Even as healthcare becomes increasingly digitalized owing to various benefits such as enhanced patient monitoring, it has opened up new attack surfaces. These threats are much more terrifying. Financial and brand image losses can be recovered, but attacks on healthcare facilities can be fatal. There is no recovery after death. This disadvantage makes securing these systems against various threats like ransomware a must-do strategy. This analysis includes major vendors and their rankings as per customer impact and technology excellence. These rankings can be a vital asset while choosing a product that is the best fit for your establishment.
Let us start with a table including the participant companies’ 2023 and 2024 positioning/s and the likely reasons behind any changes.
| Vendor | Q4 2023 Position | Q3 2024 Position | Likely Reason for Change |
| Armis | Leader | Leader | Consistent innovation, strong market traction, robust partnerships. |
| Claroty | Leader | Leader | Maintained leadership by expanding healthcare-specific use cases and alliances. |
| Cylera | Leader | Leader | Strong customer impact retained; likely benefiting from steady hospital adoption. |
| Cynerio | Leader | Leader | Steady position; shows niche strength in IoT security for healthcare. |
| CloudWave | Strong Contender | Leader | Significant move up — probably improved solution maturity and customer footprint. |
| Sepio | Strong Contender | Leader | Moved into leadership — likely due to increased visibility and stronger value proposition. |
| Ordr | Leader | Strong Contender | Slipped back — may face stiffer competition or customer perception of less differentiation. |
| Forescout | Leader | Strong Contender | Downgraded — potential impact of organizational changes or focus spread too thin. |
| Palo Alto Networks | Strong Contender | Strong Contender | Stagnant — brand strength helps, but the lack of connected medical device specialization may limit growth. |
| Asimily | Aspirant | Strong Contender | Modest improvement; incremental product maturity but yet to break into leadership. |
| Gurucul | Leader | Strong Contender | Slipped — possible loss of healthcare market share or weaker execution. |
| AirEye | Leader | Strong Contender | Also slipped — may be due to narrower offering or stronger competition. |
| Cybeats | Aspirant | Aspirant | No meaningful shift — likely still building credibility and customer base. |
| MedSec | Aspirant | Not Present | Dropped off — possible market exit, pivot, or failure to sustain growth. |
| LOCH Technologies | Aspirant | Not Present | Dropped off — same as MedSec; likely didn’t keep pace with customer needs. |
Key takeaways:
- Focus on domain specificity: CMDs are not your general IoT devices. They must ensure patient safety, regulatory compliance (HIPAA, FDA), and simultaneously address legacy device constraints. Thus, users are not looking for network visibility. They are looking for products that offer domain-specific features like asset inventory for aging medical devices, risk scoring for clinical impact, and clinical risk mitigation playbooks. This can be witnessed with Forescout and Ordr, whose broader IoT playbooks may not be resonating with hospital CISOs.
- Going beyond Detection: Rogue device detection is passe’ as threats get refined and medical establishments become a target of bad actors. The establishments themselves are facing issues as networks becoming complex-er with the addition of newer components to workflows. Users are looking for products that allow them to easily integrate with existing hospital networks, electronic health record systems, and security operations centers without causing any untoward incidents. Armis, Claroty, and Cylera have likely maintained their leadership because they focus on minimal operational disruption, faster onboarding, and interoperability with medical device management systems (MDMS).
- More Consolidations: As stated above, organizations want products that can perform a number of tasks, including device discovery, segmentation, threat detection, risk scoring, incident response, and compliance. Barring compliance, smaller players may not be able to provide a unified product that includes all the capabilities. Therefore, we can expect to see consolidations as bigger players will look to add more capabilities to their products.
Market landscape: The CMDS market is maturing, which can be witnessed by the fact that the leaders’ quadrant is mainly dominated by established players like Armis, Claroty, Cylera, and Cynerio holding strong, while CloudWave and Sepio have successfully pushed into leadership. These inclusions also indicate that customers now expect clear proof of technology differentiation and demonstrable customer impact, not just big promises.
Another inference we can draw is that while big players dominate the leader quadrant, there is less consolidation. Contenders can still become leaders by adding capabilities that help increase users’ ROI.
Final word: QKS Group’s security analyst Mohnish Rathore explains what changed from 2023 in 2024. “Since 2023, there’s been a major shift in how healthcare organizations secure connected medical devices. It’s no longer just about tracking or isolating devices. Since 2024, solutions are becoming smarter by using AI to monitor device behavior, spot risks early, and respond quickly. With rising cyberattacks, stricter HIPAA enforcement, and tighter FDA requirements, securing medical devices isn’t just about compliance anymore. It’s essential for protecting patient safety and trust.”
Medical establishments are now looking for products that are specific to their domains, beyond mere device visibility. They are also looking for unified products that can integrate with medical systems seamlessly. Finally, the market is maturing, but adding more differentiators can allow contenders to become leaders. The vendors unable to fulfill these expectations face the danger of becoming redundant. In ABBA’s words, “the winner takes it all, the loser is standing small.”