Digitalized healthcare provides numerous benefits. These include improved patient outcomes through personalized care, enhanced access to services via telemedicine, and increased efficiency in healthcare delivery. These technologies also help reduce costs and empower patients to take control of their health. However, the benefits are also offset by the very nature of its connected nature, which opens it to a large type of threats. In this case, the threats can easily turn life-threatening. This comparison and analysis of the Connected Medical Devices Security (CMDS) SPARK MatrixTM for 2024 and 2025 includes major vendors and their rankings as per customer impact and technology excellence. These rankings can be a vital asset while choosing a product that is the best fit for your establishment. Let us first start with the changes in positioning and the likely causes of any changes.
| Vendor | 2024 | 2025 | Movement | Likely Reasons |
| Armis | L (top-right) | L (still top-right, slightly stronger) | L → L (strengthened) | Doubled down on healthcare as a core vertical; expanded clinical asset intelligence, SBOM & firmware-risk context, and integration with broader exposure-management platforms. Seen by hospitals as a full IoMT/OT security platform, not a point tool. |
| Claroty | L | L (even further right/up) | L → L (stronger) | OT–IoMT convergence story resonated with health systems that want one platform to cover plants + hospitals. More healthcare-specific playbooks and integrations with clinical systems push it further into “strategic partner” territory. |
| Cynerio | L (mid-right) | L (lower mid-right) | L → L (relative weakening) | Still strong in medical-workflow risk and segmentation, but competitors broadened faster into OT, cloud and SBOM-driven supply-chain context. Good product, but others expanded the platform surface more aggressively. |
| Cylera | L | NP in 2025 | L → NP (dropped) | Absence suggests either category re-positioning, slower commercial traction, or being outpaced by larger platforms. From a buyer’s perspective, raises questions on scale, roadmap, or focus relative to bigger rivals. |
| CloudWave | L (centre of Leaders) | NP in 2025 | L → NP (dropped) | Likely reflects a shift toward broader cloud/hosting services rather than pure CMDS, or an inability to differentiate as the market pivots to unified OT/IoMT + exposure management. Signals uncertainty to CISOs who bet on it as a security vendor. |
| Sepio | L (lower-right) | L (similar zone) | L → L (steady) | Continues to be valued for hardware-level visibility and rogue-device detection. Maintains relevance but not breaking away from the pack; still more of a specialist in hardware/asset trust than a full clinical-workflow platform. |
| Palo Alto Networks | SC (near border with Leaders, high tech excellence) | L (right side, close to Microsoft) | SC → L (clear promotion) | Medical IoT offering matured; better integration with Prisma, Cortex and NGFW fabric. Hospitals that already standardize on Palo Alto increasingly switch on CMDS as an “add-on” instead of buying a new vendor, pushing Customer Impact up. |
| Forescout | SC (just left of Leaders) | L (solidly in Leaders) | SC → L (major climb) | Product rationalization post-acquisitions and stronger healthcare use-cases pay off. Improved auto-classification, risk scoring and OT/IoMT coverage reduce the perception that Forescout is “only NAC with extras”. Now looks like a true healthcare cyber-asset platform. |
| ORDR | SC (clustered with Palo Alto & Forescout, 2024) | SC (mid-right, below Cisco) | SC → SC (slight reposition) | Still respected for deep device visibility and traffic analytics, but squeezed by larger platform vendors on one side and Microsoft/Cisco on the other. Likely strong in technology, but Customer Impact lags due to scale, sales reach, or platform breadth. |
| Asimily | SC (lower-right in 2024) | SC (similar/lower band in 2025) | SC → SC (downwards drift) | Good at vulnerability prioritisation and device-risk scoring, but remains narrowly focused compared with multi-domain platforms. As market pivots to “one vendor for OT+IoT+IoMT + cloud telemetry”, its single-angle proposition feels limited. |
| Gurucul | SC (lower-mid in 2024) | NP in 2025 | SC → NP (dropped) | Likely de-emphasised pure CMDS in favour of UEBA/SIEM/XDR positioning. Its analytics strengths may still matter, but not enough to be ranked as a dedicated CMDS vendor in 2025. |
| AirEye | SC (lower-mid in 2024) | NP in 2025 | SC → NP (dropped) | Wireless-threat focus probably proved too narrow as hospitals wanted full asset intelligence, segmentation, and compliance mapping. Illustrates how “single-vector” vendors are being displaced by multi-surface platforms. |
| Cybeats | A (only Aspirant in 2024) | NP in 2025 | A → NP (dropped) | Seen more as an SBOM/supply-chain specialist than a full CMDS platform. As the matrix tightens its definition around connected-device security, Cybeats appears to have fallen outside the core scope. |
| Microsoft | NP in 2024 | L (upper-left of Leaders) | New entrant → L | Defender for IoT/OT + Azure security stack give Microsoft instant leverage. Healthcare customers already using M365 and Azure can extend into CMDS with minimal friction. Even if not as deep as pure-plays, its platform gravity and SOC integration boost Customer Impact quickly. |
| Cisco | NP in 2024 | SC (high on impact, just left of Leaders) | New entrant → SC (close to L) | Leverages huge network footprint and ISE/DNA Center visibility. Strong story around Zero Trust for medical networks, but still building out clinical workflow depth and vertical-specific analytics compared with Armis/Claroty. |
| Nozomi Networks | NP in 2024 | SC (mid-right) | New entrant → SC | OT-security pedigree extended into healthcare. Strong in industrial/critical-infrastructure visibility; CMDS positioning likely rides on existing OT wins, but may lack some of the healthcare-specific playbooks of longer-standing IoMT specialists. |
| Phosphorus Cybersecurity | NP in 2024 | SC (borderline, near Leaders vertical) | New entrant → SC | Focus on IoT/OT device hardening, credentials, and firmware management gives it a differentiated angle. However, still maturing in clinical workflow and EMR-integrated use cases, which keeps it on the SC side rather than a full Leader. |
| Fortinet | NP in 2024 | SC (mid) | New entrant → SC | Expands its security-fabric narrative into medical environments: segmentation, firewalling, and OT security. Strong technology and channel reach, but the CMDS story is more about extending an existing fabric than delivering a dedicated clinical-risk platform. |
| Tenable | NP in 2024 | SC (mid) | New entrant → SC | Builds on OT/IoT visibility from Tenable.ot and exposure-management messaging. Good at continuous risk assessment, but still catching up on the deep medical-device semantics and workflow-centric analytics that differentiate Leaders. |
| TXOne Networks | NP in 2024 | SC (lower-mid) | New entrant → SC (emerging) | OT/ICS specialist stepping into healthcare. Strong at ruggedised environments and legacy devices; in hospitals, likely still earning its stripes, hence lower Customer Impact for now. |
| Nuvolo | NP in 2024 | SC (lower-mid, left) | New entrant → SC (emerging) | Comes from hospital asset-management / EAM side. Its move into CMDS reflects the convergence of biomedical engineering, CMMS, and security. Tech excellence is still ramping vs pure security players, but it resonates with HTM/biomed teams. |
| Plixer | NP in 2024 | SC (lower-left) | New entrant → SC (early) | Network-flow analytics vendor applying its NDR heritage to medical environments. Positioned as an analytics complement more than a full CMDS suite, hence lower tech/impact placement. |
Key: L = Leader, SC = Strong Contender, A = Aspirant, NP = Not Present
Looking at the market from 2023-2024 and 2024-2025 perspectives, we can see that the market is maturing from a visibility-centric IoMT niche into a full-fledged cyber-resilience platform market. This change can be clearly seen in the 2024-2025 SPARK MatrixTM, where we see new entrants from the mainstream cybersecurity ecosystem suddenly appear and grab a spot at the higher end of the matrix. The arrival of Microsoft, Cisco, Fortinet, Tenable, Nozomi Networks, TXOne Networks, Nuvolo, Plixer, and Phosphorus Cybersecurity marks the moment when the CMDS sector becomes a component of broader cyber-resilience and exposure-management platforms.
QKS Group’s Senior Analyst – Cyber Physical Security (CPS), Kunal Kumar elaborates, “The 2024–2025 SPARK Matrix confirms that Connected Medical Device Security has officially shifted from a visibility-driven niche to a foundational pillar of healthcare cyber-resilience. Vendors are now judged not just by how well they see devices, but by how quickly they can protect clinical continuity when those devices are under attack. The vendors in the upper-right quadrant are no longer winning on asset visibility alone. They are winning because they contextualize device risk in terms of clinical impact, orchestrate Zero Trust across mixed environments, and help hospitals maintain operational uptime when it matters most.”
The 2025 Leaders illustrate how far the market’s expectations have shifted. Armis and Claroty managed to hold their positions by adding OT–IoMT convergence, clinical-contextual risk models, and deeper device intelligence. Forescout and Palo Alto Networks move decisively into the Leaders category, showing that their NAC heritage and cloud security ecosystems have finally matured into full CMDS platforms. Microsoft’s breaking out at the top of the Strong Contender tier out of nowhere and nearly touching the Leaders band signals that both budgets and integration expectations will rise. Cynerio and Sepio also remain relevant, but their positions reflect a market that now rewards not just device visibility but the ability to reduce clinical downtime, mitigate ransomware impact, and deliver operational resilience in hospital environments.
The vendors that dominate the upper-right regions now distinguish themselves by their ability to provide clinical-contextual risk scoring, ingest SBOM and firmware intelligence, orchestrate Zero Trust policies, correlate cyber events with patient-care impact, and unify operational technology, IoT, and medical device ecosystems under the management umbrella.