HomeIntelligenceBrief
BREACH BRIEF⚪ Informational Advisory

Accenture Acquires Dragos, runZero, and NetRise in $4.2 B Deal to Consolidate OT Security Platforms

Accenture bought Dragos, runZero, and NetRise for $4.2 billion, forming a unified OT‑security suite for critical infrastructure. The move expands the vendor landscape, prompting organizations to reassess third‑party risk and SOC 2 vendor‑management controls.

LiveThreat™ Intelligence · 📅 June 19, 2026· 📰 helpnetsecurity.com
Severity
Informational
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
5 sector(s)
Actions
3 recommended
📰
Source
helpnetsecurity.com

Accenture Acquires Dragos, runZero, and NetRise in $4.2 B Deal to Consolidate OT Security Platforms

What Happened — Accenture announced the purchase of a majority stake in Dragos and the full acquisition of runZero and NetRise for a total of $4.2 billion. The combined portfolio will deliver end‑to‑end operational‑technology (OT) security for critical‑infrastructure operators, adding exposure‑assessment, attack‑surface intelligence, and firmware‑level supply‑chain visibility to Dragos’ threat‑detection platform.

Why It Matters for Compliance & Audit Readiness

  • The expanded vendor ecosystem introduces new third‑party risk that must be evaluated against SOC 2 vendor‑management criteria (CC6.1, CC6.2).
  • Continuous monitoring of Dragos, runZero, and NetRise controls provides audit‑ready evidence of due‑diligence and can be captured in a unified Trust Center.
  • Organizations that rely on OT security tools need to map the new capabilities to their own control frameworks to demonstrate “reasonable assurance” in SOC 2 examinations.

Who Is Affected – Energy & utilities, pipelines, manufacturing, data‑center operators, and any enterprise with extended OT (xOT) environments.

Recommended Actions

  • Update your third‑party risk register to include Dragos, runZero, and NetRise as critical OT suppliers.
  • Map each vendor’s security controls to SOC 2 criteria (CC6.1‑CC6.2) and request up‑to‑date SOC 2 reports or equivalent evidence.
  • Deploy continuous‑monitoring tooling to collect real‑time attestations of the vendors’ control effectiveness.

Source: Help Net Security

Technical Notes – The acquisition bundles three distinct platforms: Dragos (OT threat detection), runZero (asset‑exposure assessment), and NetRise (software‑supply‑chain and firmware visibility). No vulnerability or exploit is disclosed; the relevance is the creation of a larger, integrated OT‑security supply chain. Source: same as above

📰 Original Source
https://www.helpnetsecurity.com/2026/06/19/accenture-dragos-runzero-netrise-acquisition/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Vendor Risk Hub

Point-in-time vendor reviews miss incidents like this.

Verisq AI Trust Operations replaces the annual questionnaire with continuous third-party monitoring — so vendor exposure becomes audit evidence, not a once-a-year guess.

See how Verisq AI Trust Operations works →