Accenture Acquires Dragos, runZero, and NetRise in $4.2 B Deal to Consolidate OT Security Platforms
What Happened — Accenture announced the purchase of a majority stake in Dragos and the full acquisition of runZero and NetRise for a total of $4.2 billion. The combined portfolio will deliver end‑to‑end operational‑technology (OT) security for critical‑infrastructure operators, adding exposure‑assessment, attack‑surface intelligence, and firmware‑level supply‑chain visibility to Dragos’ threat‑detection platform.
Why It Matters for Compliance & Audit Readiness
- The expanded vendor ecosystem introduces new third‑party risk that must be evaluated against SOC 2 vendor‑management criteria (CC6.1, CC6.2).
- Continuous monitoring of Dragos, runZero, and NetRise controls provides audit‑ready evidence of due‑diligence and can be captured in a unified Trust Center.
- Organizations that rely on OT security tools need to map the new capabilities to their own control frameworks to demonstrate “reasonable assurance” in SOC 2 examinations.
Who Is Affected – Energy & utilities, pipelines, manufacturing, data‑center operators, and any enterprise with extended OT (xOT) environments.
Recommended Actions –
- Update your third‑party risk register to include Dragos, runZero, and NetRise as critical OT suppliers.
- Map each vendor’s security controls to SOC 2 criteria (CC6.1‑CC6.2) and request up‑to‑date SOC 2 reports or equivalent evidence.
- Deploy continuous‑monitoring tooling to collect real‑time attestations of the vendors’ control effectiveness.
Source: Help Net Security
Technical Notes – The acquisition bundles three distinct platforms: Dragos (OT threat detection), runZero (asset‑exposure assessment), and NetRise (software‑supply‑chain and firmware visibility). No vulnerability or exploit is disclosed; the relevance is the creation of a larger, integrated OT‑security supply chain. Source: same as above