Achieving full-spectrum asset visibility throughout your environment can be the driving force for an effective cybersecurity strategy. This starts with a comprehensive view of all cyber-physical systems (CPS) — including OT, IT, IoT, and building automation systems (BAS) — across the entire organization.
However, discovering all assets within the CPS environment requires a nuanced approach. That’s because air-gapped, remote, or difficult-to-access segments of the network exist in OT environments, making it more challenging to gain visibility into them.
To solve this challenge, Claroty Edge is introducing enhanced support for Docker. Empowering organizations to gain deeper visibility without the need for physical hardware, eliminating visibility challenges for CPS environments, and further enhancing your security strategy to reduce visibility gaps within your infrastructure.
Visibility Challenges for CPS Environments
In the most recent Global State of CPS Security Survey 2025, 40% of companies reported that having assets insecurely connected to the internet as one of their biggest challenges in closing security gaps. Visibility into asset exposures, such insecure internet connectivity, is critical to minimizing the attack surface. However, achieving this goal has grown further out of reach as the following challenges continue to plague organizations:
IT solutions are incompatible with OT assets — Standard IT solutions and scanning methods are often incompatible within CPS networks. Many traditional IT solutions used within CPS environments limit the ability to proactively manage the attack surface, creating more risk. BAS, including climate control, lighting, and physical security, often operate alongside IT infrastructures, yet are rarely fully visible to security teams. Without a complete, context-rich asset inventory, it’s difficult to assess risk or prioritize exposures effectively.
Traditional asset inventory solutions have a longer time to value (TTV) — Traditional asset inventory solutions often require hardware that can be costly, complex, and time-consuming to deploy. Additionally, passive network monitoring has often been the default approach to CPS asset discovery. Although this method still has its benefits, it doesn’t scale well in CPS settings. That’s because it requires expensive, dedicated hardware, long deployment timelines, and learning cycles that delay insight. For organizations with dozens—or even hundreds—of distributed sites, this leads to high costs and a slower TTV.
CPS environments are widely distributed across multiple sites — Many CPS environments are geographically isolated and/or airgapped. This can make them difficult to access in order to install hardware. These air-gapped environments are often isolated by design to reduce cyber risk. However, this isolation also makes it difficult to inventory assets, creating significant visibility gaps across the full CPS environment.
How Claroty Edge Enhances Visibility
For countless organizations, deeper visibility can reduce risk and ultimately lead to a better exposure management strategy. By adopting a redefined, hardware-free approach to active discovery , organizations can transform the way they discover assets using the infrastructure they already have. This method provides them with rapid and scalable visibility across CPS environments—without the need for traffic learning or resource-intensive installations. It allows security teams to gain deep asset visibility and business context within minutes.
In distributed CPS environments, devices often reside in segmented, remote, or lightly monitored areas of the network. Traditionally, visibility into these devices requires physical access, a centralized collection server, or changes to the network—none of which are always practical or scalable. With Claroty Edge, you receive rapid, deep asset discovery with zero network changes and no physical hardware. It operates by running as a one-time executable on Windows and Linux-based hosts, providing detailed insights into both managed and unmanaged assets within minutes.
Expanded Claroty Edge Support Through Docker
Claroty Edge now provides Docker support which can be deployed directly within segmented networks on existing Linux-based infrastructure. This deployment flexibility includes infrastructure devices such as firewalls, switches, or edge servers, all without the need for additional investment in dedicated Windows or Linux hosts. The advantages of this enhanced asset visibility include:
Faster, easier deployment: Edge is agentless, non-persistent, and runs as a lightweight executable. It requires no installation, no host-based sensor, and no network re-architecture. This accelerates time-to-value and minimizes disruption for customers.
Containerized portability: Edge can now run as a Docker container, making it easy to deploy on remote or resource-constrained systems.
Minimal system impact: Docker containers use fewer resources, making deployment low-risk for operational teams concerned with uptime and system integrity.
Lower total cost of ownership: Edge is included in Claroty’s xDome platform and is not an added-cost premium sensor like other solutions on the market, which can become expensive for OT environments requiring continuous monitoring.
Broader, more actionable visibility: Edge discovers both managed and unmanaged assets at the network level using safe, vendor-specific queries—offering a deeper and more complete asset inventory without the need for a host-based scanner.
These capabilities are especially valuable for gaining visibility into air-gapped or hard-to-access network segments where traditional discovery methods fall short. By eliminating the need to provision new Windows or Linux host devices, this enhancement reduces friction, saves time and costs for OT teams, and enables broader, faster deployment. It also enables security teams to perform targeted, point-in-time scans that uncover unmanaged assets, without compromising the integrity of the air-gapped environment.
With Docker support, Claroty Edge continues to redefine what it means to achieve deep visibility—using the infrastructure you already have. To learn more about Claroty’s solutions to protect CPS within your organization, reach out to a member of our team.
