Q: How is Claroty positioned within the Latin American industrial cybersecurity market, and what strategic role does the region play in the company’s global growth plan?
A: We have consolidated our position as the undisputed leader in Latin America, evolving from an initial operation in 2019 to a robust team nowadays. We now hold the top position in market mentions and recognition in key countries such as Mexico and Brazil where Marfrig, one of the world’s largest beef producers, selected Claroty’s xDome platform to strengthen the cybersecurity of its global operations, enhancing visibility and protection across its complex industrial environment spanning 19 facilities worldwide. Our growth is accelerating, as we closed 2025 with an average of five new clients per month, reflecting an increasing maturity in the region regarding the protection of critical mission infrastructure.
Latin America is a vital growth engine for our global plans. The region is relevant not only for traditional manufacturing but also for the expansion into Cyber-Physical Systems (CPS) across all verticals, from smart cities to hospitals. This region represents an opportunity to educate markets and demonstrate that industrial cybersecurity is now a direct responsibility of business leaders, rather than an isolated technical issue.
Q: What are some of the challenges companies face when implementing cybersecurity strategies within their organizations?
A: One of the most persistent challenges has been dismantling the “isolation myth.” For a long time, executives believed their operating plants were 100% disconnected from the internet when, in reality, there is a very strong “Shadow OT” phenomenon. This shift in mindset has been a critical barrier, as Chief Information Security Officers (CISOs) initially did not consider the operating environment to be their responsibility, viewing it as something foreign to the traditional corporate world. Furthermore, the lack of solid government regulations in several countries in the region makes it difficult to allocate specific budgets.
Q: In Mexico and the region, which sectors are most advanced in integrating IT and operational technology (OT), and how does Claroty adapt its strategy to each sector?
A: The food and beverage sector was the pioneer in Latin America due to the critical risk that an alteration in product formulas would pose. It was followed closely by utilities, where a prolonged blackout could lead to social unrest. The technology is now penetrating the healthcare sector; although Mexico still faces a digital gap, modern hospitals are beginning to understand that the protection of medical equipment is a life-or-death priority for the patient.
We adapt our strategy by focusing on the business purpose of each asset rather than just viewing the technical vulnerability. For example, we do not treat an elevator in a residential building the same as one in a hospital emergency zone. Our platform allows us to classify risks according to operational impact: if a piece of equipment is vital for performing 1,000 medical exams per day, it is assigned a higher priority, and the CISO is provided with financial data to justify the necessary protection investment to the CFO.
Q: How does Claroty’s expertise in OT, the Internet of Things (IoT), and the Internet of Medical Things (IoMT) benefit its customers?
A: This expertise is fundamental because modern environments, such as those of Healthcare Delivery Organizations (HDOs), are ecosystems where these three worlds constantly converge and communicate. Hospitals are not just at risk from data theft, but an attacker could take control of a ventilator, an incubator, or a remote surgery robot. Our cross-domain experience allows us to identify not only what equipment is on the network but also what those devices are doing and how they interact through specific protocols that traditional IT does not understand.
In practice, this knowledge benefits clients by translating technical risk into business language.
Q: With secure remote access being essential, what level of control and risk reduction does xDome offer for internal teams and external providers?
A: xDome offers a granular level of control based on total visibility and intelligent asset classification. The solution does not limit itself to inventorying equipment; rather, it understands the vulnerability and purpose of each asset within the enterprise ecosystem. For internal and external teams, this means that access is managed with the exact knowledge of how each asset impacts the operation, allowing us to identify specific risks before they become actual incidents. Furthermore, xDome reduces risk by connecting the dots between inventory, vulnerability, and remote access with the business purpose.
Q: How does Claroty integrate into legacy or “brownfield” systems without affecting production?
A: Our key advantage is that Claroty was born directly within the OT environment rather than as an adaptation of an IT tool. The platform has the native capability to speak all protocols, both legacy and modern. This allows for seamless integration into existing brownfield networks by understanding the specific language of industrial machinery without causing friction.
To avoid production downtime, we use contour strategies such as network segmentation. If a vulnerability is identified in legacy equipment that cannot receive a patch immediately because the plant cannot stop, the tool suggests creating a “protection bubble” through firewall rules. This allows the equipment to continue operating safely until the next scheduled maintenance shutdown, resolving the conflict between security and the need for continuous production.
Q: What lessons did recent attacks on critical infrastructure in Latin America provide regarding preparation and response?
A: One of the most striking lessons is that the response to an incident in OT is radically different from that in IT. In an industry or a hospital, one cannot simply apply a patch and restart, as patient care is at stake or physical processes cannot be interrupted. Recent attacks have shown that companies must often live with risk for months until a maintenance window is found, underlining the need for specialized response strategies that do not depend on the immediate shutdown of systems. Another critical lesson is the impact of limited transparency and collaboration; since there are no regulations requiring the reporting of attacks in many countries, companies tend to hide them, which prevents others from learning from those experiences.
Q: How are technologies such as AI, advanced automation, and IoT changing threat detection and incident response?
A: These technologies are enabling a shift from reactive detection to intelligent management based on operational resilience. For example, through automation, tools like xDome can analyze a vulnerability and, if the manufacturer has not yet released a patch, automatically propose an alternative mitigation path, such as specific firewall rules. This allows security teams to protect infrastructure without the need to stop production, adapting to the real pace of each industry. Additionally, collective intelligence — such as that generated by Claroty Team 82 — allows us to identify vulnerabilities in IoT and IoMT devices before they become public.
Q: What are the main strategic priorities for Claroty in Latin America through 2026, particularly in key markets like Mexico?
A: Through 2026, our central priority in Mexico is to capitalize on nearshoring, which is attracting a massive number of industries to the country. To support this growth, we are making significant investments in local talent, particularly in pre-sales engineers and post-sales teams. The goal is not only to sell the platform but to accompany clients on their “cybersecurity journey,” ensuring they fully leverage all tool functions to protect their expanding plants. At the regional level, the strategy focuses on aggressively expanding into “digital life” verticals beyond manufacturing, including the protection of ports, airports, transportation systems, and, most notably, digital health. We foresee that hospitals will be the next major vertical to be exploited by attackers in Latin America; therefore, our strategic focus will be on consolidating the protection of these critical systems where digital connectivity directly meets human safety.