目录截至 2026 年 5 月列出 1,592 个正被主动利用的漏洞,说明已披露漏洞与客户修复能力之间的缺口被多么持续地利用。若 Claroty 自有平台中广泛部署的组件出现零日漏洞,将考验负责任披露周期究竟是在保护客户,还是无意中扩大攻击面。 存量旧环境部署复杂度,是被低估的运营风险。许多老旧 ICS 环境使用无法打补丁的过时操作系统,缺少加密或认证协议,并且需要数周专业服务投入,Claroty 传感器才能可靠部署。复杂存量环境中的失败——例如传感器不兼容、误报告警风暴或局部覆盖缺口——会拉长销售周期、延迟 ARR 确认;如果部署失败发生在随后遭遇 OT 安全事件的客户身上,还会带来声誉风险。Claroty 没有公开披露部署成功率、价值实现时间 SLA,或需要升级专业服务参与的部署占比。 [CR009, CR010, CR011, CR012, CR013, CR014]
| 故障模式 | 发生概率 | 严重程度 | 缓释成熟度 | 剩余暴露 | 未解决缺口 |
|---|---|---|---|---|---|
| OT 平台组件身份验证绕过(例如 CTD 传感器或管理服务器) | 低 — 已修补;未确认复发 | 严重 | 成熟 — 已有负责任披露流程;补丁节奏有文档 | 复杂 OT agent 代码路径中可能存在未发现变体 | 第三方渗透测试节奏和范围未公开披露 |
| Team82 CVE 披露在客户环境修补前被武器化 | 中 — 负责任披露机制内生风险 | 高 | 部分 — 30 天协调披露窗口是行业标准 | 旧式 OT 设备常无法在披露窗口内完成修补 | 尚无公开归因的披露后利用事件确认;追踪数据为私有 |
| Claroty 保护的客户环境发生勒索软件事件,并被归因于传感器故障或覆盖缺口 | 中 — 针对 OT 的勒索软件在增加 | 高 | 部分 — Threat Detection 模块缩短驻留时间;已有事件响应伙伴生态 | Claroty 合同中的结果责任条款未公开披露;诉讼风险不明 | 客户合同中的责任和赔偿条款属于未公开的私下条款 |
| 大型多站点存量 OT 环境中,传感器部署无法规模化 | 中 — 规模化部署需要专业服务 | 中 | 部分缓释 — 已为复杂存量项目投入专业服务团队 | 部署失败会拉长销售周期、推迟 ARR 确认,并损害标杆客户 | 部署成功率、价值实现时间 SLA 和专业服务升级率未公开披露 |
| SaaS 或云连接器中断,影响远程访问或云管理模块 | 低 — 宣称支持多云,但未独立审计 | 中 | 部分缓释 — 营销材料称采用多云架构 | 若 SaaS 正常运行时间低于未披露的 SLA,会带来客户感知风险;公开正常运行历史缺失 | SLA 条款、正常运行历史和灾备架构细节尚未独立核验 |
可能性评级截至 May 2026,基于已披露事件、行业勒索软件数据和类似 OT 厂商漏洞历史,由作者判断。严重性假设为企业客户规模;消费者或小站点部署的严重性可能较低。
[CR009, CR010, CR011, CR012, CR013, CR014]7.3 监管与法律合规风险
Claroty 的核心垂直行业——能源、制造、医疗和政府——都在面对不断演进的 OT 网络安全监管要求。这些要求一边拉动需求,一边增加合规成本。监管环境同时有顺风和逆风:强制要求会刺激 OT 安全投入,但合规负担也会分流客户预算,并把认证摩擦带进 Claroty 的销售周期。 近期最重要的监管变化是 CIRCIA。2022 年《关键基础设施网络事件报告法》(CIRCIA)要求受覆盖的关键基础设施实体在 72 小时内报告事件,并在 24 小时内报告勒索软件付款。截至 2026 年 5 月,CISA 的拟议规则仍待最终发布;覆盖实体范围、具体报告门槛,以及报告接口的技术要求仍在 NPRM 审查中。最终规则预计会把覆盖范围扩大到法定最低线之外,可能要求 Claroty 的客户自建或采购报告自动化能力。如果 Claroty 把 CIRCIA 合规报告嵌入平台,规则会利好它;如果动作不够快,客户安全预算也可能转向单点报告工具。 NERC CIP 标准为 Claroty 的能源行业业务提供了监管需求底座。当前执行的 CIP v5/v6 标准要求 BES Cyber System 资产清单、网络分段和补丁管理控制,这些要求能直接落到 Claroty 的平台能力上。升级到 CIP v7 后,客户可能需要针对更严格的资产可视性和事件检测要求重新证明合规——这会打开一轮替换评估周期,Claroty 的竞争对手也能借机挑战既有供应商。 在欧洲,NIS2 指令于 2024 年 10 月生效,把供应链风险管理提升为关键实体董事会层面的义务。这给 Claroty 带来不对称格局:作为 OT 安全供应商,它受益于 NIS2 带动的客户采购;但作为受监管运营商环境中的供应链组件,它自身也会接受 NIS2 审视。欧盟客户可能要求 Claroty 提供自身安全实践符合 NIS2 的证据,这会给欧洲市场扩张再加一层认证和合规成本。 法律层面,BIS 主管的《出口管理条例》(EAR)构成一个潜在但可能重大的风险点,原因是 Claroty 注册地在以色列,且关键基础设施防护网络安全软件具备双用途属性。虽然公开信息中没有披露执法行动,但以色列来源、政府市场重点、以及情报级 OT 漏洞研究叠加在一起,足以支持持续接受 BIS 法律顾问审查。 [CR016, CR017, CR018, CR019, CR020, CR021]
| 规则 / 框架 | 司法辖区 | 状态(May 2026) | 发生概率 | 严重程度 | 可用缓释 | 剩余暴露 | 尽调路径 |
|---|---|---|---|---|---|---|---|
| CIRCIA 事件报告(72 小时 / 24 小时勒索软件规则) | 美国联邦 | NPRM 已发布;最终规则待定 | 高 | 中 | 部分 — 可用供应商响应工具;CISA 指引有效 | 客户合规负担增加;CIRCIA 报告预算存在竞争 | 监控 CISA 规则制定时间线;确认 Claroty 平台路线图中的客户准备工具 |
| NERC CIP OT 资产清单与补丁管理(v5/v6/v7) | 美国电力 / NERC | 已生效并执行;预计进入 v7 升级周期 | 高 | 高 | 强 — Claroty 平台映射到 NERC CIP 资产清单和监控控制项 | CIP v7 升级周期可能要求客户重新认证并重新评估平台 | 确认产品路线图对齐 NERC CIP v7;审查能源行业 FERC 执法行动 |
| EU NIS2 指令(Essential and Important Entities) | 欧盟 / 成员国 | October 2024 生效;成员国执法增强 | 中 | 高 | 部分 — 需要欧盟数据驻留和供应链安全证据 | Claroty 作为欧盟运营商的供应链组件,会受 NIS2 审查;可能需要欧盟数据驻留选项 | 验证欧盟数据驻留控制;评估 Claroty 作为供应商组件承担的 NIS2 供应链义务 |
| HHS HIPAA Security Rule 与 Healthcare Cybersecurity Concept Paper | 美国联邦 | 已生效;概念文件 2023 发布;可能进入规则制定 | 高 | 中 | 强 — 医疗是 Claroty 第二大垂直行业;HIPAA BAA 合规已有文档 | HHS 规则制定可能加入新的设备安全认证门槛,拖慢医疗采购 | 确认所有医疗部署均对齐 HIPAA 安全规则和 Business Associate Agreement 条款 |
| Export Administration Regulations(EAR)— 以色列来源军民两用软件 | 美国联邦 / BIS | 生效中;未确认执法行动;以色列来源在范围内 | 中 | 高 | 部分 — 法律审查进行中;未发现公开执法历史 | 若 BIS 将平台归类为受控军民两用技术,政府合同可能受限 | 获取 BIS 法律顾问对平台组件 EAR 分类的意见;审查 ITAR 邻接风险 |
| 框架:NIST SP 800-82 Rev. 3 / CISA Cross-Sector Performance Goals | 美国联邦 / NIST | 2023 发布;被 CISA CPGs 引用;自愿但在 RFP 中成为强制参考 | 低 | 低 | 强 — Claroty 平台映射到 SP 800-82 资产管理和监控控制项 | Rev. 4 起草可能引入新要求,改变 RFP 评估标准 | 监控 SP 800-82 Rev. 4 起草;确认面向客户的合规材料已记录 CPG 对齐情况 |
发生概率和严重程度评级是作者基于截至 May 2026 的公开监管文件和行业分析作出的判断; 不构成法律意见。剩余暴露评估假设 Claroty 维持当前平台能力,且不引入重大新产品或合规缺口。
[CR016, CR017, CR018, CR019, CR020, CR021]7.4 财务、组织与地缘政治风险
Claroty 当前画像中,IPO 执行风险是最大的单一财务风险。CEO Yaniv Vardi 已公开把 IPO 目标定在 2027 年,但这个窗口取决于公开市场环境;自 2024 年初以来,高倍数、PE 支持的软件公司面对的市场条件已经转弱。Claroty 已融资约 $900 million,据报道估值为 $3 billion。在承销商能够为一笔成功发行定价之前,它必须向公开市场投资者证明年经常性收入(ARR)增长轨迹足够持久、盈利路径可信、资本结构清晰。公开信息无法独立验证这些要素。 估值本身也存在尚未解释的矛盾。Claroty 的 F 轮后估值被报道为 $3 billion,同时又被描述为较 2024 年 4 月 $2.5 billion 基线大约上升 80%。按算术计算,$2.5 billion 增长 80% 应为 $4.5 billion,而不是 $3 billion。这个不一致说明,早前市场估计可能基于低于常被引用的 $2.5 billion 的隐含基线,或者 80% 这个数字适用于另一个估值参照日。这个差异并不意味着欺诈,但它确实说明,私营公司估值不透明会产生互相冲突的市场信号,让 IPO 前的投资者定位更复杂。 Claroty 的以色列创始背景带来层层叠加、且常被低估的地缘政治风险。SEC Form D 文件确认,Team8 创始银团关联的基金载体注册地在以色列。Claroty 设在以色列的 Team82 研究部门,把关键 R&D 和威胁情报能力集中在一个会周期性面临军事升级和社会扰动风险的地区。公司没有披露 R&D 中断时的业务连续性计划,但其他以色列科技公司的先例显示,持续冲突期会削弱以色列本地职能的招聘、留任和运营连续性。出口管制风险会进一步放大地缘政治敞口:BIS 依据 EAR 将 Claroty 平台归类为双用途网络安全软件,可能影响某些司法辖区的政府采购资格,或让特定国际销售触发许可证要求。 关键人物风险集中在规模不大的创始和高管团队。CEO Yaniv Vardi 是 IPO 执行计划的机构化门面,也是增长投资者、战略客户和潜在承销商的主要接触点。如果 CEO 意外离任,IPO 执行很可能显著延后;若 F 轮条款中存在投资者权利条款,还可能触发这些条款。2025 年新聘任 CPO 和 CSO,说明公司在 IPO 前强化团队,但也确认此前这些岗位存在缺口。IPO 临近、早期员工流动性窗口打开后,联合创始人股权集中和 R&D 领导层的长归属期还会带来额外的可选性风险。 [CR023, CR024, CR025, CR026, CR027, CR028]
| 角色 / 职能 | 依赖或缺口 | 可能性 | 严重性 | 缓释措施 | 尽调路径 |
|---|---|---|---|---|---|
| CEO — Yaniv Vardi | 2027 IPO 执行的机构门面;投资者信任锚点;客户和董事会信誉来源 | 低 | 关键 | 管理层任期较长;推定存在董事会连续性计划,但未披露 | 核实 CEO 继任计划、长期激励归属门槛日期,以及条款清单中的任何顾问委员会过渡表述 |
| 联合创始人 / 技术领导层 — Galula、Barak、Mizrahi | 核心平台架构与愿景;Team82 研究公信力;创始团队机构知识 | 低 | 高 | 技术领导层已多元化;CPO 和 CSO 岗位在 2025 补齐 | 核实联合创始人股权归属门槛日期与 IPO 时间表的关系;评估多年留任协议 |
| Team82 研究部门(以色列基地) | OT 漏洞情报的主要来源;差异化品牌和政府关系资产 | 中 — 可能受地缘政治扰动 | 中 | 部门可以分散,但结构上仍集中在以色列 | 评估以色列 R&D 持续受扰时的业务连续性计划;审查海外分散团队或远程办公应急方案 |
| CRO / 全球销售负责人 | 负责跑出 2027 IPO 所需收入爬坡、管理渠道伙伴、筛选企业级交易 | 中 — CRO 岗位近期加强 | 高 | 2025 招聘显示收入领导层已加强;历史销售指标完成率未披露 | 核实 CRO 任期、过往销售指标完成记录、销售管线覆盖倍数,以及股权归属安排与 IPO 的关系 |
可能性和严重性评级基于公开领导层任期数据,以及 IPO 前关键人员留任风险的行业惯例。私人薪酬和归属细节无法独立核验。
[CR023, CR025, CR027, CR030, CR031, CR033]| 风险 | 可监测触发项 | 阈值 / 事件 | 行动含义 |
|---|---|---|---|
| IPO 执行失败 | CEO 对 IPO 时间表的公开指引;董事会公告;SEC S-1 申报活动 | 公开推迟 IPO,或保密 S-1 提交后撤回 | 重估投资逻辑;重置资本回收时间表;评估老股流动性选项 |
| 被平台捆绑打法替代 | 企业交易胜率数据;渠道伙伴 Claroty 签约额趋势;CRN 和 SecurityWeek 的客户赢单报道 | 行业渠道数据显示,新企业交易胜率连续两个季度低于 50% | 下调收入增长假设;提高估值模型中竞争替代情景权重 |
| 客户现场产品安全事件 | CISA ICS 公告或 CVE 将 Claroty 传感器或管理控制台列为活跃攻击载体 | CISA 或主流安全媒体确认,在具名关键基础设施客户处,Claroty 平台组件遭主动利用 | 暂停投资;就合同责任和监管披露义务聘请法律顾问;重做平台安全尽调 |
| 对以色列来源软件的监管限制 | BIS EAR 规则制定更新;影响以色列技术出口的行政令;政府合同授予数据库变化 | 美国政府采购清单移除 Claroty 平台,或 BIS 在政府 / 国防场景下拒发许可证 | 下调政府分部 ARR 估计;重估可服务市场;取得律师对合规路径的意见 |
| 关键人物离职 | CEO、联合创始人或 CRO 辞任公告;董事会构成变动但未披露继任安排 | CEO 或两位联合创始人意外离职,且 30 天内未发布已确认继任计划 | 将投资转入复核;要求召开董事会会议;重新评级前评估离职后的销售管线和客户留存数据 |
否决标准是监控阈值,不是法律触发项。所有行动含义均需投资者法律顾问审查,并受基金治理要求约束。阈值定义应按单个投资者授权调整。
[CR004, CR005, CR009, CR022, CR027, CR029]7.5 合作伙伴、渠道与集中度风险
Claroty 的市场拓展模式高度依赖渠道中介、技术联盟,以及少数高价值分销关系。与直接销售型 SaaS 同行不同,销售组织中的 ARR 集中度通常可见;渠道驱动收入的集中度更难从公开披露中识别,一旦关键伙伴关系变化,也可能迅速结晶为风险。 最实质的渠道集中度风险,是 Claroty 与 Carahsoft Technology 的美国政府分销关系。Carahsoft 是 Claroty 的主要联邦及 SLED 分销伙伴,提供 GSA schedule 定价和邻近 DOD 的采购工具。Carahsoft 在美国公共部门市场拥有很强杠杆,同时有文件记录其与数十家网络安全供应商并行合作。如果出现合同争议、GSA schedule 审计,或 Carahsoft 战略转向竞争性 OT 平台,Claroty 的政府垂直行业 ARR 可能在没有提前披露的情况下立刻出现不可预见的缺口。 与 Rockwell Automation 的技术联盟集中度构成第二类渠道依赖。Rockwell 联合销售联盟把 Claroty 带进制造业账户,而 Rockwell 在这些账户里已有 PLC、SCADA 和工业自动化关系。这是一个有价值但非排他的安排。如果 Rockwell 收购竞争性 OT 安全供应商,或者为其工业平台自研安全产品,合作伙伴投入会被重定向,共同销售伙伴也可能变成竞争渠道。 在 APAC 和 EMEA,Claroty 依赖区域增值经销商和 MSSP 开发市场。这些关系的具体经济条款——伙伴利润率、配额承诺义务、竞争排他条款——没有公开披露。区域分销商技术赋能投入不足,会让高增长市场的销售管线停滞;而巨头供应商提供更完整合作伙伴计划带来的竞争压力,也可能诱发伙伴流失。 “市场风险”部分讨论的更广泛平台捆绑趋势,直接延伸到渠道:Cisco、Palo Alto 和通过 Armis 扩展 OT 能力的 ServiceNow,可以把这些能力推入规模大得多的合作伙伴生态,并向经销商和 MSSP 提供更宽产品组合上的更高利润率。这会给渠道伙伴形成结构性激励压力,把 OT 安全交易来源从 Claroty 这类需要专门技术赋能投入的专业供应商,转向巨头供应商平台。 [CR034, CR035, CR036, CR037, CR038, CR039]
| 依赖项 | 交易对手 | 角色 | 集中度 | 失效场景 | 严重性 | 缓释措施 | 剩余暴露 |
|---|---|---|---|---|---|---|---|
| 美国公共部门分销 | Carahsoft Technology | 主要联邦和 SLED 销售渠道;提供 GSA Schedule 准入 | 高 — 美国政府 ARR 的主要载体 | Carahsoft 合同争议、GSA Schedule 审计,或战略重心转离 Claroty | 高 | 打通直接 FedRAMP 授权路径;建立第二分销商关系 | 对 GSA Schedule 的依赖让重要政府 ARR 分部暴露于单一交易对手风险 |
| OT 联盟与工业领域联合销售 | Rockwell Automation | 制造业垂直联合销售联盟;集成和联合客户触达 | 中 — 多个 OT 厂商联盟伙伴之一 | Rockwell 收购竞品 OT 安全产品,或为 FactoryTalk 推出内部安全方案 | 中 | 多厂商 OT 联盟策略;制造业已有独立销售打法 | 非独家安排意味着一旦 Rockwell 整合竞品平台,Claroty 可能遭遇伙伴倒戈 |
| 成长融资提供方 | Golub Growth | 最近 Series F 融资的领投方;IPO 过桥阶段的主要资本伙伴 | 高 — Series F 领投方;条款未披露 | 2027 IPO 前市场环境恶化;Golub 无法或不愿延长过桥融资 | 高 | 现有投资方财团(Team8、Bessemer、Clariti Capital)提供部分后盾 | 若宏观环境在盈亏平衡前关闭 2027 IPO 窗口,IPO 前融资风险上升 |
| 云平台基础设施 | AWS / Azure(多云) | SaaS 交付、边缘云连接和管理控制台基础设施 | 中 — 产品文档宣称支持多云 | 主要云厂商中断,或持续涨价,影响 SaaS 交付经济性 | 中 | 多云架构提供冗余;具体云厂商 SLA 未公开披露 | 未披露的 SLA 条款和各云厂商收入分成条款,让云依赖严重性仍有残余不透明度 |
合作伙伴集中度评估截至 May 2026,基于公开渠道文档、GSA Schedule 文件和行业媒体报道。具体合同条款和经济依赖属于未披露的私下信息。
[CR034, CR035, CR036, CR037, CR038, CR039]7.6 附录
08估值
8.1 建议与投资逻辑
从战略重要性看,Claroty 值得投资;但从证据完整性看,还不到位。乐观逻辑很直接:OT 及更广义的 CPS 安全品类仍在以双位数增长,Claroty 保持第三方分析师认可的领先地位,公司现在披露拥有超过 1,000 家客户,其中包括 24 个 Fortune 100 账户。Golub Growth 领投 F 轮也很重要,因为这更像是为公开市场进程做后期站位,而不是紧急救援轮。这些因素支持继续跟踪,也可以支撑相对增速更慢的成熟网络安全平台给出溢价。 反向逻辑同样重要。Claroty 仍未公布当前 ARR、任何毛利率或留存数据,也没有披露 2026 年 1 月融资对应的绝对估值。这意味着估值叙事依赖二级报道和推断。因此,本报告的建议是有条件的,而不是热情买入:公开证据支持监测,并且只有在严格入场纪律下才可能买入;不能把任何报道价格当成已经完全验证后照单支付。正确立场是继续研究,核实股权结构表和 ARR 衔接表,只有当估值不透明度明显收窄后,才承销上行空间。[CV019, CV020, CV021, CV022, CV037, CV041]
| 维度 | 评估 | 信心 | 关键证据 |
|---|---|---|---|
| 整体立场 | 继续研究 / 仅在核实价值以下有条件买入 | 中 | 市场顺风和产品证明都强,但绝对估值和当前 ARR 仍未核实。 |
| 估值入场点 | 将 ~$3B 视为尽调上限,而非已确认成交价 | 中 | 公司确认估值上调 80%,但未确认绝对数;公开报道在 $3B 与 $4.5B 的计算上冲突。 |
| 风险评级 | 高 | 高 | 清算优先权悬顶、依赖 IPO 窗口、ARR 披露陈旧;若增长低于假设,下行空间会被放大。 |
| 核心投资逻辑 | 大型 OT/CPS 品类、分析师领先地位和 >1,000 客户规模,仍可支撑溢价退出 | 中 | MarketsandMarkets 增长展望,加上 Gartner 和 Forrester 认可,支撑其溢价定位。 |
| 核心风险 | 即便业务仍具战略重要性,ARR、股权结构表和估值不透明也可能抹掉回报 | 高 | 没有公开股权结构分配瀑布;自 2023 年 >$100M 里程碑后 ARR 未刷新;估值报道互相冲突。 |
建议对价格和证据都敏感;本表概括了公开证据目前能支持什么、不能支持什么。
[CV011, CV012, CV013, CV031, CV036, CV037]| 维度 | 投资逻辑 | 反向逻辑 | 权重 |
|---|---|---|---|
| 乐观情景 | Claroty 是已具规模的 CPS 领导者,有分析师背书、>1,000 客户,以及为 IPO 路径铺路的后期投资方。 | 规模说法属实,但仍没有告诉投资者当前 ARR、NRR 或烧钱速度。 | 高 |
| 悲观情景 | 行业整合验证了品类,也让 Claroty 成为少数仍独立的主要资产。 | Nozomi 的结局说明,纯 OT 公司退出价可能只在 $1B 附近,远低于 Claroty 的报道估值。 | 高 |
| 基准情景 | 若 ARR 已显著超过 2023 里程碑,且 IPO 市场重开,$4-5B 退出有可能成立。 | 若 ARR 只略高于 $100M 且优先权较重,$3B 入场价已经很吃力。 | 高 |
| 上行催化 | 经核实的 2026 ARR、利润率和 NRR 披露,可能支撑保住溢价倍数并推动 2027 IPO。 | 没有披露,溢价倍数只能停留在叙事,算不上可承销的证据。 | 中 |
| 下行触发 | 即便战略买家稀缺,Claroty 的多垂直覆盖和公共部门可选性仍可能抵消部分压力。 | 估值下调轮、ARR 停滞或 IPO 窗口延后,可能很快压缩价值。 | 高 |
投资逻辑和反向逻辑仅基于公开证据构建;私人财务披露可能实质改变权重。
[CV019, CV020, CV021, CV022, CV025, CV026]8.2 融资背景、估值纪律与入场价格
Claroty 披露的融资历史同时显示实力和复杂性。2021 年 D 轮融资 $140 million,将累计融资推至约 $235 million;2024 年 3 月的战略融资又增加 $100 million,把披露的累计资本提高到 $635 million。2026 年 1 月 F 轮由 Golub Growth 领投,新增 $150 million,使披露融资总额达到约 $885 million 至 $900 million。这样的资本规模可以正面解读,因为它让 Claroty 得以搭建宽口径 CPS 平台并达到有意义的企业级规模。但它也可能留下优先权负担,尤其是 2024 年融资包含私募信贷参与,而不是干净的普通股融资。 因此,入场纪律比标题估值更重要。独立报道把 F 轮估值放在约 $3 billion,但 Claroty 只确认较上一轮上升 80%,从未公布绝对估值。如果 2024 年上一轮估值确实为 $2.5 billion,那么 80% 的数学结果约为 $4.5 billion。这个不一致意味着,公开证据不足以把 $3 billion 当作已经验证的清算价格。纪律严明的投资者应把报道估值只当作尽调锚点,要求提供当前 ARR 证明,并在下行情景中承认:优先权和结构化资本可能比标题企业价值所暗示的那样吃掉更多价值。[CV001, CV003, CV004, CV006, CV007, CV008]
8.3 情景分析与回报测算
情景区间的驱动因素,与其说是市场需求争议,不如说是当前收入规模的不确定性。公开证据可以支持一个基准情景:到 2027 年,Claroty 已经从 >$100 million ARR 里程碑推进到更接近 $150 million 至 $160 million,从而支撑 $4 billion 至 $5 billion 的 IPO 或战略价值。这个情景说得通,但并不说明 $3 billion 入场显然便宜;只有当前 ARR 已经明显高于陈旧的公开锚点时,它才算合理。 乐观情景需要比现有信息更强的证据。若要支撑 $6 billion 至 $8 billion 退出,Claroty 需要溢价增长、公开市场时点,以及愿意支付远高于成熟网络安全平台倍数的买家或 IPO 投资者。悲观情景更容易从公开证据中看到,因为只需要三件事发生其一:ARR 未能拐点上行、IPO 窗口持续关闭,或优先权堆叠足够重,使得即使标题估值接近今天的报道水平,普通股回报仍然很差。因此,回报区间是偏斜的:以 $3 billion 入场,下行可能持平到为负;有吸引力的上行仍取决于公司尚未披露的信息。[CV016, CV017, CV018, CV031, CV032, CV033]
| 情景 | ARR (2027e) | 估值区间 | EV/ARR 倍数 | 概率信号 | 核心假设 | 主要触发因素 |
|---|---|---|---|---|---|---|
| 悲观 | $110-130M | $2.0-3.0B | 17x-25x | 25% | ARR 仍接近最后公开锚点,IPO 需求持续疲软。 | 退出被迫转向战略出售或持平私募轮。 |
| 基准 | $150-160M | $4.0-5.0B | 25x-31x | 50% | Claroty 在 2023 里程碑之上继续复合增长,并在披露改善后达到 IPO 就绪规模。 | 2027 IPO 窗口前出现 ARR 和利润率证据。 |
| 乐观 | $180-200M | $6.0-8.0B | 33x-40x | 25% | Claroty 像高端网络安全平台一样复合增长,并吸引 IPO 需求或战略稀缺价值。 | 2026-2027 增长披露强劲,且公开可比公司表现有利。 |
情景 ARR 和估值区间为分析师估计,锚定公开融资、可比退出和最后确认的 ARR 里程碑。
[CV017, CV018, CV031, CV032, CV033, CV034]8.4 可比估值锚点
可比公司集合有参考价值,但并不完美。Armis 是最清晰的上行锚点,因为 ServiceNow 宣布以 $7.75 billion 收购它,显示战略买家愿意为广义数字与物理风险平台支付的价格。不过,这不是干净的一对一可比,因为 Armis 的覆盖范围比 Claroty 更宽,横跨 IT、OT、IoT 和云。Nozomi 位于区间另一端:其约 $1 billion 出售给 Mitsubishi Electric,作为纯 OT 交易关联度很高,但可能低估 Claroty 在医疗和公共部门的更广覆盖。 Tenable 是最好的公开市场底线,因为它提供经正式提交的收入和客户指标。Tenable FY2025 收入约 $999 million,2025 年中市场价值约 $4.1 billion,对应约 4x 收入倍数;相比之下,若按 $120 million 工作 ARR 情景和 Claroty $3 billion 估值计算,隐含 ARR 倍数超过 25x。这个差距并不自动构成红旗,因为 Claroty 可能增长更快,并享有稀缺性价值。但它确实说明,Claroty 需要优于公开可比公司的增长和披露质量,才能守住溢价入场。Dragos 仍具战略相关性,但其公开定价已经陈旧,因此可比表必然只是部分而非完整。[CV024, CV025, CV026, CV027, CV028, CV029]
| 公司 | 状态 | 最近估值 / 交易价格 | ARR / 收入 | EV/ARR 倍数 | 范围 | 关键说明 |
|---|---|---|---|---|---|---|
| Claroty | 私营;Series F 2026 | 据报道 ~$3.0B / 按 80% 计算隐含 ~$4.5B | 上次确认 ARR >$100M;工作假设 $120M | $3.0B 时 ~25x / $4.5B 时 ~38x | 覆盖工业、医疗、商业和公共部门的 CPS 保护 | 最相关的直接可比公司,但绝对估值和当前 ARR 未核实。 |
| Nozomi Networks | 2025 被收购 | ~$1.0B | 未公开刷新 | n/a | 纯 OT / 工业安全 | 是有用的纯 OT 下行退出参照,但业务范围窄于 Claroty。 |
| Armis | 2025 被收购 | $7.75B | 此处未公开拆分 | n/a | 更广的 IT/OT/IoT/云风险平台 | 最好的上行战略退出上限参照,但不是干净的纯 OT 可比公司。 |
| Dragos | 私营;公开定价陈旧 | 2025-2026 未刷新公开估值 | 未披露 | n/a | ICS / OT 威胁检测与响应 | 纳入是因为业务相近,但当前估值证据不完整。 |
| Tenable | 上市 | 市场价值 ~$4.1B(Jun 2025) | $999.4M FY2025 收入 | 收入 ~4x | 具备 OT 能力的广义暴露管理平台 | 公开可比公司的下限显示,成熟网络安全平台交易倍数远低于私人市场 25x ARR 要价。 |
可比组有意保持不完整,因为 Dragos 缺少刷新后的公开定价,私营公司 ARR 披露也依然稀疏。
[CV011, CV012, CV024, CV025, CV026, CV027]8.5 退出准备度、投资逻辑破坏点与最终尽调问题
Claroty 从运营上看已具备退出准备度。它有后期资本、分析师认可、企业级标杆客户,管理团队也已经公开谈论 2027 年 IPO。它还没有准备好的,是公开市场披露。投资者仍缺少当前 ARR 衔接表、当前增长率、毛利率画像、留存数据,以及把企业价值转化为实际股权回报所需的股权结构表细节。这个缺口正是最终尽调清单短但关键的原因:核实收入质量、核实分配瀑布、核实任何优先级或结构化工具,并核实董事会真实 IPO 计划,而不是依赖媒体转述。 最清晰的投资逻辑破坏点直接来自这些缺失项。融资价格低于 2024 年估值、ARR 仍接近 $100 million 的证据,或股权结构表显示低于 $4 billion 退出时普通股拿不到多少价值,都会实质性削弱投资逻辑。若网络安全 IPO 市场到 2027 年仍实质关闭,也会产生同样影响。在这些问题得到回答前,最有证据支撑的结论不是 Claroty 在任何价格下都被高估,而是公开记录过于不完整,不足以在没有更强尽调权的情况下支撑支付后期溢价。[CV009, CV010, CV035, CV037, CV038, CV039]
| 触发因素 | 阈值 | 影响 | 需观察信号 |
|---|---|---|---|
| 估值下调融资 | 新融资低于 $2.5B | 打破溢价倍数逻辑,并意味着 2024-2026 价值被毁。 | 融资传闻、老股交易或正式融资。 |
| ARR 停滞 | 到 2026-2027,公开或私下数据仍接近 $100-120M ARR | 让 $3B+ 入场难以成立,并压缩 IPO 可选性。 | 董事会材料、S-1 泄露或贷款方尽调材料。 |
| IPO 窗口关闭 | 网络安全 IPO 市场到 2027 仍关闭 | 拉长持有期,并抬高过桥融资风险。 | 同业 IPO 日程、公开网络安全公司倍数趋势、宏观利率。 |
| 优先权悬顶 | 分配瀑布显示,低于 ~$4B 退出时普通股获得价值有限 | 即使企业价值看起来稳定,真实回报也会下降。 | 股权结构表、清算优先权、债务契约。 |
| 竞争性重定价 | 战略买家将 OT 退出锚定在接近 Nozomi 的水平 | 降低 Claroty 战略退出上限。 | 更多 OT 安全 M&A 交易定价和买方评论。 |
上述条件会打破投资逻辑,不是常规经营指标;触及任何一项都需要立即重估估值。
[CV013, CV014, CV015, CV034, CV035, CV038]| 主题 | 索取项 | 优先级 | 理由 |
|---|---|---|---|
| 当前 ARR | 提供从 FY2023 到当前季度的月度 ARR 变动桥表,以及销售管线转化情况。 | 关键 | 验证 $3B 入场价对应 20x、25x 还是 30x+ ARR。 |
| 股权结构表 | 提供完整优先股堆叠、清算分配瀑布,以及任何结构化信贷优先级条款。 | 关键 | 累计融资接近 $900M 时,真实回报可能与企业价值大幅背离。 |
| 利润率与留存 | 按产品线披露毛利率、NRR、流失率和回本周期。 | 高 | 决定 Claroty 应享有高端网络安全倍数,还是只能拿成熟平台倍数。 |
| IPO 就绪度 | 分享董事会批准的 IPO 里程碑、所需审计工作,以及 2027 闸门假设。 | 高 | 厘清 Golub 的资本是真正 IPO 前资金,还是只是过桥资金。 |
| 隐性负债 | 确认债务、契约、侧函、赎回权,以及任何与 Series F 绑定的投资者保护。 | 高 | 上述条款可能让新投资者居后,或限制退出时点。 |
上述尽调索取项按对估值信心的影响排序,而非按操作便利性排序。
[CV014, CV015, CV016, CV037, CV039, CV045]免责声明
本尽调报告由 AI 研究代理基于截至 2026-05-18 的公开来源生成,不构成投资建议,也不构成买卖任何证券的招揽。 Claroty 是私营公司,许多财务细节仍未披露;超出公司确认里程碑的任何估值或 ARR 讨论,必然基于二手报道和推断。 作出投资或业务决策前,请自行开展独立尽调。
证据索引
| 编号 | 陈述 | 可信度 | 来源 |
|---|---|---|---|
| CO001 | Claroty describes itself as the cyber-physical systems (CPS) protection company whose mission is to safeguard mission-critical infrastructure. | 高 | SO001, SO006 |
| CO002 | The Claroty Platform delivers asset visibility, exposure management, network protection, secure access, and threat detection for cyber-physical systems environments. | 高 | SO001, SO006 |
| CO003 | Claroty offers two deployment models: Claroty xDome (cloud SaaS) and Claroty CTD (Continuous Threat Detection, on-premise). | 高 | SO006, SO008 |
| CO004 | Claroty serves four primary verticals: industrial (OT/ICS/IIoT), healthcare (connected medical devices), commercial buildings, and public sector / critical infrastructure. | 高 | SO001, SO005 |
| CO005 | Claroty was founded in 2015 inside the Team8 cyber foundry in Israel and is headquartered in New York City. | 高 | SO001, SO015 |
| CO006 | Claroty launched the CPS Library alongside its January 2026 Series F; the product is described as an AI-powered asset catalogue providing deep visibility into CPS asset specifications and vulnerabilities. It was developed in collaboration with Schneider Electric and Rockwell Automation. | 高 | SO017, SO020 |
| CO007 | Nozomi Networks agreed to be acquired by Mitsubishi Electric for approximately $1 billion in September 2025. | 高 | SO017, SO024 |
| CO008 | ServiceNow announced plans to acquire Armis for $7.75 billion in December 2025. | 高 | SO017, SO024 |
| CO009 | Claroty was co-founded in 2015 by Galina Antova, Amir Zilberstein, and Benny Porat. | 高 | SO018, SO004 |
| CO010 | Yaniv Vardi serves as CEO of Claroty; he is not one of the original co-founders. | 高 | SO002, SO008 |
| CO011 | Yoram Gronich was appointed Chief Product Officer in June 2024; he previously held executive roles at Tufin, Symantec, and Check Point and has IPO experience from the Tufin public offering. | 高 | SO010, SO008 |
| CO012 | Grant Geyer transitioned from Chief Product Officer to Chief Strategy Officer in June 2024, where he leads market strategy, category adjacencies, and investment theses. | 中 | SO010, SO003 |
| CO013 | Gil Gur Arie, previously AI Chief at Ford Motor Company, was appointed as Chief Product Officer in January 2026 to lead AI and the CPS Library initiative. | 高 | SO020, SO005 |
| CO014 | Dave DeWalt, founder and CEO of NightDragon, was named Board Chairman in November 2025; he brings 20+ years of cybersecurity experience including the Intel acquisition of McAfee for $7.7 billion. | 高 | SO009, SO021 |
| CO015 | Co-founders Galina Antova and Amir Zilberstein continue to serve on Claroty's board of directors. | 中 | SO002, SO018 |
| CO016 | The board of directors includes David Cowan (Bessemer Venture Partners), Amit Lubovsky (SoftBank), Yuval Shachar (Team8), Robert Tuchscherer (Golub Capital), Meir Ukeles (MoreVC), Rossa Shanks (Istari), Peter Marturano (Standard Investments), and John Miller (Rockwell Automation). | 中 | SO002, SO009 |
| CO017 | Claroty's Series D of $140 million closed in June 2021, bringing cumulative funding to $235 million at that time. | 高 | SO004, SO018 |
| CO018 | Claroty acquired Medigate in 2021; the acquisition nearly doubled the company's size and laid the groundwork for the xDome SaaS platform. | 高 | SO008, SO004 |
| CO019 | In March 2024, Claroty closed a $100 million strategic growth financing; cumulative funding stood at $635 million at that time. | 高 | SO003, SO013 |
| CO020 | Claroty raised $150 million in a Series F round announced January 22, 2026, led by Golub Growth. Existing investors confirmed additional participation of up to $50 million. | 高 | SO013, SO016, SO017 |
| CO021 | Following the Series F, Claroty's total capital raised is approximately $885 million per CRN or roughly $900 million per SecurityWeek. | 中 | SO013, SO017 |
| CO022 | Golub Growth is an affiliate of Golub Capital and is known as a late-stage pre-IPO growth equity investor in B2B SaaS companies; its lead position in the Series F signals pre-IPO preparation. | 中 | SO016, SO013 |
| CO023 | Bessemer Venture Partners first invested in Claroty alongside the Series D; David Cowan serves on the board. | 中 | SO004, SO025 |
| CO024 | Team8 incubated and invested in Claroty; Yuval Shachar of Team8 serves on the board. | 高 | SO015, SO004 |
| CO025 | Calcalist reported a valuation of approximately $3 billion for Claroty following the Series F; Claroty has never publicly confirmed its valuation. | 低 | SO013, SO017 |
| CO026 | Claroty has over 1,000 customers globally, deployed at thousands of sites. | 中 | SO008, SO013 |
| CO027 | Claroty surpassed $100 million in annual recurring revenue in 2023; this was confirmed by the March 2024 press release. No subsequent ARR figure has been publicly confirmed. | 中 | SO003, SO008 |
| CO028 | Claroty works with 24 Fortune 100 companies as of January 2026, up from 20 Fortune 100 at the time of the March 2024 financing. | 中 | SO020, SO003 |
| CO029 | Claroty has over 700 employees located across 27 countries as of June 2025. | 中 | SO008, SO009 |
| CO030 | Named customers in the June 2025 press release include General Motors, BHP, Noble Energy, Britvic, Yale New Haven Health System, Boar's Head, South Tees Hospitals NHS Foundation Trust, BW Offshore, Port Authority of New York and New Jersey, and Haleon. | 中 | SO008, SO003 |
| CO031 | Team82, Claroty's in-house vulnerability research team, has disclosed more than 650 CPS vulnerabilities as of January 2026. | 中 | SO011, SO013 |
| CO032 | Gartner named Claroty a Leader in the Magic Quadrant for CPS Protection Platforms in both 2025 (inaugural edition) and 2026 (second consecutive year). | 高 | SO006, SO008 |
| CO033 | KLAS Research named Claroty Best in KLAS for Healthcare IoT Security for five consecutive years (2021–2025) with a score of 95.4 out of 100. | 高 | SO007, SO008 |
| CO034 | Nozomi Networks, a primary Claroty competitor in OT security, agreed to be acquired by Mitsubishi Electric for approximately $1 billion in September 2025. | 高 | SO017, SO024 |
| CO035 | ServiceNow announced plans to acquire Armis, a competing CPS/IoT security platform, for $7.75 billion in December 2025. | 高 | SO017, SO024 |
| CO036 | Claroty management characterized the 2025 peer acquisitions as a market-share opportunity for customers who do not want their OT security embedded inside a larger industrial or enterprise vendor. | 中 | SO017, SO022 |
| CO037 | Forrester named Claroty a Leader in The Forrester Wave: IoT Security Solutions, Q3 2025. | 高 | SO020, SO008 |
| CO038 | CEO Yaniv Vardi told Calcalist that Claroty aspires to go public and could pursue an IPO as early as 2027 if market conditions align. | 中 | SO013, SO017 |
| CO039 | SecurityWeek noted that Claroty confirmed an 80% increase in its valuation since March 2024, which is mathematically inconsistent with a $3 billion estimate if the prior baseline was $2.5 billion — suggesting either a valuation higher than $3 billion or that the $2.5 billion baseline was overstated. Claroty did not respond to comment requests on its valuation. | 低 | SO013 |
| CO040 | Claroty has not publicly disclosed a revenue or ARR figure subsequent to the >$100M ARR milestone confirmed in its March 2024 press release; current financial performance is not verifiable from public sources. | 中 | SO003, SO013 |
| CO041 | The March 2024 press release reported 300 percent customer growth since 2020, confirming sustained customer acquisition momentum leading into the Series F. | 中 | SO003 |
| CO042 | Forbes named Claroty to its Cloud 100 list for the fourth consecutive year in 2026. | 中 | SO019, SO008 |
| CM001 | The global OT security market is projected to reach USD 50.29 billion by 2030 at a CAGR of 16.5%, per MarketsandMarkets April 2025. | 高 | SM001, SM019 |
| CM002 | The US OT security market is projected to grow from USD 4.64 billion in 2025 to USD 9.37 billion by 2030 at a CAGR of 15.1%. | 高 | SM001, SM019 |
| CM003 | The European OT security market is projected to grow from USD 5.70 billion in 2025 to USD 11.93 billion by 2030 at a CAGR of 15.9%. | 高 | SM001, SM020 |
| CM004 | The Asia Pacific OT security market is projected to grow from USD 4.95 billion in 2025 to USD 11.29 billion by 2030 at a CAGR of 17.9%. | 中 | SM001, SM019 |
| CM005 | SNS Insider estimates the global ICS Security market will reach USD 41.82 billion by 2033, a figure cited via Yahoo Finance and news aggregators. | 低 | SM019 |
| CM006 | Precedence Research projects the OT Security market at USD 122.22 billion by 2034 using a broader scope that likely captures adjacent network and cloud security tools for OT. | 低 | SM019 |
| CM007 | CISA manages security and resilience programmes across 16 designated critical infrastructure sectors, almost all of which include OT or CPS components. | 高 | SM002, SM003 |
| CM008 | ICS legacy systems typically lack encryption and authentication mechanisms because they were originally designed for operability and reliability, not cybersecurity. | 高 | SM003, SM005 |
| CM009 | Brownfield OT deployments layer modern IoT and automation systems over legacy ICS infrastructure without inheriting adequate security controls, creating compounded risk. | 高 | SM003, SM005 |
| CM010 | CISA's Cross-Sector Cybersecurity Performance Goals (CPGs) provide a baseline set of OT and IT security practices applicable to all critical infrastructure sectors. | 高 | SM004, SM002 |
| CM011 | NIST SP 800-82 Rev.3, published in September 2023, is the primary federal guidance document for securing OT/ICS environments. | 高 | SM005, SM002 |
| CM012 | ISA/IEC 62443 is the global consensus standard for industrial automation and control systems cybersecurity, endorsed by the United Nations. | 高 | SM006, SM005 |
| CM013 | ISA/IEC 62443 standards cover use cases across more than 20 industries, including chemicals, oil and gas, energy, medical devices, and transportation. | 高 | SM006, SM005 |
| CM014 | NERC CIP standards mandate cybersecurity protections for bulk electric system (BES) assets across North America, creating a compliance-driven budget requirement for utilities. | 高 | SM007, SM025 |
| CM015 | WaterISAC provides threat intelligence sharing for water and wastewater sector operators in the United States. | 高 | SM008, SM002 |
| CM016 | HHS has issued HIPAA Security Rule cybersecurity guidance requiring covered healthcare entities to address medical device and OT network security. | 高 | SM009, SM002 |
| CM017 | Gartner named Claroty a Leader in the Magic Quadrant for CPS Protection Platforms in December 2025, validating the CPS category as a recognised analyst segment. | 高 | SM013, SM015 |
| CM018 | Forrester named Claroty a Leader in the Forrester Wave for IoT Security Solutions in Q3 2025. | 中 | SM014 |
| CM019 | In a 2026 SANS Institute survey of 947 global respondents, 60% of organisations cite OT cybersecurity skills gaps as the primary workforce challenge, up from a smaller proportion the prior year. | 中 | SM010, SM024 |
| CM020 | Regulatory pressure on OT security hiring surged from affecting 40% to 95% of organisations in a single year, per SANS 2026 survey. | 中 | SM010, SM020 |
| CM021 | 27% of organisations report security breaches directly linked to OT cybersecurity workforce capability gaps, per SANS 2026 survey. | 中 | SM010, SM024 |
| CM022 | Gartner's CPS Protection Platforms Magic Quadrant category covers OT/ICS, IoT, and medical device security as a unified buyer segment, providing a defined analyst boundary for the market. | 高 | SM013, SM015 |
| CM023 | Rising ICS incident frequency is driving a shift from reactive risk models to intelligence-driven OT security strategies, per Industrial Cyber 2026 coverage. | 中 | SM024, SM021 |
| CM024 | The US Coast Guard mandated cybersecurity training for all IT/OT access personnel by January 2026, extending federal cybersecurity mandates to maritime OT. | 中 | SM020, SM022 |
| CM025 | Maritime OT cyberattacks surged 150% in 2025 per a Cydome report, illustrating escalating attack frequency in the transportation/maritime OT vertical. | 中 | SM020, SM021 |
| CM026 | MarketsandMarkets publishes a dedicated ICS Security in Energy and Power market report, indicating analyst recognition of energy/utilities as a distinct and significant OT security vertical. | 中 | SM001, SM019 |
| CM027 | Healthcare OT security encompasses medical device security, clinical network segmentation, and building management systems under a unified hospital cybersecurity programme. | 中 | SM009, SM013 |
| CM028 | WaterISAC provides sector-specific threat intelligence to water sector operators, and EPA guidance creates additional OT security incentives for water utilities. | 中 | SM008, SM004 |
| CM029 | The EU NIS2 Directive (effective 2024) requires critical infrastructure operators across EU member states to implement OT security measures meeting minimum cyber hygiene standards. | 中 | SM020, SM006 |
| CM030 | NERC CIP standards apply specifically to bulk electric system assets across North America, creating direct compliance budget allocation for OT security in the utilities sector. | 高 | SM007, SM025 |
| CM031 | Independent analyst OT/ICS security market size estimates range from approximately $41 billion to $122 billion by 2033–2034, reflecting inconsistent scope boundaries rather than disagreement about growth rates. | 中 | SM001, SM019 |
| CM032 | OT security platform procurement cycles in critical infrastructure typically run 12–36 months, driven by operational risk aversion, board-level approval requirements, and non-disruptive deployment constraints. | 中 | SM010, SM022 |
| CM033 | Legacy ICS devices commonly use outdated operating systems and protocols such as Modbus and DNP3 that lack encryption and authentication, a structural security liability in brownfield environments. | 高 | SM003, SM005 |
| CM034 | IT/OT convergence, driven by IIoT adoption and remote access requirements, has materially expanded the OT attack surface by connecting previously isolated industrial networks to enterprise IT and cloud environments. | 高 | SM003, SM022 |
| CM035 | Budget ownership for OT security platforms varies by vertical: CISO and VP Operations in energy, plant manager or IT manager in manufacturing, CISO plus Biomedical Engineering in healthcare. | 中 | SM010, SM013 |
| CM036 | In manufacturing, ransomware-driven operational disruption and cyber insurance renewal requirements are the primary triggers for OT security platform evaluation. | 中 | SM021, SM022 |
| CM037 | In healthcare, patient-safety consequences of compromised medical devices and FDA medical device cybersecurity guidance drive OT security investment alongside HIPAA compliance requirements. | 中 | SM009, SM013 |
| CM038 | The ICS security market was projected to grow at approximately 20% through 2026 per Global Market Insights, a forecast cited in industry news aggregators. | 低 | SM019 |
| CM039 | SANS 2026 data shows 42% of organisations report that OT cybersecurity skills gaps prevent adoption of new security technologies, directly constraining platform penetration. | 中 | SM010, SM024 |
| CM040 | For energy and utilities buyers, NERC CIP compliance is the primary budget justification for OT security platform investment, making regulatory mandate the dominant sales trigger in this vertical. | 中 | SM007, SM025 |
| CM041 | The 3x spread between the lowest ($41.82B by 2033) and highest ($122.22B by 2034) independent analyst OT security market estimates is wider than any single analyst's stated confidence interval, indicating that market boundary definitions — not forecasting methodology — drive the divergence. | 中 | SM001, SM019 |
| CP001 | The OT/CPS security market presents Claroty with a three-tier competitive landscape consisting of pure-play CPS vendors, adjacent-platform players, and niche or automation-embedded vendors. | 高 | SP001, SP003, SP005 |
| CP002 | The Gartner Magic Quadrant for CPS Protection Platforms was formally established and named multiple leaders in its 2025 and 2026 editions, legitimizing enterprise OT security budget allocation. | 中 | SP018, SP001 |
| CP003 | Status-quo alternatives to dedicated OT security platforms include managed OT security services from large consultancies and extending existing IT SIEM or XDR tools to OT environments. | 中 | SP008, SP020 |
| CP004 | All eight major OT/CPS security competitors charge enterprise custom pricing with no publicly listed prices, making independent cost comparisons between platforms unavailable. | 中 | SP001, SP003, SP005, SP007 |
| CP005 | The competitive intensity in OT/CPS security is rising as new regulatory mandates (NIS2, TSA directives, NERC CIP updates) create mandated spend and structured RFP processes for OT security platforms. | 中 | SP008, SP020, SP014 |
| CP006 | Dragos was named a Leader in the 2026 Gartner Magic Quadrant for CPS Protection Platforms for the second consecutive year. | 高 | SP001, SP014 |
| CP007 | Dragos tracks 26 industrial OT-focused threat groups globally, with 11 active during 2025, and identified three new groups (Azurite, Pyroxene, Sylvanite) during the year. | 高 | SP001, SP012 |
| CP008 | Dragos uses a "Now, Next, Never" vulnerability prioritization model which it claims reduces the actionable vulnerability backlog to 3–6% of total ICS vulnerabilities, significantly narrowing remediation scope versus CVSS-only approaches. | 高 | SP001, SP002 |
| CP009 | Dragos's OT Watch managed detection and response service extends the Dragos Platform into a fully managed offering with proactive threat hunting, platform operations, and expert incident escalation. | 高 | SP001, SP002 |
| CP010 | Dragos operates the OT-CERT free cybersecurity resources program and the Community Defense Program providing free OT security technology to qualifying water, electric, and natural gas utilities under $100M in US revenue. | 高 | SP001, SP002 |
| CP011 | Nozomi Networks reports monitoring over 115 million OT, IoT, and IT devices across more than 12,000 installations worldwide. | 高 | SP004, SP021 |
| CP012 | Nozomi Networks claims 100% customer retention, a metric the company prominently features in its corporate positioning, though this figure is not independently audited. | 中 | SP004 |
| CP013 | Nozomi Networks is backed by strategic investments and channel partnerships from major industrial automation vendors including Schneider Electric, ABB, Siemens, and GE, as well as security vendors Mandiant and IBM Security. | 高 | SP003, SP004 |
| CP014 | Nozomi Networks was listed alongside Claroty and Armis as topping cyber-physical security analyst rankings in February 2025 coverage by BankInfoSecurity. | 中 | SP022 |
| CP015 | Nozomi Networks' platform combines wired sensor, endpoint, and wireless sensor modalities with cloud and on-premises management, providing endpoint-to-network visibility tuned for OT environments that prioritize safety and availability over confidentiality. | 中 | SP003 |
| CP016 | Armis Centrix is a cloud-delivered agentless cyber exposure management platform covering IT, OT/IoT, and medical device security, positioning the company as a CAASM vendor rather than a pure OT security specialist. | 高 | SP005, SP006 |
| CP017 | Armis Centrix includes VIPR Pro (Vulnerability Prioritization and Remediation) for contextual vulnerability prioritization across connected assets spanning IT, OT, IoT, and medical devices. | 中 | SP005 |
| CP018 | Armis secures a globally diverse customer base including Colgate-Palmolive, United Airlines, Allegro MicroSystems, Takeda Pharmaceuticals, Mondelēz International, and DocuSign, demonstrating strong enterprise IT-adjacent penetration. | 中 | SP006 |
| CP019 | Armis was ranked alongside Claroty and Nozomi as a top cyber-physical security vendor in analyst coverage in early 2025. | 中 | SP022 |
| CP020 | Tenable One OT Exposure unifies OT and IT asset inventories under a single exposure management platform, using Safe Active Query (non-disruptive native-protocol active scanning) to inventory OT assets without operational disruption. | 高 | SP007, SP020 |
| CP021 | Tenable One OT Exposure uses the company's Vulnerability Priority Rating (VPR) metric which contextualizes CVSS scores with real-world exploitability data to focus remediation on the most dangerous exposures. | 高 | SP007, SP020 |
| CP022 | Palo Alto Networks bundles OT security capabilities into its Industrial OT Security product as an extension of its NGFW and Strata/Prisma enterprise security platform, enabling OT visibility for buyers already in the Palo Alto ecosystem at low marginal cost. | 高 | SP011, SP013 |
| CP023 | Palo Alto Networks Industrial OT Security named BorgWarner and Grupo Bimbo as enterprise references for real-time OT asset inventory and risk management deployment. | 中 | SP011, SP024 |
| CP024 | Palo Alto Networks OT security pricing is available through the PANW partner portal and can be bundled with NGFW or SASE hardware/software procurement, offering buyers the option to avoid a separate standalone OT security contract. | 中 | SP011 |
| CP025 | Tenable One OT Exposure supports cloud, on-premises, and hybrid deployment models, addressing both cloud-first enterprises and air-gapped OT environments requiring full local control. | 高 | SP007, SP020 |
| CP026 | Cisco Industrial Threat Defense uses Cisco Cyber Vision to leverage existing Cisco network switches and routers as passive OT/ICS monitoring sensors, reducing the deployment cost and complexity of dedicated OT security hardware. | 高 | SP008, SP013 |
| CP027 | Cisco Secure Equipment Access provides zero-trust remote access specifically designed for OT/ICS assets, integrated into Cisco's network infrastructure for IT/OT unified secure access management. | 高 | SP008, SP013 |
| CP028 | Cisco Industrial Threat Defense integrates with Cisco XDR and Splunk for unified IT/OT threat correlation and response, providing organizations with a single-console view of IT and OT security events. | 高 | SP008, SP013 |
| CP029 | Verve Industrial's platform has been rebranded as SecureOT by Rockwell Automation, combining the former Verve Security Center OT platform with professional services, managed detection and response, and 24/7 OT SOC/NOC capabilities. | 中 | SP009 |
| CP030 | Verve/SecureOT positions its platform as "built by a manufacturer for manufacturers," emphasizing vendor-neutral OT asset inventory and risk prioritization across heterogeneous ICS environments. | 中 | SP009 |
| CP031 | Radiflow serves over 20,000 sites globally with a focus on non-intrusive OT/ICS network monitoring and deploys Smart Collectors at remote sites for bandwidth-efficient transfer of mirrored OT network data to a central SOC. | 中 | SP010 |
| CP032 | Radiflow's platform is designed for MSSP-delivered OT security with APIs enabling two-way data enrichment with integrated SIEM, analytics, and privileged access management tools including IBM security products. | 中 | SP010 |
| CP033 | Radiflow supports IEC 62443 compliance requirements and specifically targets verticals where cyber incidents can disrupt critical operations, including energy, water, and process manufacturing. | 中 | SP010 |
| CP034 | Nozomi Networks delivers platform capabilities through cloud-based centralized management, on-premises deployment, and a broad spectrum of wired, endpoint, and wireless sensor hardware options. | 中 | SP003 |
| CP035 | Claroty's most durable competitive moat is its multi-domain XIoT asset coverage spanning OT, IoT, BAS, and medical devices, creating switching costs that no single competitor currently matches across all four domains simultaneously. | 中 | SP005, SP001, SP003 |
| CP036 | Replacing Claroty in a large enterprise would require re-deploying asset discovery, monitoring, and vulnerability management across OT, IoT, BAS, and medical device domains, creating multi-layer switching costs that are materially higher than for single-domain OT competitors. | 中 | SP005, SP001 |
| CP037 | Palo Alto Networks and Cisco represent the most credible displacement risk to Claroty in IT-led enterprises by offering OT security as a bundled capability within existing enterprise security renewal cycles, reducing the need for a standalone OT security RFP. | 中 | SP011, SP008 |
| CP038 | Tenable One OT Exposure's cross-sell potential into Tenable's existing vulnerability management install base poses an upsell risk in regulated industries where OT security is treated as an extension of IT vulnerability management programs. | 中 | SP007 |
| CP039 | Multi-homing is a real dynamic in the OT security market, where enterprise buyers may deploy Dragos or Nozomi for ICS threat detection and add Claroty specifically for medical device or BAS coverage, generating co-deployment scenarios rather than pure zero-sum competition. | 中 | SP001, SP003, SP005 |
| CP040 | Claroty's Team82 threat research unit provides continuous brand reinforcement with security practitioners and serves as an earned-media asset analogous to Dragos's WorldView and annual Year in Review report. | 中 | SP001, SP012 |
| CP041 | Dragos's 2026 OT Cybersecurity Year in Review confirmed a 64% year-over-year increase in ransomware targeting industrial entities and the growth of active ransomware groups from 80 in 2024 to 119 in 2025. | 中 | SP012 |
| CP042 | The accelerating threat intensity reported by Dragos in 2026 benefits all OT security vendors and does not automatically favor Claroty—ability to grow market share depends on competitive displacement wins rather than greenfield budget creation alone. | 中 | SP012, SP014 |
| CI001 | Claroty secured $150 million in Series F funding on January 22, 2026, led by Golub Growth, an affiliate of Golub Capital, with up to $50 million of additional confirmed participation from existing investors. | 高 | SI001, SI011, SI015 |
| CI002 | The Series F includes up to $50 million of additional participation from existing investors beyond the $150 million led by Golub Growth, bringing total potential Series F proceeds to $200 million. | 高 | SI001, SI017 |
| CI003 | Claroty confirmed an 80% increase in valuation since its previous financing round in March 2024 (the Series E-II), but has never publicly disclosed an absolute valuation figure. | 高 | SI001, SI011, SI015 |
| CI004 | On March 6, 2024, Claroty closed $100 million in "strategic growth financing" led by equity investor Delta-v Capital, with co-investors including AB Private Credit Investors at AllianceBernstein, Standard Investments, Toshiba Digital Solutions, SE Ventures, Rockwell Automation, and SVB. | 高 | SI012, SI004, SI009, SI010 |
| CI005 | The March 2024 Series E-II was announced alongside a statement that Claroty had received $635 million in cumulative funding prior to this new round, implying approximately $400 million was raised in an undisclosed round between the Series D close (June 2021, ~$235M cumulative) and March 2024. | 高 | SI012, SI004 |
| CI006 | Claroty's Series D, closed June 17, 2021, raised $140 million co-led by Bessemer Venture Partners and Standard Industries' investment platform 40 North, and was the largest investment ever made in the industrial cybersecurity sector at that time. | 高 | SI013, SI019 |
| CI007 | Total cumulative capital raised by Claroty as of January 2026 is approximately $885 million per CRN or roughly $900 million per SecurityWeek; CB Insights records $882 million over ten rounds. | 高 | SI015, SI011, SI006 |
| CI008 | SEC EDGAR records two Form D filings for Claroty-related equity vehicles in early 2022: Team8 – Claroty II, L.P. (filed January 10, 2022, CIK 0001903605) and Marker-Claroty Series E LP (filed February 3, 2022, CIK 0001908673, initial offering amount $7.3 million for an SPV), confirming the existence of structured equity vehicles around an undisclosed late-2021 funding event. | 高 | SI002, SI003, SI007 |
| CI009 | No SEC Form D filings have been identified on EDGAR for either the 2024 Series E-II or the 2026 Series F funding rounds, suggesting these rounds used non-U.S. fund structures, debt instruments, or structured equity arrangements that do not require Form D registration under Regulation D. | 中 | SI007 |
| CI010 | CB Insights records a December 2021 funding round for Claroty that was not publicly announced by the company, consistent with the SPV filings on EDGAR and the $400 million implied gap between the Series D cumulative total and the Series E-II disclosure. | 中 | SI006, SI008 |
| CI011 | Claroty disclosed that it surpassed $100 million in annual recurring revenue (ARR) during 2023, per the March 6, 2024 Series E-II press release, representing the only company-confirmed ARR milestone in the public record. | 高 | SI012, SI004 |
| CI012 | Claroty does not publicly disclose current ARR, total revenue, gross margin, net revenue retention, EBITDA, operating cash flow, or burn rate; all financial metrics beyond the 2023 ARR milestone are undisclosed by the company. | 高 | SI001, SI012 |
| CI013 | Forbes references $300 million in ARR "over the past three years" for Claroty, a figure that appears to conflict with Claroty's own March 2024 disclosure of a "$100 million ARR" milestone in 2023; the Forbes figure may represent cumulative ARR, a different calculation methodology, or an error in aggregation. | 中 | SI016, SI012 |
| CI014 | CB Insights estimates Claroty's 2026 annual revenue at approximately $200 million, based on secondary market transaction data; this is an unverified third-party estimate with low confidence. | 低 | SI006, SI008 |
| CI015 | Claroty's primary software revenue is delivered through Claroty xDome (cloud-native SaaS) and Claroty Continuous Threat Detection / CTD (on-premise software), covering exposure management, network protection, secure access, and threat detection. | 高 | SI001, SI025 |
| CI016 | The Claroty CPS Library, launched at the January 2026 Series F announcement, is an AI-powered asset catalogue described as the first in the industry to provide cross-vendor CPS asset visibility, representing a new potential subscription revenue stream. | 高 | SI001, SI015 |
| CI017 | Claroty does not disclose the revenue split between its SaaS (xDome) and on-premise (CTD) product lines, nor the geographic or vertical breakdown of revenue. | 高 | SI001, SI012 |
| CI018 | Gross margins for Claroty's product lines are not publicly disclosed; industry benchmarks for comparable enterprise SaaS security platforms suggest software gross margins of approximately 70–85%, with on-premise deployments typically 5–10 points lower. | 低 | SI021, SI020 |
| CI019 | Benchmarking Claroty's capital efficiency against direct public comparable companies is limited: Armis was acquired by ServiceNow for $7.75 billion in 2025 and Nozomi Networks was acquired by Mitsubishi Electric for approximately $1 billion in 2025, eliminating the most comparable public market proxies. | 中 | SI015, SI020 |
| CI020 | With approximately $882 million in disclosed total capital raised against a confirmed ARR milestone of $100+ million in 2023, Claroty's capital-to-ARR ratio was approximately 8–9x at the time of the Series E-II — elevated but not atypical for enterprise security platforms during aggressive growth phases. | 低 | SI006, SI012 |
| CI021 | Claroty does not disclose customer concentration metrics; the company reports total customer count (1,000+) and Fortune 100 coverage (24 companies) but not the revenue share of top customers or any cohort-level retention data. | 高 | SI001, SI022 |
| CI022 | Claroty employs over 700 people across 27 countries as of mid-2025, per company press releases; exact headcount, functional distribution, and cost per employee are not disclosed. | 高 | SI022, SI001 |
| CI023 | Net revenue retention, gross revenue churn, and customer expansion rates are not publicly disclosed by Claroty; these metrics are critical for assessing the quality and durability of the company's subscription revenue base ahead of any prospective IPO. | 高 | SI001, SI012 |
| CI024 | Claroty acquired Medigate, a healthcare IoT security company, in early 2022; the acquisition price was not publicly disclosed, and it was likely funded from the undisclosed Series E capital raise of the same period. | 中 | SI006, SI022 |
| CI025 | Claroty has not disclosed EBITDA, operating income, net income, operating expenses, R&D spend as a percentage of revenue, or sales and marketing efficiency ratios; no path-to-profitability guidance has been provided publicly. | 高 | SI001, SI012 |
| CI026 | CEO Yaniv Vardi stated publicly that Claroty could pursue an initial public offering as early as 2027, conditional on market conditions, per CRN citing Calcalist reporting. | 高 | SI015, SI011 |
| CI027 | Golub Growth, the Series F lead investor, is a pre-IPO-focused affiliate of Golub Capital that specializes in flexible debt and equity capital for B2B SaaS companies, typically investing in the 12–36 month window before an IPO; its lead role in the Series F signals Claroty is actively preparing for a public market listing. | 高 | SI014, SI015 |
| CI028 | Calcalist reported Claroty's post-Series F valuation at approximately $3 billion, a figure that Claroty has neither confirmed nor denied publicly. | 中 | SI011, SI015 |
| CI029 | SecurityWeek explicitly noted that "the $3 billion estimates are mathematically inconsistent with the previously reported $2.5 billion baseline," given that Claroty itself confirmed an 80% valuation increase since March 2024. | 高 | SI011, SI015 |
| CI030 | An 80% increase applied to CRN's reported $2.5 billion March 2024 post-money valuation implies a post-Series F valuation of approximately $4.5 billion, not the $3 billion reported by Calcalist; at least one published figure is incorrect and requires direct verification. | 中 | SI015, SI011 |
| CI031 | Cash runway following the Series F cannot be estimated without a disclosed burn rate; the $150M (up to $200M) in new capital provides a material buffer for IPO preparation but its duration depends entirely on operating cash consumption, which is not disclosed. | 中 | SI001, SI015 |
| CI032 | The approximately $400 million implied funding gap between the Series D cumulative total (~$235M) and the Series E-II cumulative disclosure ($635M) represents the largest disclosure gap in Claroty's financing history; neither the terms, investors, valuation, nor use of proceeds for this round have been publicly disclosed. | 高 | SI012, SI006, SI002, SI003 |
| CI033 | Claroty's public financial disclosure is limited to total cumulative funding raised, an ARR milestone (>$100M in 2023), aggregate customer count (1,000+), Fortune 100 penetration (24 companies), employee headcount (700+), and a valuation percentage change (+80% since March 2024); no absolute financial metrics are disclosed, making external financial analysis heavily reliant on estimation. | 高 | SI001, SI012, SI022 |
| CI034 | The Calcalist $3 billion valuation and Claroty's confirmed 80% valuation growth since March 2024 cannot both be correct relative to the same $2.5 billion March 2024 baseline; this discrepancy is an unresolved material diligence item that requires direct company confirmation. | 高 | SI011, SI015 |
| CI035 | Average contract value trend, customer acquisition cost, customer lifetime value, and payback period metrics are not publicly disclosed; Claroty has not published unit economics data in any press release, investor presentation, or industry conference filing. | 高 | SI001, SI012 |
| CI036 | The 2027 IPO aspiration is conditional on market conditions; IPO readiness milestones, targeted ARR thresholds, profitability gates, and the intended IPO exchange or structure have not been publicly disclosed. | 中 | SI015, SI026 |
| CI037 | The absence of SEC Form D filings for the 2024 Series E-II and 2026 Series F rounds may indicate the use of Cayman Islands or other non-U.S. domiciled fund vehicles, structured credit instruments not constituting equity under Regulation D, or private debt with equity kickers; the specific structure of the cap table and any liquidation preference stacking are unknown. | 中 | SI007, SI002, SI003 |
| CI038 | Claroty's geographic revenue breakdown is not publicly disclosed; the company operates across 27 countries with offices in North America, Europe, the Middle East, Africa, and Asia-Pacific, but no revenue percentage by region has been published. | 高 | SI022, SI001 |
| CI039 | Benchmarking Claroty's ARR growth against direct peers Armis and Dragos is not possible: Armis was acquired by ServiceNow in 2025 (last disclosed valuation $4.6B) and does not report standalone ARR; Dragos is private and does not disclose ARR; Claroty is currently the primary large-scale, independent pure-play CPS/OT security company. | 中 | SI020, SI015 |
| CE001 | The Claroty Platform is organized around six capability pillars: asset inventory, exposure management, network protection, secure access, threat detection, and operational efficiency. | 高 | SE001, SE002 |
| CE002 | Claroty delivers the platform through two primary products: Claroty xDome (cloud-native SaaS) and Claroty Continuous Threat Detection (CTD, on-premises). | 高 | SE001, SE002 |
| CE003 | Claroty Edge is a zero-infrastructure edge-data collector that runs on existing Windows hosts without requiring network sensors, allowing coverage of remote and air-gapped sites. | 高 | SE009, SE001 |
| CE004 | The Claroty CPS Library, launched November 18, 2025, uses LLMs and statistical inference modeling to resolve fragmented device identifiers into vendor-verified canonical device records. | 高 | SE006, SE024 |
| CE005 | Claroty supports four discovery methods: passive monitoring (SPAN/TAP), Claroty Edge (agent-based), Safe Queries (low-impact active), and Project File Analysis (offline PLC/DCS project file parsing). | 高 | SE001, SE009 |
| CE006 | A Claroty Team82 research report found that 88% of CPS assets do not transmit an exact product code and 76% transmit product names differing from the vendor's official record, the problem CPS Library addresses. | 中 | SE006 |
| CE007 | The Claroty platform covers 450+ industrial protocols, the deepest library claimed by any OT security vendor, used for asset discovery, anomaly detection, and policy enforcement. | 中 | SE002, SE001 |
| CE008 | Claroty claims to have secured 40 million+ CPS devices globally as of 2026, based on company self-reported deployment metrics on official product pages. | 低 | SE002 |
| CE009 | Claroty xDome for Healthcare is a modular, SaaS-based solution specifically designed for IoMT device security, including IV pumps, patient monitors, and connected clinical equipment. | 高 | SE003, SE001 |
| CE010 | Claroty's healthcare xDome integrates with CMMS systems and supports MDS2, SBOM, and VEX files from medical device manufacturers, enabling manufacturer-curated vulnerability guidance within xDome. | 高 | SE003, SE012 |
| CE011 | Siemens Healthineers has a CTAP-certified integration with Claroty xDome for Healthcare, providing manufacturer-curated vulnerability, risk, and mitigation guidance from device OEM data. | 高 | SE003, SE006 |
| CE012 | Claroty xDome Secure Access provides zero-trust remote access to OT/ICS networks with session recording, just-in-time credential vaulting, per-device policies, and multi-factor authentication. | 高 | SE001, SE009 |
| CE013 | Claroty was named a Representative Vendor in the 2026 Gartner Market Guide for CPS Secure Remote Access, confirming analyst visibility in the SRA segment. | 高 | SE012, SE018 |
| CE014 | The Claroty compliance and reporting module automates evidence collection and generates audit-ready reports for NIS2, NERC CIP, IEC 62443, HHS Section 405(d), NIST CSF, and related frameworks. | 中 | SE002, SE003, SE004 |
| CE015 | Claroty's March 2026 Team82 report "Analyzing CPS Attack Trends" found 82% of CPS attacks used remote access protocols and 66% targeted HMIs and SCADA systems, based on 200+ verified incidents. | 高 | SE010, SE013, SE007 |
| CE016 | Team82 has disclosed more than 750 ICS vulnerabilities — the highest disclosure count claimed among OT security vendors or research groups as of 2026. | 中 | SE007, SE002 |
| CE017 | Team82 maintains a public GitHub organization (github.com/claroty) with 10+ open-source OT security research tools and 145 followers as of May 2026. | 高 | SE008, SE007 |
| CE018 | Team82's open-source tools include Arya (reverse YARA generator), EtherNet/IP & CIP Stack Detector, OPC UA Fuzzer, OPC UA Exploit Framework, MMS Stack Detector, netunnel, and WinCE-Debugger. | 高 | SE007, SE008 |
| CE019 | Two CISA ICS-CERT advisories from March 2026 cite Team82 disclosures: ICSA-26-078-01 (Schneider Electric Modicon M241/M251/M262) and ICSA-26-071-01 (Trane Tracer SC/SC+/Concierge). | 高 | SE020, SE007 |
| CE020 | Team82 operates under a formal Coordinated Disclosure Policy and provides a PGP key for secure communication with vendors and researchers in the vulnerability disclosure process. | 高 | SE007, SE008 |
| CE021 | Team82 integrated AFL fuzzer infrastructure into the open-source OpENer EtherNet/IP stack and discovered five vulnerabilities including out-of-bounds write, memory leaks, and RCE vectors. | 高 | SE014, SE007 |
| CE022 | Claroty supports SIEM integrations with IBM QRadar, Microsoft Sentinel, Splunk, and ArcSight, and SOAR/ticketing integrations with ServiceNow, PagerDuty, and Jira. | 中 | SE009, SE001 |
| CE023 | Claroty's CTAP (Technology Alliance Program) certifies partner integrations and documents whether the integration is built and supported by Claroty or the technology partner. | 中 | SE003, SE005 |
| CE024 | The Rockwell Automation integration allows Rockwell FactoryTalk AssetCentre customers to receive Claroty vulnerability and threat intelligence directly within the Rockwell management console. | 高 | SE005, SE025 |
| CE025 | Claroty's CPS Library MCP Server enables generative AI tools to query CPS security data using natural-language interfaces, accelerating incident response and expanding data access. | 中 | SE006 |
| CE026 | Claroty xDome's April 2026 Visibility Orchestration update introduced an automated Visibility Score and prioritized enrichment task list, centralizing gap analysis and multi-method asset enrichment. | 中 | SE011, SE013 |
| CE027 | Claroty received a Gartner Peer Insights score of 4.9/5 based on 119 ratings with a 97% "Would Recommend" score in the CPS Protection Platforms market as of March 3, 2026. | 高 | SE012, SE018 |
| CE028 | Claroty was named a Leader in the 2026 Gartner Magic Quadrant for CPS Protection Platforms, the second consecutive year it achieved the Leader designation in this category. | 高 | SE012, SE018 |
| CE029 | Claroty was named a Leader in the Forrester Wave for IoT Security Solutions Q3 2025, corroborating the Gartner Magic Quadrant recognition across multiple analyst firms. | 高 | SE017, SE016 |
| CE030 | Claroty offers compliance reporting automation for NIS2, NERC CIP, IEC 62443, NIST CSF, and HHS 405(d), covering all four primary verticals with framework-specific output. | 中 | SE002, SE003, SE004 |
| CE031 | A critical authentication bypass vulnerability in Claroty's Secure Remote Access (SRA) product was patched in October 2025, reported by Dark Reading as a high-severity flaw. | 高 | SE015, SE010 |
| CE032 | No publicly available post-patch security audit, penetration test results, or independent verification of Claroty SRA's security posture following the October 2025 CVE was identified. | 低 | |
| CE033 | The CPS Library's AI accuracy depends on OEM partnership coverage; devices from vendors outside the Rockwell/Schneider/Siemens constellation may receive lower-quality attribute resolution. | 中 | SE006, SE013 |
| CE034 | CPS Library's Visibility Orchestration uses multi-method enrichment combining Claroty Edge, active queries, and EDR integrations to build fuller asset profiles and improve Visibility Score. | 高 | SE013, SE011, SE006 |
| CE035 | Claroty's GitHub organization has 145 followers — a relatively small developer community compared to IT-native security vendors — limiting crowd-sourced feedback loops for feature validation. | 高 | SE008, SE007 |
| CU001 | Claroty has surpassed 1,000 customers globally, including General Motors, BHP, Noble Energy, Britvic, Yale New Haven Health System, Boar's Head, South Tees Hospitals NHS Foundation Trust, BW Offshore, Port Authority of New York and New Jersey, and Haleon. | 中 | SU021 |
| CU002 | Claroty works with 24 of the Fortune 100 companies as named customers, establishing strong large-enterprise adoption. | 中 | SU021 |
| CU003 | The Claroty platform is deployed at more than 8,000 sites globally, implying an average of approximately eight sites per customer across the 1,000+ customer base. | 中 | SU023 |
| CU004 | Claroty achieved over $100 million in Annual Recurring Revenue (ARR) in 2023, a milestone cited by CEO Yaniv Vardi in the company's 10-year anniversary communications. | 中 | SU021 |
| CU005 | Claroty serves four primary verticals with dedicated solution sets and go-to-market teams: Healthcare, Industrial/OT, Public Sector, and Commercial/Retail. | 高 | SU022, SU023, SU015 |
| CU006 | Claroty has global operations in North America, EMEA, and Asia-Pacific, with over 700 employees located in 27 countries as of the company's tenth anniversary in June 2025. | 中 | SU021 |
| CU007 | Port Authority of New York and New Jersey (PANYNJ) selected Claroty after a 265-question technical evaluation in which only three vendors responded; Claroty's answers were significantly superior to competitors. | 中 | SU005 |
| CU008 | PANYNJ manages major international airports, bridges and tunnels, a maritime port complex, a commuter rail system, a major bus terminal, and the World Trade Center complex — serving up to six million people in a single day at peak. | 中 | SU005 |
| CU009 | PANYNJ's initial Claroty CTD implementation covering hundreds of ICS composed of thousands of assets took approximately two years total, with the most critical systems onboarded in the first 8–10 months. | 中 | SU005 |
| CU010 | South Tees Hospitals NHS Foundation Trust deployed all Claroty xDome modules across six facilities serving 1.5 million people, with goals of device inventory, compliance with the UK Data Security and Protection Toolkit (DSPT), and ransomware prevention. | 中 | SU006 |
| CU011 | South Tees integrated Claroty xDome with Fortinet FortiNAC to provide switch and location information and automate network access control for medical devices. | 中 | SU006 |
| CU012 | Yale New Haven Health System, Connecticut's largest healthcare provider, deployed Claroty for enterprise-wide IoMT and IoT asset risk scoring, with a Cisco ISE network segmentation project underway as a subsequent expansion phase. | 中 | SU008 |
| CU013 | Yale New Haven Health System is Connecticut's largest healthcare provider and an internationally acclaimed industry thought leader in healthcare cybersecurity. | 中 | SU008 |
| CU014 | Britvic initially deployed Claroty CTD hybrid with Secure Remote Access (SRA) at UK manufacturing sites, then expanded to Claroty xDome and extended the deployment to new production sites in France and Brazil — a documented land-and-expand trajectory. | 中 | SU009 |
| CU015 | Coop Switzerland — one of Switzerland's largest retail and wholesale companies — deployed Claroty xDome across logistics, warehousing, and production sites, achieving 100% OT/ICS/IoT asset visibility and enforced granular network segmentation, with in-store retail rollout planned. | 中 | SU007 |
| CU016 | An unnamed major European airport serving more than 50 million passengers per year and cargo to over 100 countries deployed Claroty CTD, Secure Access, and EMC to secure cargo automation systems and building infrastructure, managing third-party vendor remote access. | 中 | SU010 |
| CU017 | Phlow Corp., a US pharmaceutical contract development and manufacturing organization (CDMO) with Virginia-based cGMP facilities, deployed Claroty xDome for real-time monitoring, microsegmentation, and visibility of research, manufacturing, and warehouse operations. | 中 | SU011 |
| CU018 | A global manufacturing conglomerate with diverse holdings deployed Claroty CTD with EMC management in AWS Cloud for OT ransomware protection, then began migrating new business units to Claroty xDome. | 中 | SU012 |
| CU019 | KLAS Research named Claroty a Top Performer for Healthcare IoT Security in the 2026 Best in KLAS Awards, with an overall score of 92.5 out of 100 based on evaluations from 35 unique healthcare organizations—more evaluators than any other vendor in the category. | 高 | SU003, SU026 |
| CU020 | Claroty was recognized as Best in KLAS for Healthcare IoT Security for five consecutive years from 2021 through 2025 before receiving the Top Performer designation in 2026. | 高 | SU003, SU021 |
| CU021 | Claroty is one of only 30 vendors included in the KLAS "Consistent High Performers 2025" report — a three-year rolling satisfaction metric — and the only healthcare IoT security vendor on the list, out of more than 1,000 healthcare IT products measured by KLAS. | 高 | SU003, SU026 |
| CU022 | A hospital CTO (December 2025, identity anonymized by KLAS) stated: "We would absolutely purchase Claroty's system again. Claroty consistently keeps their promises and goes above and beyond in their partnership with us." | 高 | SU003, SU026 |
| CU023 | A hospital manager (May 2025, identity anonymized by KLAS) described xDome as "our backbone when it comes to creating segmentation around medical devices… Claroty was the only answer for us, and they were stellar." | 高 | SU003, SU026 |
| CU024 | In May 2026, Claroty and Carahsoft Technology Corp. entered a public sector distribution partnership making Claroty's CPS protection platform available to US Federal, state, local, education, and healthcare agencies via Carahsoft's NASPO ValuePoint Master Agreement (#AR2472). | 高 | SU001, SU014 |
| CU025 | Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider serving Federal, SLED agencies with hundreds of contract vehicles and an extensive reseller partner network. | 中 | SU001, SU014 |
| CU026 | Through the Mission IT partnership, Claroty CTD achieved an Authority to Operate (ATO) at multiple US military missile defense control system sites under the Department of War (DoW). | 中 | SU002 |
| CU027 | Mission IT deployed Claroty CTD at a classified Intelligence Community (IC) Facility Related Control System (FRCS), enabling the agency to achieve ICD 503 and UFGS-25 05 11 ("Cybersecurity for Facility-Related Control Systems") compliance. | 中 | SU002 |
| CU028 | At a US military missile defense site, the Mission IT–led Claroty CTD deployment uncovered a device footprint several times larger than previously documented, surfacing a substantial set of unmapped and exploitable vulnerabilities. | 中 | SU002 |
| CU029 | Claroty's xCelerate Partner Program enables resellers, VARs, MSSPs, technology alliances, and distributors to sell, deploy, and support the Claroty platform, providing training, enablement, and market-reach expansion tools. | 中 | SU004 |
| CU030 | In April 2026 Claroty appointed John Ryan — formerly VP Worldwide Channel at Orca Security and Illumio — as Vice President of Worldwide Partner Ecosystem to scale the xCelerate partner go-to-market strategy. | 高 | SU004, SU028 |
| CU031 | G2 reviews (4.7/5 from 6 reviews, as of October 2024) note that "a significant amount of fine-tuning is required to deploy Claroty" and that "software bugs" can make incident handling cumbersome — flagging deployment friction as a customer risk. | 中 | SU013 |
| CU032 | G2 reviewers note that Claroty's initial setup "might be challenging" and that the platform "offers a lot of features, so to make it operational, it might require some expertise" — consistent with enterprise OT security requiring specialized skills. | 中 | SU013 |
| CU033 | A G2 reviewer described Claroty as needing "an expert team to install," which signals higher total cost of ownership for organizations lacking in-house OT security expertise. | 中 | SU013 |
| CU034 | Claroty does not publicly disclose Net Revenue Retention (NRR), Gross Revenue Retention (GRR), logo churn rate, or cohort retention data as of May 2026, precluding quantitative retention analysis for external investors. | 中 | |
| CU035 | Claroty's healthcare vertical demonstrates strong multi-layered retention signals: five years of KLAS Best in KLAS recognition, a KLAS Consistent High Performers 2025 three-year rolling inclusion, multi-module adoption in case studies, and explicit "would purchase again" customer quotes — providing qualitative confidence in healthcare ARR durability. | 中 | SU003, SU006, SU008 |
| CU036 | The Carahsoft distribution partnership (May 2026) and Mission IT defense/intelligence ATOs (December 2025) together represent a formalized US government acquisition channel that was not fully in place before 2025, constituting a new strategic growth vector for Claroty. | 中 | SU001, SU002 |
| CU037 | According to a 2025 study cited in the Carahsoft press release, 100% of Federal agencies surveyed launched new CPS security initiatives in the past year, but only 36% have achieved full asset visibility — signaling a large, demand-ready federal TAM for Claroty. | 中 | SU001 |
| CU038 | The Claroty US Government page reports that 97% of agencies report OT systems interface with enterprise IT networks — a universal IT/OT convergence driver for federal CPS security adoption. | 中 | SU015 |
| CU039 | Britvic's OT Technical Specialist, Sam Thomas, stated: "With xDome we managed to install the server and start getting data within 2 hours, and the data we got allowed us to act quickly on issues that we hadn't already noticed in our environment." | 中 | SU009 |
| CU040 | Coop Switzerland's Head of OT, Andreas W., stated: "Claroty has given us complete visibility about our OT and IoT environment. With xDome, we can identify risks, define appropriate measures, and monitor them." | 中 | SU007 |
| CU041 | Phlow Corp. CIO Juan Piacquadio stated that Claroty demonstrated "a forward-thinking approach to thought leadership" and was selected after a comprehensive market evaluation in which no other vendor matched Claroty's comprehensive coverage, visibility, and pharma OT expertise. | 中 | SU011 |
| CU042 | Claroty's public sector commercial page states 40+ partners in its ecosystem and 450+ XIoT protocols covered, supporting a wide breadth of OT/IoT device visibility across verticals. | 中 | SU022, SU023 |
| CU043 | Customer revenue concentration at the top-10 account level is unknown; Claroty's 24 Fortune 100 customers and named Global 500 accounts likely represent a disproportionate share of total ARR, creating potential concentration risk if a major account churns. | 低 | SU021, SU023 |
| CU044 | Claroty's public sector ATO pipeline size and Carahsoft reseller activation rate following the May 2026 partnership announcement are not yet publicly reported, creating uncertainty about the government vertical's near-term revenue contribution. | 中 | |
| CR001 | Claroty's OT sales cycles routinely span 9–18 months due to multi-stakeholder budget approval across IT, OT, and security teams, creating revenue recognition delays and quarterly unpredictability. | 中 | SR008, SR018 |
| CR002 | ServiceNow acquired Armis, a principal Claroty competitor in connected-device and OT security, for $7.75 billion in December 2024, embedding the competitor within a megavendor with deep enterprise relationships and cross-sell capabilities across ITSM accounts. | 高 | SR003, SR004 |
| CR003 | Mitsubishi Electric acquired Nozomi Networks for approximately $1 billion in September 2025, adding a second principal OT security specialist to an industrial conglomerate with existing control-systems and infrastructure footholds in manufacturing and utilities. | 高 | SR003, SR004 |
| CR004 | Market consolidation in the OT security sector—with Armis acquired by ServiceNow and Nozomi acquired by Mitsubishi—reduces the pool of independent specialist vendors and may deter late-stage growth investors from backing a standalone Claroty IPO at a premium multiple. | 中 | SR003, SR004 |
| CR005 | Claroty's post-Series-F valuation was reported by Calcalist and corroborated by SecurityWeek at approximately $3 billion as of May 2026, representing a reported 80% increase from the prior April 2024 market estimate of $2.5 billion. | 中 | SR003, SR009 |
| CR006 | Claroty raised approximately $885–900 million in cumulative venture and growth financing through the May 2026 Series F round, making it one of the most heavily capitalized independent OT security vendors. | 中 | SR002, SR003 |
| CR007 | OT security sales face structural friction because OT engineers and plant operators prioritize production uptime over security posture, extending evaluation timelines, increasing deal-close cost, and forcing Claroty to invest in operational-risk-framing rather than pure security ROI arguments. | 中 | SR008, SR018 |
| CR008 | Platform-bundling pressure from megavendors (Cisco, Palo Alto Networks, and now ServiceNow via Armis) is compressing the independent OT-specialist segment, increasing competitive displacement risk in accounts where Claroty does not already hold a preferred-vendor position. | 中 | SR004, SR025 |
| CR009 | Claroty patched a critical authentication-bypass vulnerability in its Continuous Threat Detection product that, if exploited pre-patch, would have allowed unauthenticated administrative access to customer OT network visibility data. | 中 | SR007 |
| CR010 | Team82's regular publication of third-party OT/ICS vulnerability disclosures creates an adversarial information advantage: nation-state and criminal actors monitor CVE publications to identify exploitable windows before customers can apply patches, particularly in legacy brownfield environments. | 中 | SR001, SR019 |
| CR011 | As of May 2026, CISA's Known Exploited Vulnerabilities catalog listed 1,592 actively exploited vulnerabilities, illustrating the persistent and widening gap between disclosed OT/IT vulnerabilities and practical customer remediation timelines. | 高 | SR020, SR005 |
| CR012 | Ransomware groups have demonstrated sustained interest in OT environments with successful incidents documented across manufacturing, utilities, and healthcare—all three of Claroty's primary verticals—increasing the probability of a high-profile customer breach that could implicate Claroty's platform. | 中 | SR023, SR024 |
| CR013 | A ransomware incident or operational disruption in a major Claroty customer environment could trigger contract terminations, litigation, and reputational damage disproportionate to the technical root cause, particularly if Claroty's platform was perceived to have failed to detect or prevent the incident. | 低 | SR007, SR008 |
| CR014 | Claroty's platform occupies a privileged network visibility position inside critical-infrastructure OT environments; as a result, a supply-chain attack targeting Claroty's own software components would represent a high-value target for sophisticated nation-state adversaries. | 中 | SR010, SR019 |
| CR015 | Claroty's professional-services team is required for complex brownfield OT deployments; scaling deployment velocity in large, multi-site industrial environments is an operational constraint that limits ARR growth velocity and increases cost-to-serve. | 中 | SR016, SR018 |
| CR016 | The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022 requires covered critical-infrastructure entities to report cyber incidents within 72 hours and ransomware payments within 24 hours; as of May 2026, CISA's proposed rulemaking was pending final promulgation, with town halls having been postponed. | 高 | SR022, SR005 |
| CR017 | NERC CIP standards require US electric-sector entities to maintain OT asset inventory, network segmentation, and patch-management controls—obligations that create a recurring regulatory demand floor for Claroty's core asset-visibility capabilities in the energy vertical. | 高 | SR012, SR011 |
| CR018 | The EU NIS2 Directive, which took effect in October 2024, imposes incident-reporting, supply-chain-risk-management, and board-accountability obligations on essential entities—creating both demand for Claroty deployments in Europe and scrutiny of Claroty itself as a software supply-chain component for regulated operators. | 中 | SR029, SR030 |
| CR019 | NIST SP 800-82 Rev. 3, published in 2023, establishes detailed ICS security guidance that CISA references in its Cross-Sector Cybersecurity Performance Goals; rising federal and sector-regulator citation of these controls elevates compliance expectations for asset owners and shifts RFP evaluation criteria toward NIST-aligned OT security capabilities. | 高 | SR011, SR006 |
| CR020 | HHS HIPAA Security Rule and the 2023 Healthcare Sector Cybersecurity concept paper reinforce mandatory OT and connected-device security controls for healthcare providers, supporting Claroty's healthcare vertical growth while imposing compliance overhead that can slow procurement and require platform certification evidence. | 中 | SR014, SR013 |
| CR021 | CIRCIA's proposed rulemaking is expected to expand covered-entity scope significantly beyond the current statutory minimum; compliance burden associated with implementing 72-hour reporting capabilities could divert customer security budgets from discretionary platform spending toward mandatory reporting infrastructure. | 中 | SR022, SR005 |
| CR022 | The Export Administration Regulations (EAR) administered by BIS classify dual-use technology for export control purposes and could affect Israeli-origin cybersecurity software that interfaces with critical-infrastructure protection systems in jurisdictions subject to license requirements. | 中 | SR027, SR015 |
| CR023 | SEC Form D filings confirm that Claroty's early fund vehicles—Team8-Claroty II LP and Team8-Claroty LP—are registered with Tel Aviv, Israel (country code L3) as the issuer domicile, establishing Israeli legal presence material to export-control, procurement, and geopolitical risk analysis. | 中 | SR015 |
| CR024 | Israeli-origin technology vendors face formal or informal procurement restrictions in sovereign government markets across the Middle East, portions of Asia, and some emerging markets, limiting Claroty's addressable government segment in geographically strategic regions. | 中 | SR027, SR029 |
| CR025 | Military escalation, civil disruption, or talent-availability shocks in Israel could impair Claroty's R&D continuity, particularly for the Israel-based Team82 research unit that generates a significant share of the company's differentiated OT vulnerability intelligence. | 低 | SR001, SR027 |
| CR026 | Claroty's private-company status prevents independent verification of revenue concentration, burn trajectory, IPO readiness, or the existence of material litigation—conditions that substantially increase the diligence burden for prospective investors and acquirers relative to publicly traded peers. | 中 | SR003, SR009 |
| CR027 | CEO Yaniv Vardi publicly stated that Claroty could pursue an IPO as early as 2027 if market conditions align, establishing an execution risk window that depends heavily on macro factors outside the company's direct control, including interest rates and public-market appetite for cybersecurity SaaS. | 中 | SR003, SR004 |
| CR028 | An 80% increase applied to the April 2024 baseline of $2.5 billion would yield a valuation of approximately $4.5 billion, not the $3 billion reported post-Series-F—suggesting either that prior market estimates were based on a lower baseline, that the 80% figure was applied to a subset, or that conflicting sources are using different valuation reference dates. | 中 | SR003 |
| CR029 | Public-market conditions for cybersecurity SaaS and infrastructure software remained uncertain heading into 2026–2027, with elevated interest rates and risk-off sentiment creating headwinds for high-multiple private-company IPOs and compressing achievable exit valuations. | 中 | SR028, SR030 |
| CR030 | Claroty's concentration of co-founder equity and institutional trust in a small executive team creates key-person risk that could impair investor confidence, customer continuity assurance, and product roadmap execution if unplanned departures occurred ahead of the 2027 IPO window. | 中 | SR003, SR009 |
| CR031 | Claroty appointed new CPO and CSO leadership in 2025, indicating an intentional pre-IPO team-strengthening initiative but also highlighting prior gaps in those critical roles that could affect customer confidence in product direction and security governance. | 中 | SR002 |
| CR032 | Cybersecurity firms collectively raised approximately $9.5 billion in aggregate in 2025 per market data, indicating strong investor appetite for the sector but also elevating competitive pressure on IPO valuations and underwriter expectations for pre-IPO revenue metrics. | 中 | SR003, SR028 |
| CR033 | The combination of undisclosed revenue concentration, an unverified IPO timeline, and Israeli geopolitical risk creates a higher-than-average diligence burden for prospective investors compared to US-domiciled, publicly traded cybersecurity peers with accessible financial disclosures. | 中 | SR026, SR009 |
| CR034 | Claroty's US public-sector revenue depends materially on its Carahsoft distribution relationship for federal and SLED market access; a contract dispute or modification to Carahsoft's GSA schedule would create an ARR air pocket in the government vertical without advance public-market warning. | 中 | SR017, SR025 |
| CR035 | Carahsoft Technology serves as Claroty's primary US government distribution partner, enabling access to GSA schedule pricing and DOD-adjacent agency procurement vehicles—a single-counterparty concentration that is undisclosed in detail but is consistent with Carahsoft's documented role across the government cybersecurity vendor ecosystem. | 中 | SR017, SR006 |
| CR036 | Claroty's alliance with Rockwell Automation creates co-sell opportunities in the manufacturing vertical but is non-exclusive; Rockwell's development of competing security capabilities or acquisition of a rival OT security vendor could redirect partner investment and reduce Claroty's manufacturing segment exposure. | 中 | SR025, SR008 |
| CR037 | Claroty relies on regional distributors in APAC and EMEA for market development; inadequate distributor investment in Claroty-specific technical enablement could stall pipeline in high-growth markets where Claroty does not have a direct sales presence. | 低 | SR017, SR025 |
| CR038 | As platform megavendors develop native OT security capabilities and push them through their own large channel ecosystems, Claroty's channel partners face incentive pressure from those vendors to reduce Claroty-specific investment, increasing the risk of partner churn in competitive accounts. | 中 | SR004, SR008 |
| CR039 | Claroty has disclosed approximately 1,000 enterprise deployments but has not disclosed revenue concentration at the top-10 customer level; a single large government or industrial conglomerate contract loss could represent a disproportionate ARR event that is not foreseeable from public information. | 中 | SR003, SR009 |
| CR040 | Channel conflict risk increases as megavendors offer broader product portfolios with built-in OT security capabilities, reducing the standalone addressable value proposition for specialist resellers and MSSPs that currently promote Claroty as a differentiated best-of-breed solution. | 中 | SR004, SR030 |
| CR041 | CISA's Automated Indicator Sharing program and broader OT/ICS advisory ecosystem create a bilateral relationship between Claroty and the US government that is both a commercial opportunity (government credibility) and a compliance dependency (policy obligations that could affect platform design or data handling requirements). | 中 | SR021, SR005 |
| CR042 | Legacy ICS and OT environments frequently use outdated operating systems and lack encryption or authentication capabilities, making them unable to receive software patches for known vulnerabilities—a structural limitation that constrains the scope of protection Claroty's platform can provide in brownfield deployments. | 高 | SR006, SR011 |
| CV001 | Claroty closed a $140 million Series D in June 2021 led by Bessemer Venture Partners and 40 North. | 中 | SV013, SV023 |
| CV002 | At the Series D close, Claroty said total capital reached approximately $235 million and first-half 2021 ARR grew 133% year over year. | 中 | SV013 |
| CV003 | Claroty announced a $100 million strategic growth financing on March 6, 2024 led by Delta-v Capital with participation from AB Private Credit Investors, Standard Investments, Toshiba Digital Solutions, SE Ventures, Rockwell Automation, and SVB. | 高 | SV014, SV025, SV026, SV001 |
| CV004 | The March 2024 financing announcement said cumulative capital raised had reached $635 million. | 高 | SV014, SV025, SV001 |
| CV005 | Claroty disclosed that ARR surpassed $100 million in 2023 and that the company served 20% of the Fortune 100 by March 2024. | 高 | SV014, SV001, SV003 |
| CV006 | Claroty announced a $150 million Series F on January 22, 2026 led by Golub Growth. | 高 | SV015, SV016, SV011, SV002, SV004 |
| CV007 | Coverage of the Series F indicated that existing investors could contribute up to another $50 million and that cumulative disclosed funding rose to roughly $885 million to $900 million. | 高 | SV015, SV016, SV017, SV011 |
| CV008 | Claroty confirmed that its valuation had increased 80% since the March 2024 round but did not disclose an absolute Series F valuation. | 高 | SV015, SV016, SV017 |
| CV009 | Reuters and CRN reported that CEO Yaniv Vardi said Claroty could pursue an IPO as early as 2027 if market conditions allow. | 高 | SV011, SV017, SV008 |
| CV010 | Golub Growth presents itself as a late-stage growth investor, so its lead role in Series F is a pre-IPO signal rather than an early-stage venture signal. | 中 | SV021, SV015 |
| CV011 | Independent 2026 coverage placed the Series F valuation around $3 billion, but Claroty itself did not confirm that absolute figure. | 中 | SV012, SV016, SV017 |
| CV012 | An 80% increase from the previously reported $2.5 billion 2024 mark implies about $4.5 billion, not $3 billion, so the public valuation math is inconsistent. | 中 | SV016, SV017, SV011, SV012 |
| CV013 | Because BankInfoSecurity framed Claroty as eyeing a $3.5 billion IPO valuation in 2024, a 2026 mark near $3 billion suggests stalled appreciation rather than steady compounding. | 中 | SV008, SV012 |
| CV014 | With roughly $885 million to $900 million raised across multiple preferred rounds, Claroty likely carries a meaningful liquidation-preference stack ahead of common equity. | 中 | SV013, SV014, SV015, SV017 |
| CV015 | AllianceBernstein private credit participation in the 2024 financing suggests Claroty's capital structure may include senior or structured instruments that alter waterfall outcomes. | 中 | SV014, SV025 |
| CV016 | Claroty has not publicly refreshed ARR for 2024 through 2026, leaving the >$100 million 2023 milestone as the last company-confirmed revenue anchor. | 中 | SV014, SV015, SV003 |
| CV017 | Using a working $120 million ARR assumption for 2026, a $3.0 billion valuation implies roughly a 25x ARR multiple. | 中 | SV003, SV011, SV012 |
| CV018 | Using the same $120 million ARR base, the $4.5 billion valuation implied by the 80% uplift math equates to roughly a 37.5x ARR multiple. | 中 | SV011, SV016, SV012 |
| CV019 | MarketsandMarkets projected the OT security market to reach about $50.29 billion by 2030 at a 16.5% CAGR. | 中 | SV018 |
| CV020 | Gartner named Claroty a Leader in the 2025 Magic Quadrant for CPS Protection Platforms. | 中 | SV019 |
| CV021 | Forrester also named Claroty a Leader in its 2025 Wave for IoT Security Solutions. | 中 | SV020 |
| CV022 | By early 2026 public sources described Claroty as having more than 1,000 customers and 24 Fortune 100 customers, indicating real enterprise scale even though current ARR is undisclosed. | 高 | SV003, SV015, SV016 |
| CV023 | BankInfoSecurity's healthcare-IoT coverage indicates Claroty retained strong healthcare credibility in 2026, supporting a broader cyber-physical positioning than a pure industrial-only vendor. | 中 | SV007 |
| CV024 | ServiceNow agreed to acquire Armis for $7.75 billion, and the price was confirmed by SecurityWeek, Armis, and ServiceNow. | 高 | SV010, SV029, SV030 |
| CV025 | SecurityWeek reported that Mitsubishi Electric agreed to acquire Nozomi Networks for roughly $1 billion, creating a lower-end pure-play OT exit reference. | 中 | SV028, SV027 |
| CV026 | Armis should be treated as an upper-bound comparable because its scope spans IT, OT, IoT, cloud, and cyber-physical risk rather than only OT security. | 中 | SV010, SV029, SV030 |
| CV027 | Nozomi's roughly $1 billion sale understates Claroty's breadth because Claroty also sells into healthcare, commercial, and public-sector cyber-physical environments. | 中 | SV028, SV015, SV023 |
| CV028 | Tenable reported FY2025 revenue of $999.4 million, up from $900.0 million in FY2024. | 高 | SV009, SV031, SV032 |
| CV029 | Tenable reported more than 40,000 customers and about 65% of the Fortune 500 at December 31, 2025, far above Claroty's customer scale. | 高 | SV009, SV031 |
| CV030 | Tenable's approximately $4.1 billion market value at June 30, 2025 implies roughly a 4x revenue multiple on FY2025 revenue, offering a mature public-comp floor for cyber exposure platforms. | 中 | SV009 |
| CV031 | Public evidence supports a valuation band rather than a single price, with roughly $2 billion to $3 billion defensible if ARR remains only modestly above $100 million and materially more requiring better revenue proof. | 中 | SV011, SV016, SV017, SV009 |
| CV032 | A bull case requires Claroty to reach roughly $180 million to $200 million ARR by 2027 and sustain a premium cybersecurity multiple into an IPO or strategic exit. | 低 | SV018, SV024, SV021 |
| CV033 | A base case assumes Claroty reaches roughly $150 million to $160 million ARR by 2027 and exits at $4 billion to $5 billion. | 中 | SV018, SV011, SV009 |
| CV034 | A bear case assumes Claroty exits at $2 billion to $3 billion because ARR stays near $120 million and the cybersecurity IPO window remains weak. | 中 | SV008, SV011, SV017, SV009 |
| CV035 | The most supportable exit routes are IPO, sale to a broader platform vendor, or a downside strategic sale at a Nozomi-like price because Series F arrived amid OT security consolidation. | 中 | SV011, SV016, SV017, SV027, SV028 |
| CV036 | Because Claroty never publicly confirmed the absolute Series F valuation, investors should treat the reported $3 billion figure as a diligence starting point rather than a verified clearing price. | 中 | SV015, SV012, SV016 |
| CV037 | The absence of refreshed ARR, margin, retention, and cash-burn disclosure is the main reason the recommendation remains conditional despite strong category and product signals. | 中 | SV014, SV015, SV017 |
| CV038 | Key thesis-break triggers are a down round below $2.5 billion, ARR still near $100 million in 2026 or 2027, loss of IPO readiness, or a preference stack that erases common-equity upside at a $3 billion to $4 billion exit. | 中 | SV008, SV011, SV017, SV024 |
| CV039 | The highest-priority diligence asks are the cap table and liquidation waterfall, current ARR and growth, gross margin and NRR, structured-credit terms, and the board-approved IPO plan. | 中 | SV014, SV015, SV017, SV024 |
| CV040 | Repeated BankInfoSecurity coverage indicates Claroty remains a category-visible name in cyber-physical security media even when some archive links redirect. | 低 | SV005, SV006, SV007 |
| CV041 | The recommendation logic is conditional accumulation rather than immediate conviction because market tailwind and product proof are strong, but valuation opacity and preference uncertainty cap confidence. | 中 | SV018, SV019, SV020, SV015, SV017 |
| CV042 | At a $120 million ARR base, sensitivity rises from roughly 21x at $2.5 billion to roughly 65x at the $7.75 billion Armis reference, showing how quickly implied multiples expand. | 中 | SV012, SV010, SV029, SV030, SV003 |
| CV043 | Return asymmetry is unattractive at a $3 billion entry if Claroty exits like Nozomi, but attractive if it reaches an IPO or strategic outcome closer to $6 billion to $8 billion. | 中 | SV028, SV010, SV029, SV030, SV011 |
| CV044 | The KPI view mixes strong scale signals like capital raised, customer count, and analyst recognition with unresolved ARR freshness and valuation-verification gaps. | 中 | SV015, SV018, SV019, SV020, SV009 |
| CV045 | Claroty has added roughly $650 million of disclosed capital since the 2021 Series D, increasing the odds that preferred claims compress common-equity upside if exit value lands near the current reported mark. | 中 | SV013, SV014, SV015, SV017 |
| CV046 | The combination of more than 1,000 customers, 24 Fortune 100 logos, and late-stage financing suggests Claroty is operationally exit-ready but not yet public-markets disclosure-ready. | 中 | SV015, SV016, SV003, SV011 |
| 编号 | 出版方 | 标题 | 引文 |
|---|---|---|---|
| SO001 | Claroty | Company — Claroty | Claroty is the cyber-physical systems (CPS) protection company. Its mission is to safeguard mission-critical infrastructure. |
| SO002 | Claroty | Leadership — Claroty | |
| SO003 | Claroty | Claroty Secures $100 Million in Strategic Growth Financing | Claroty surpassed $100 million in ARR in 2023, works with over 20 percent of the Fortune 100, and has grown its customer base by 300 percent since 2020. |
| SO004 | Claroty | Claroty Secures $140 Million Financial Round | Claroty closed a $140 million Series D bringing total funding to $235 million. |
| SO005 | Claroty | Newsroom — Claroty | |
| SO006 | Claroty | The Claroty Platform | Claroty named a Leader in the 2026 Gartner Magic Quadrant for CPS Protection Platforms for the second consecutive year. |
| SO007 | Claroty | Partners — Claroty xCelerate Program | Claroty has received the Best in KLAS award for Healthcare IoT Security for five consecutive years (2021–2025) with a score of 95.4 out of 100. |
| SO008 | Claroty | Claroty Celebrates Ten Years of Industry-Leading Protection | Claroty has over 1,000 customers including GM, BHP, Yale New Haven Health, and 24 Fortune 100 companies; over 700 employees in 27 countries; and ARR surpassing $100M in 2023. |
| SO009 | Claroty | Claroty Names Dave DeWalt as Board Chairman | Dave DeWalt has assumed the position of Board Chairman; he brings more than 20 years of cyber experience and led the Intel acquisition of McAfee for $7.7 billion. |
| SO010 | Claroty | Claroty Bolsters Leadership Team with CPO and CSO Appointments | Yoram Gronich appointed as CPO; Grant Geyer moves to Chief Strategy Officer; Gronich previously at Tufin, Symantec, and Check Point. |
| SO011 | Claroty | Claroty Team82 Research | |
| SO012 | Claroty | Claroty Blog | |
| SO013 | SecurityWeek | Claroty Raises $150 Million in Series F Funding | While Claroty has confirmed an 80% increase in its valuation since March 2024, the $3 billion estimates are mathematically inconsistent with the previously reported $2.5 billion baseline. Claroty did not immediately respond to a request for comment regarding its current valuation. |
| SO014 | SecurityWeek | SecurityWeek — Claroty coverage archive | |
| SO015 | Team8 | Team8 Portfolio — Claroty | |
| SO016 | Golub Growth | Golub Growth — Claroty | |
| SO017 | CRN | Claroty Raises $150M In New Funding Amid Acquisitions Of Rivals | With the new round, Claroty has raised at least $885 million in total funding since its launch in 2015. CEO Yaniv Vardi said the company could pursue an IPO as early as 2027. |
| SO018 | Forbes | Claroty — Forbes Company Profile | Claroty was founded in 2015 by Galina Antova, Amir Zilberstein, and Benny Porat; has raised over $700 million; and has 1,000+ customers. |
| SO019 | Forbes | Forbes Cloud 100 List | |
| SO020 | SecurityBrief Australia | Claroty Raises USD $150M to Boost CPS Cyber Security | Claroty reported customer growth over the past year and said it now works with 24 Fortune 100 organisations and an 80% increase in valuation since its previous financing round in March 2024. |
| SO021 | NightDragon | NightDragon Portfolio — Claroty | |
| SO022 | Google News | Google News RSS — Claroty cybersecurity 2026 valuation IPO | |
| SO023 | Google News | Google News RSS — Claroty IPO 2026 OT security | |
| SO024 | Dark Reading | Dark Reading — ICS/OT Security Coverage | |
| SO025 | Bessemer Venture Partners | BVP Companies Portfolio | |
| SM001 | MarketsandMarkets | Operational Technology (OT) Security Market by Solutions, Services, Deployment, Organization Size, Vertical — Global Forecast to 2030 | The operational technology (OT) security market is projected to reach USD 50.29 billion by 2030 at a CAGR of 16.5% during the forecast period. |
| SM002 | CISA | Critical Infrastructure Security and Resilience | |
| SM003 | CISA | Industrial Control Systems (ICS) — CISA Resources and Guidance | Many ICS environments operate with existing legacy technologies and proprietary protocols due to their original design priorities, which focused on operability and reliability rather than cybersecurity. |
| SM004 | CISA | Cross-Sector Cybersecurity Performance Goals (CPGs) | |
| SM005 | NIST | NIST SP 800-82 Rev. 3: Guide to Operational Technology (OT) Security | |
| SM006 | International Society of Automation (ISA) | ISA/IEC 62443 Series of Standards — Industrial Automation Cybersecurity | The ISA/IEC 62443 series of standards are endorsed by the United Nations. With use cases from more than 20 different industries, the ISA/IEC 62443 series of standards have demonstrated their utility in all industry verticals that use operational technology. |
| SM007 | NERC | NERC CIP Standards — Critical Infrastructure Protection | |
| SM008 | WaterISAC | WaterISAC — Water Information Sharing and Analysis Center | |
| SM009 | HHS | HIPAA Security Rule Cybersecurity Guidance | |
| SM010 | Industrial Cyber | SANS 2026 Report Flags Cybersecurity Skills Crisis Putting Critical Infrastructure and OT Sectors at Measurable Breach Risk | About 60% of organizations say their teams lack the right skills, while regulatory pressure on hiring has surged from 40% to 95% in just a year. At the same time, 27% of organizations report breaches directly linked to these capability gaps. |
| SM011 | Industrial Cyber | Claroty OT Security Vendor Coverage — Industrial Cyber | |
| SM012 | Industrial Cyber | Industrial Cyber Reports — OT/ICS Cybersecurity | |
| SM013 | Gartner | Gartner Names Claroty a Leader in the Magic Quadrant for CPS Protection Platforms | |
| SM014 | Forrester Research | Claroty Is A Leader In The Forrester Wave: IoT Security Solutions, Q3 2025 | |
| SM015 | Claroty | Claroty Resources and Reports | |
| SM016 | Claroty | State of CPS Security Report | |
| SM017 | Dark Reading | OT/ICS Attacks Doubled — Dark Reading ICS/OT Security Coverage | |
| SM018 | Dark Reading | ICS/OT Security Emphasizes AI and Zero Trust — Dark Reading | |
| SM019 | Google News RSS | OT ICS Security Market Size 2026 — Google News Aggregation | |
| SM020 | Google News RSS | ICS OT Cybersecurity Regulation Compliance 2026 — Google News Aggregation | |
| SM021 | Google News RSS | Critical Infrastructure Cyberattack OT ICS 2026 — Google News Aggregation | |
| SM022 | SecurityWeek | ICS/SCADA Security Coverage — SecurityWeek | |
| SM023 | Claroty | Claroty White Papers and Technical Resources | |
| SM024 | Industrial Cyber | Critical Infrastructure OT Security Coverage — Industrial Cyber | |
| SM025 | NERC | NERC Critical Infrastructure Protection Program | |
| SP001 | Dragos | Dragos Platform — OT Cybersecurity Platform Overview | Dragos Named a Leader in the 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms for the second consecutive year. |
| SP002 | Dragos | About Dragos — Mission, History, and Platform | We make the industry's most intelligent and intuitive cybersecurity platform for Operational Technology (OT). Customers gain visibility, monitoring, and threat management for the OT, IT, and IoT assets within industrial environments. |
| SP003 | Nozomi Networks | Nozomi Networks Platform — AI-Powered OT and IoT Visibility and Security | Purpose-built for complex industrial, commercial and critical infrastructure environments, the Nozomi Networks platform combines visibility from the endpoint to the air with continuous monitoring and AI-powered analysis. |
| SP004 | Nozomi Networks | Nozomi Networks Company Overview — Scale, Partners, and Mission | 115M+ OT, IoT and IT Devices Monitored. 12K+ Installations Worldwide. 100% Customer Retention. |
| SP005 | Armis | Armis Centrix Platform — Cyber Exposure Management | |
| SP006 | Armis | About Armis — Mission, Customer Base, and Recognition | Armis secures a globally diverse customer base across an expansive range of industries and sectors... Our customers include trusted global brands such as Colgate-Palmolive, United Airlines, Allegro MicroSystems, Takeda Pharmaceuticals, Mondelēz International, DocuSign. |
| SP007 | Tenable | Tenable One OT Exposure — OT and IT Unified Security Platform | Stop reacting to fragmented alerts and start managing OT security across your entire cyber-physical ecosystem. Unify your digital and physical attack surface with Tenable One OT Exposure. |
| SP008 | Cisco | Cisco Industrial Threat Defense — OT and ICS Security | From OT visibility to adaptive segmentation to zero-trust remote access, get a comprehensive platform that unifies IT and OT cybersecurity and makes it simple to protect operations at scale. |
| SP009 | Verve Industrial / Rockwell Automation | SecureOT Platform — OT Industrial Cybersecurity Solution Suite | SecureOT™ solution suite is Rockwell Automation's comprehensive industrial cybersecurity offering, bringing together managed and professional services with our OT-specific risk and vulnerability management platform (formerly known as the Verve Security Center). |
| SP010 | Radiflow | Radiflow — OT Security Platform and Global Footprint | Radiflow is now at 20,000 sites globally, focusing on securing operational technology (OT) and industrial environments, especially in sectors where cyber incidents can disrupt critical operations. |
| SP011 | Palo Alto Networks | Palo Alto Networks Industrial OT Security — Protect Uptime and OT Resilience | By leveraging Palo Alto Networks Industrial OT Security, we're able to get a very accurate and up-to-date real-time inventory of all of our assets on the floor and manage the risk of each device. |
| SP012 | Industrial Cyber | Dragos 2026 OT Cybersecurity Year in Review — Escalation, Ransomware, and Threat Groups | Ransomware remained the most consequential threat to industrial organizations in 2025, with activity rising 64% year over year. Dragos tracked 119 ransomware groups targeting industrial entities, up from 80 in 2024. |
| SP013 | Industrial Cyber | Armis Research: OT and IoT Security Challenges — Singapore and Global Context | |
| SP014 | Google News | Google News RSS — Claroty Dragos Nozomi OT Security Comparison 2026 | |
| SP015 | Google News | Google News RSS — Dragos OT Security Funding Valuation 2026 | |
| SP016 | Google News | Google News RSS — Nozomi Networks OT Security Funding 2026 | |
| SP017 | Google News | Google News RSS — Armis Cybersecurity Funding Valuation 2026 | |
| SP018 | Gartner | Gartner Magic Quadrant for CPS Protection Platforms — December 2025 Press Release | |
| SP019 | Forrester | Forrester Wave IoT Security Solutions Q3 2025 — Claroty Leader Designation | |
| SP020 | SecurityWeek | SecurityWeek — OT Security Market Coverage Tag | |
| SP021 | Industrial Cyber | Nozomi Networks Vendor Coverage — Industrial Cyber | |
| SP022 | BankInfoSecurity | Claroty, Nozomi, Armis Top Cyber-Physical Security Rankings | |
| SP023 | Dragos | Dragos OT-CERT and Community Defense Program | |
| SP024 | Palo Alto Networks | Palo Alto Networks — What is OT Security | |
| SP025 | Cisco | Cisco Cyber Vision — Network-Native OT Visibility | |
| SI001 | Claroty | Claroty Secures $150 Million in Series F Funding to Lead Charge on Securing the World's Mission Critical Infrastructure | |
| SI002 | U.S. Securities and Exchange Commission | Form D — Team8 - Claroty II, L.P. (CIK 0001903605) | |
| SI003 | U.S. Securities and Exchange Commission | Form D — Marker-Claroty Series E LP (CIK 0001908673) | |
| SI004 | Standard Industries | Claroty Secures $100 Million in Strategic Growth Financing | |
| SI005 | U.S. Securities and Exchange Commission | Form D — Team8 - Claroty, L.P. (CIK 0001754014) | |
| SI006 | CB Insights | Claroty — Financials, Funding & Investors | |
| SI007 | U.S. Securities and Exchange Commission — EDGAR Full-Text Search | EDGAR Form D Filings Matching "Claroty" | |
| SI008 | CB Insights | Claroty — Company Profile | |
| SI009 | Rockwell Automation | Claroty Secures $100 Million in Strategic Growth Financing (Rockwell press release) | |
| SI010 | Rockwell Automation | Claroty Secures $100 Million in Strategic Growth Financing | |
| SI011 | SecurityWeek | Claroty Raises $150 Million in Series F Funding | |
| SI012 | Claroty | Claroty Secures $100 Million in Strategic Growth Financing | |
| SI013 | Claroty | Claroty Secures $140 Million Financial Round, Establishing Leadership Position in Hyper-Growth Industrial Cybersecurity Market | |
| SI014 | Golub Growth | Claroty — Golub Growth Portfolio | |
| SI015 | CRN | Claroty Raises $150M In New Funding Amid Acquisitions Of Rivals | |
| SI016 | Forbes | Claroty — Forbes Company Profile | |
| SI017 | SecurityBrief | Claroty raises USD $150M to boost CPS cyber security | |
| SI018 | Team8 | Claroty — Team8 Portfolio | |
| SI019 | Bessemer Venture Partners | Claroty — BVP Companies | |
| SI020 | BankInfoSecurity / ISMG | Claroty, Nozomi, Armis Top Cyber-Physical Security Rankings | |
| SI021 | MarketsandMarkets | Operational Technology (OT) Security Market Report | |
| SI022 | Claroty | Claroty Celebrates Ten Years of Industry-Leading Protection | |
| SI023 | NightDragon | Claroty — NightDragon Portfolio | |
| SI024 | Claroty | Claroty — Series E press release (March 2024) | |
| SI025 | Claroty | Claroty Platform — Product Overview | |
| SI026 | IndustrialCyber | Claroty Vendor News and Coverage | |
| SE001 | Claroty | The Claroty Platform — Product Overview | Claroty xDome is a cloud-native modular platform that protects CPS environments against cyber threats. |
| SE002 | Claroty | Industrial Cybersecurity Solutions — Claroty | 450+ Protocols Covered. Our industry-leading visibility is fueled by unmatched coverage of over 450 CPS protocols. |
| SE003 | Claroty | Healthcare Cybersecurity Solutions — Claroty | Claroty xDome extends existing security infrastructure by integrating into existing security solutions such as SIEMs, vulnerability management tools, and EDR solutions. |
| SE004 | Claroty | Public Sector Cybersecurity Solutions — Claroty | |
| SE005 | Claroty | Commercial Cybersecurity Solutions — Claroty | The integration with Rockwell Automation allows Rockwell customers to leverage Claroty's expertise with vulnerabilities, risks, and threat intelligence. |
| SE006 | Claroty | Claroty Releases New AI-Powered CPS Library — Press Release | 88% of CPS assets currently do not transmit an exact product code, and 76% transmit product names that differ from the vendor's official record. |
| SE007 | Claroty | Team82 — The Claroty Research Team | Team82 aligns with defenders of industrial, healthcare, and commercial networks, and provides indispensable threat and vulnerability research. |
| SE008 | Claroty (GitHub) | Claroty GitHub Organization — Open-Source Research Tools | 145 followers; tools include Arya, EtherNet/IP Stack Detector, OPC UA Fuzzer, OPC UA Exploit Framework, MMS Stack Detector, netunnel. |
| SE009 | Industrial Cyber | Claroty Edge Platform Boosts Industrial Cybersecurity Across OT, IoT, IIoT Assets | SRA is fully integrated with CTD and supports a zero-trust architecture for industrial networks, providing compensating controls for unpatched or otherwise unsecured assets. |
| SE010 | Industrial Cyber | Claroty Reports 82% of CPS Attacks Used Remote Access Protocols | 82% of attacks leveraged remote access protocols to reach internet-facing assets, and 66% involved the compromise of HMIs and SCADA systems. |
| SE011 | Help Net Security | Claroty Archives — Help Net Security | Claroty has revealed new Visibility Orchestration capabilities in its SaaS offering Claroty xDome, transforming visibility from a vague concept into a quantifiable measurement. |
| SE012 | SecurityBrief UK | Claroty Named Leader in 2026 Gartner CPS Security Report | Claroty reported a score of 4.9 out of 5, based on 119 ratings submitted in the last 12 months, along with a 97% Would Recommend score as of 3 March 2026. |
| SE013 | SecurityBrief UK | Claroty xDome Adds Orchestration to Fix Visibility Gaps | With high-quality, AI-enriched data that's turned into clear, prioritised actions that security and operations teams can confidently execute, Claroty xDome helps teams move beyond simple measurement to active orchestration. |
| SE014 | Industrial Cyber | Claroty Adds AFL Fuzzer Infrastructure into OpENer EtherNet/IP Stack | Claroty had detected five vulnerabilities in the OpENer EtherNet/IP stack that depending on the architecture of the targeted device could lead to denial-of-service conditions, memory leaks from the stack, and remote code execution. |
| SE015 | Dark Reading | Claroty Patches Critical Authentication Bypass Flaw (SRA) | Claroty Patches Critical Authentication Bypass Flaw |
| SE016 | BankInfoSecurity | Claroty, Nozomi, Armis Top Cyber-Physical Security Rankings | |
| SE017 | Forrester | Claroty Is a Leader in The Forrester Wave IoT Security Solutions Q3 2025 | |
| SE018 | Gartner | Gartner Names Claroty a Leader in the Magic Quadrant for CPS Protection Platforms (2025) | |
| SE019 | CISA | Industrial Control Systems (ICS) — CISA Resources and Guidance | |
| SE020 | CISA | ICS Advisory ICSA-26-078-01 — Schneider Electric Modicon (Team82 disclosure) | ICS Advisory ICSA-26-078-01: Schneider Electric Modicon M241, M251, M262 — March 19, 2026 |
| SE021 | Industrial Cyber | Claroty Vendor Coverage — Industrial Cyber | |
| SE022 | SecurityWeek | SecurityWeek — Claroty Coverage Archive | |
| SE023 | Claroty | Claroty Blog — Technical Content and Resources | |
| SE024 | Claroty | Claroty Newsroom — Recent Announcements | Claroty Releases New AI-Powered CPS Library, Setting Revolutionary New Standards for Asset Visibility and Vulnerability Attribution |
| SE025 | Rockwell Automation | Rockwell Automation — Claroty Strategic Growth Financing Press Release | Cybersecurity is becoming even more complex in an increasingly interconnected world and is intertwined with smart manufacturing priorities that demand precise device identification. |
| SU001 | Claroty | Claroty and Carahsoft Partner to Bring OT Systems Security to SLED Agencies and the Broader U.S. Public Sector | "This partnership establishes a seamless path for organizations to protect the mission-critical infrastructure on which the safety, security and well-being of our society depends." |
| SU002 | Claroty | Claroty and Mission IT Partner to Secure U.S. Critical Infrastructure, Accelerate Entrance into U.S. Intelligence Community | "Claroty securing an Authority to Operate (ATO) for the Claroty CTD platform at multiple military missile defense sites, and a Facility Related Control System (FRCS) for a classified Intelligence Community." |
| SU003 | Claroty | Claroty Rated a Top Performer in 2026 Best in KLAS Report for Healthcare IoT Security | "Claroty received an overall performance score of 92.5 out of 100, based on customer evaluations from 35 unique healthcare organizations–more than any other vendor in its category." |
| SU004 | Claroty | Claroty Appoints John Ryan as Vice President of Global Partner Ecosystem | "Ryan will lead the company's xCelerate Partner Program, strengthening the growth, scalability, and long-term success of Claroty's global channel ecosystem." |
| SU005 | Claroty | The Path to Enhanced Cyber Risk Management — Port Authority of New York and New Jersey and Claroty | "Only three responded with answers to nearly all 265 technical questions — this enabled our internal stakeholders to precisely measure what each vendor might do for us, and no one else came close to the Claroty responses." |
| SU006 | Claroty | South Tees Hospitals NHS Foundation Trust | "South Tees was able to demonstrate the return on investment (ROI) of their cybersecurity programme to key stakeholders." |
| SU007 | Claroty | Swiss Retail Giant Coop Gains Full OT Visibility and Reduces Cyber Exposure Across Logistics, Warehousing, and Production | "Claroty has given us complete visibility about our OT and IoT environment. With xDome, we can identify risks, define appropriate measures, and monitor them." |
| SU008 | Claroty | Case Study: Real-Time Asset Management at Yale New Haven Health | "Our main goal was to gain visualization of the clinical and medical device categories on our network. Claroty is just as effective in other nonmedical categories of IoT." |
| SU009 | Claroty | Britvic's Journey to Enhanced Asset Visibility & Risk Mitigation with Claroty | "With xDome we managed to install the server and start getting data within 2 hours, and the data we got allowed us to act quickly on issues that we hadn't already noticed in our environment." |
| SU010 | Claroty | Case Study: Fast-Tracking Airport Security Digitization & Risk Management | "Of all the vendors we evaluated, only Claroty could provide us immediate asset visibility and continuous threat monitoring so we could identify risks and take action before any measurable impact to operations." |
| SU011 | Claroty | Phlow Leverages Claroty Technologies for Unparalleled Cyber-Physical System Protection | "Claroty demonstrated a forward-thinking approach to thought leadership, aligning with our goal of partnering with an organization that is truly driving innovation in the field." |
| SU012 | Claroty | Fortifying Global Manufacturing | |
| SU013 | G2 | Claroty Reviews — G2 Product Profile | "A significant amount of fine-tuning is required to deploy Claroty. Software bugs, which can make incident handling cumbersome." |
| SU014 | Carahsoft Technology Corp. | Claroty — Protecting Mission-Critical Infrastructure Across the Public Sector | "Together, Claroty and Carahsoft empower mission owners to minimize operational disruption, optimize security investments, and confidently defend critical infrastructure." |
| SU015 | Claroty | U.S. Federal Government Cybersecurity — Claroty | "97% of agencies report some OT systems interface with enterprise IT networks." |
| SU016 | Claroty | XIoT Cybersecurity Case Studies — Claroty | |
| SU017 | Google News | Search: Claroty healthcare manufacturing customer win 2026 | |
| SU018 | Google News | Search: Claroty public sector government military deployment 2026 | |
| SU019 | Google News | Search: Claroty NRR retention customer satisfaction expansion 2026 | |
| SU020 | Google News | Search: Claroty churn complaint implementation complex cost 2026 | |
| SU021 | Claroty | Claroty Celebrates Ten Years of Industry-Leading Protection for The World's Mission-Critical Cyber-Physical Systems | "Over 1,000 customers, including General Motors, BHP, Noble Energy, Britvic, Yale New Haven Health System, Boar's Head, South Tees Hospitals NHS Foundation Trust, BW Offshore, Port Authority of New York and New Jersey, and Haleon. Work with 24 of the Fortune 100 companies." |
| SU022 | Claroty | Healthcare Cybersecurity Solutions — Claroty xDome for Healthcare | |
| SU023 | Claroty | Commercial Cybersecurity — Claroty | "8,000+ Sites Protected — Our purpose-built portfolio is deployed at thousands of sites on all seven continents — even Antarctica." |
| SU024 | SecurityBrief UK | Claroty named leader in 2026 Gartner CPS security report | |
| SU025 | Industrial Cyber | Claroty — Vendor News and Updates | |
| SU026 | BankInfoSecurity | Claroty Tops KLAS Healthcare IoT Security Rankings | |
| SU027 | BankInfoSecurity | Claroty, Nozomi, Armis Top Cyber-Physical Security Rankings | |
| SU028 | CRN | Claroty Names John Ryan to Lead Global Partner Ecosystem | |
| SU029 | SecurityBrief Australia | Claroty raises USD $150M to boost CPS cyber security | |
| SU030 | ClarotyGov | ClarotyGov — Cyber-Physical System Security for Critical Government Infrastructure | |
| SR001 | Industrial Cyber | Industrial Cyber – Claroty Coverage Tag | |
| SR002 | Claroty | Claroty – Newsroom (Press Releases and Announcements) | |
| SR003 | SecurityWeek | SecurityWeek – ICS/OT Coverage | |
| SR004 | Reuters | Reuters – Cybersecurity Coverage | |
| SR005 | CISA | CISA – Industrial Control Systems Advisories | |
| SR006 | CISA | CISA – ICS Advisories Archive | |
| SR007 | Claroty | Claroty Team82 Research Unit | |
| SR008 | Gartner | Gartner – Claroty Named Leader in Magic Quadrant for CPS Protection Platforms (March 2026) | |
| SR009 | CyberScoop | CyberScoop – Claroty Search Results | |
| SR010 | Cybersecurity Dive | Cybersecurity Dive – OT/ICS Industry Coverage | |
| SR011 | National Institute of Standards and Technology (NIST NVD) | NIST NVD – Vulnerability Search Results for Claroty Platform | |
| SR012 | NERC | NERC CIP Standards – Bulk Electric System Cybersecurity | |
| SR013 | US Department of Health and Human Services | HHS – HIPAA Security Rule Cybersecurity Guidance | |
| SR014 | Cybersecurity Dive | Cybersecurity Dive – Critical Infrastructure Protection Cybersecurity Coalition | |
| SR015 | US Securities and Exchange Commission (EDGAR) | SEC EDGAR Full-Text Search – Claroty Form D Filings | |
| SR016 | Claroty | Claroty Blog – Technical and Product Resources | |
| SR017 | CRN | CRN – Claroty Raises $150M in New Funding Amid Acquisitions of Rivals (2026) | |
| SR018 | Dark Reading | Dark Reading – ICS/OT Security Category | |
| SR019 | BankInfoSecurity | BankInfoSecurity – Critical Infrastructure Security Coverage | |
| SR020 | CISA | CISA – Known Exploited Vulnerabilities (KEV) Catalog | |
| SR021 | CISA | CISA – Automated Indicator Sharing (AIS) Program | |
| SR022 | CISA | CISA – Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) 2022 | |
| SR023 | Cybersecurity Dive | Cybersecurity Dive – West Pharmaceutical Ransomware Operations Impact | |
| SR024 | Cybersecurity Dive | Cybersecurity Dive – OT/ICS Security Challenges and Solutions | |
| SR025 | Claroty | Claroty – Carahsoft Partnership Press Release: OT Security for SLED and US Public Sector | |
| SR026 | Forrester Research | Forrester – Claroty Named a Leader in the Forrester Wave: IoT Security Solutions Q3 2025 | |
| SR027 | Bureau of Industry and Security | Bureau of Industry and Security – Export Administration Regulations | |
| SR028 | Cybersecurity Dive | Cybersecurity Dive – Claroty, Dragos, Nozomi: OT Security Market Consolidation | |
| SR029 | Cybersecurity Dive | Cybersecurity Dive – Nozomi Networks Mitsubishi Acquisition OT Security (2025) | |
| SR030 | Reuters | Reuters – OT/ICS Security Market Outlook 2026 | |
| SV001 | VentureBeat | Claroty raises $100M to secure cyber-physical systems | |
| SV002 | VentureBeat | Claroty raises $150 million Series F for CPS security | |
| SV003 | Dark Reading | Claroty hits $100M ARR, surpasses 1,000 customers | |
| SV004 | Dark Reading | Claroty raises $150M for OT security platform | |
| SV005 | BankInfoSecurity | Claroty topic page (redirected archive entry) | |
| SV006 | BankInfoSecurity | Claroty company category page (redirected archive entry) | |
| SV007 | BankInfoSecurity | Claroty tops KLAS healthcare IoT security rankings | |
| SV008 | BankInfoSecurity | Claroty eyes IPO at $3.5 billion valuation | Coverage in 2024 framed a possible IPO target around $3.5 billion, which makes a 2026 mark near $3 billion look stagnant rather than compounding. |
| SV009 | U.S. Securities and Exchange Commission | Tenable Holdings, Inc. 2025 Annual Report on Form 10-K | From 2024 to 2025, our revenue grew from $900.0 million to $999.4 million. |
| SV010 | SecurityWeek | ServiceNow to acquire Armis for $7.75 billion in cash | The announced $7.75 billion consideration creates the clearest recent strategic-exit ceiling in cyber-physical security. |
| SV011 | Reuters | Claroty raises $150 million in Series F funding round | |
| SV012 | BankInfoSecurity | Claroty raises $150 million Series F at $3 billion valuation | |
| SV013 | Claroty | Claroty secures $140 million financial round, establishing leadership position in hyper-growth industrial cybersecurity market | |
| SV014 | Claroty | Claroty secures USD100 million in strategic growth financing | |
| SV015 | Claroty | Claroty secures $150 million in Series F funding to lead charge on securing the world's mission critical infrastructure | Claroty confirmed an 80% valuation increase from the prior round but did not publish an absolute valuation. |
| SV016 | SecurityWeek | Claroty raises $150 million in Series F funding | |
| SV017 | CRN | Claroty raises $150M in new funding amid acquisitions of rivals | |
| SV018 | MarketsandMarkets | Operational Technology Security Market | |
| SV019 | Gartner | Gartner names Claroty a Leader in the Magic Quadrant for CPS Protection Platforms | |
| SV020 | Forrester | Claroty is a leader in The Forrester Wave: IoT Security Solutions, Q3 2025 | |
| SV021 | Golub Growth | Claroty — Golub Growth portfolio | |
| SV022 | Team8 | Claroty — Team8 portfolio | |
| SV023 | Forbes | Claroty company profile | |
| SV024 | U.S. Securities and Exchange Commission — EDGAR Full-Text Search | EDGAR Form D filings matching Claroty | |
| SV025 | Standard Industries | Claroty secures $100 million in strategic growth financing | |
| SV026 | Rockwell Automation | Claroty secures $100 million in strategic growth financing | |
| SV027 | Cybersecurity Dive | Claroty acquisition, Dragos and Nozomi OT market consolidation coverage | |
| SV028 | SecurityWeek | Nozomi Networks to be acquired by Mitsubishi Electric for roughly $1 billion | |
| SV029 | Armis | ServiceNow to acquire Armis | |
| SV030 | ServiceNow | ServiceNow to acquire Armis | |
| SV031 | Tenable | Tenable reports fourth quarter and full year 2025 financial results | |
| SV032 | Tenable | Tenable reports fourth quarter and full year 2024 financial results |