CrowdStrike Falcon® for XIoT is gaining new innovations to protect operational technology (OT) and XIoT environments as they grow larger and more interconnected.
The rapid expansion of industrial systems has led to blind spots across segmented networks, unmanaged devices, and legacy infrastructure. Most OT security tools, siloed by design, fail to see which assets are connected or how they communicate. These security gaps create opportunities for adversaries to enter undetected and move across IT and OT environments.
Falcon for XIoT already delivers unified protection and continuous operational insight to overcome these limitations without the complexity or hardware dependence of traditional tools. Now, CrowdStrike is extending its capabilities with zero-touch asset discovery, real-time segmentation visibility, and unified insight across OT and XIoT networks. Security teams will be able to quickly uncover blind spots with richer data and clearer visibility.
A Platform-First Approach to Industrial Security
Table of Contents
At the core of these innovations is the agentic security platform, the latest evolution of the CrowdStrike Falcon® platform. It’s designed to unify telemetry into a single, enriched data layer that powers both human insight and AI-driven defense. The goal of the agentic security platform is not simply to provide more data but to provide the right context faster across OT, IoT, and IT environments.
Falcon for XIoT will unify OT and XIoT visibility within the Falcon platform to strengthen the data foundation that our agentic and autonomous systems rely on. This will provide richer insights and power faster, smarter security decisions across operational networks.
Zero-Touch XIoT Discovery: Automatically Discover Every OT Asset
Zero-Touch XIoT Discovery will give OT security teams a configuration-free way to discover assets across VLANs, subnets, and gateways without installing agents, manually defining scan targets, or configuring network settings.
Falcon for XIoT ingests Dynamic Host Configuration Protocol (DHCP) data to automatically identify subnets, then safely probes them to build a comprehensive, continuously updated inventory of industrial devices. With enriched asset attributes like device type, protocol, and Purdue level fed into the Falcon platform, teams will be able to eliminate manual effort and minimize scanning overhead, gaining complete visibility without operational disruption.
Key capabilities:
- Schedule or trigger collections with no manual configuration
- Automatically group assets by site, zone, and visibility status
- Enrich asset data with context like Purdue level, protocol, and device role
General availability is expected by the end of 2025.
Segmentation Visibility: Native Network Visibility for Smarter Defense
Segmentation Visibility will provide real-time insight into how OT devices communicate across Purdue levels, zones, and network segments using the existing Falcon sensor.
Falcon for XIoT monitors traffic between managed and unmanaged assets, and detects segmentation policy violations or unexpected communication paths. It then enriches this data with asset context. By surfacing this information in the Falcon platform, security teams will be able to quickly identify deviations, validate segmentation policies, and reduce the risk of lateral movement while simplifying operations and improving overall security posture.
Key capabilities:
- Detect real-time violations of segmentation policies across network layers
- Visualize communication paths and flow anomalies between assets
- Monitor managed, unmanaged, and unsupported device communication
General availability is expected in the first quarter of 2026.
Unified OT Visibility in the Dynamic User Experience
The new dynamic user experience will bring XIoT asset and vulnerability data from Falcon for XIoT into a single, customizable view within the Falcon platform. OT and security teams can explore their environments, assess risk, and prioritize response without switching between consoles or managing siloed tools. By centralizing context and streamlining access to critical insights, this experience will help human analysts act faster, with greater clarity and confidence.
This data will be available in the public preview1 of the dynamic user experience by the end of 2025.
Stronger OT Security Through the Agentic Security Platform
The Falcon platform has already transformed how IT and cloud environments are protected by unifying intelligence and automation in a single AI-ready architecture. Now, with the latest Falcon for XIoT capabilities, OT security teams will be able to access that same power.
Using the single Falcon sensor, organizations can move from deployment to complete XIoT visibility in under 10 minutes,2 and with our latest enhancements, OT teams will gain the visibility, context, and control they need to stop breaches.
Additional Resources
- See Falcon for XIoT in action with our updated demo video featuring our latest capabilities.
- Visit the Falcon for XIoT webpage to learn more about how CrowdStrike protects mission-critical XIoT environments.
Forward-Looking Statements
This blog includes descriptions of products, features, or functionality that may not be currently generally available. Any such references are provided for information purposes only. The development, release, and timing of all features or functionality remain at our sole discretion and may change without notice. These statements are subject to risks, uncertainties, and assumptions that may cause actual results to differ materially from those expressed or implied. Customers should make purchasing decisions based only on services and features that are currently generally available. For more information on our existing offerings, please talk to your CrowdStrike representative.
1. This Public Preview feature — an early version made available for testing and feedback — is provided “as is” without warranties of any kind, express or implied, including but not limited to warranties of performance, accuracy, or fitness for a particular purpose. CrowdStrike disclaims all warranties, support obligations, and other liabilities and obligations for this Public Preview feature. Your use of this feature is voluntary, limited to internal use by your employees only, and may be terminated by either party at any time without notice. Users are solely responsible for the data they submit, for the content and use of the reports they create, and any consequences of their use, including changes that will affect and be reflected in the existing user interface.
2. CrowdStrike Internal Testing Data. Actual results may vary.
