Tenable just got named a Challenger in the 2026 Gartner Magic Quadrant for CPS Protection Platforms. They also dropped a new OT asset discovery engine into Tenable One. If you sell anything near operational technology, industrial control systems, or cyber-physical security, this is a buying signal you can use this week.
Why the Challenger label matters more than the quadrant
Gartner's Magic Quadrant is a lagging indicator. By the time a vendor lands on it, the market has already moved. But the Challenger position specifically tells you something useful: Tenable has strong execution capability and a clear vision, but it hasn't yet dominated the market's mindshare.
That means their sales team is hungry. Their partners are recruiting. Their prospects are getting more inbound content about CPS risk. And every one of those prospects is now asking themselves: "Should we be looking at this?"
That question is your wedge. But let's unpack why the Challenger label carries more operational weight than the quadrant's top-right corner. In a Leaders quadrant, the vendor's sales motion is often reactive — they field inbound requests from established brand recognition. Their reps manage relationships, not pipeline creation. A Challenger, by contrast, must actively educate the market. This forces their sales development teams to engage in higher-touch, consultative outreach that surfaces regulatory pressure points — like NIST 2.0's expanded scope for cyber-physical systems or SEC disclosure rules that now tie executive compensation to incident response timelines. Every conversation a Tenable rep has is a conversation that validates the category itself. For your outreach, this means the prospect's internal compliance team is already being primed by Tenable's content. They've seen the Gartner report. They're auditing their own CPS exposure. Your job isn't to sell the problem — it's to position your solution as the operational bridge between the audit finding and the remediation workflow. The Challenger's hunger creates a window where the prospect is actively comparing, not passively buying. That window is narrow, but it's where deals get built.
The OT discovery engine changes the conversation
The new OT asset discovery engine inside Tenable One is the real story. It finds cyber-physical assets that traditional IT scanners miss—programmable logic controllers, remote terminal units, building management systems. The kind of gear that runs power plants, water treatment facilities, and manufacturing lines.
If you sell monitoring software, managed security services, or compliance tools for industrial environments, your prospects just got a reason to audit their asset inventory. They need to know what they have before they can protect it. Tenable just made that easier.
But the deeper shift here is regulatory. NERC CIP, TSA pipeline directives, and the EU's NIS2 framework all now mandate active asset discovery for OT environments. The old "air-gapped and forgotten" approach no longer passes audit. Tenable's engine directly addresses this compliance pressure by giving security teams a defensible, repeatable discovery process. For a prospect facing a NIS2 deadline, this isn't a nice-to-have—it's a checkbox they must tick. That changes the sales conversation from "why invest" to "how quickly can we deploy."
Here's what we'd do with this signal:
- Search for companies that have publicly referenced Tenable in their security stack (job postings, case studies, partner lists)
- Look for OT security manager or ICS security lead roles posted in the last 90 days
- Target manufacturing, energy, and utility companies that have recently disclosed a cyber incident
Each of those is a prospect who is actively thinking about CPS protection. They're not waiting for a cold email to educate them—they're already in the market.
How to build the list without wasting time
Start with the Gartner report itself. The vendors listed—leaders, challengers, visionaries, niche players—all have partner ecosystems. Tenable's partner directory is public. So are the partner directories of Claroty, Nozomi Networks, Dragos, and Microsoft.
Pull the companies that list CPS or OT security as a service offering. Those are your channel targets. They need tools to deliver on their promises. But don't stop at the directory listing. Cross-reference each partner against regulatory frameworks that mandate CPS protection—NERC CIP for energy, IEC 62443 for manufacturing, or TSA directives for pipelines. A partner that explicitly markets compliance services around these standards is not just selling security; they are selling operational continuity under regulatory threat. That distinction matters because it reveals a deeper buying trigger: avoiding fines and shutdowns, not just preventing breaches.
Then layer in job postings. Search LinkedIn for "OT security" or "ICS security" with a posted date filter of the last 30 days. Every company hiring for this role is signalling budget and urgency. But refine further. Filter for roles that mention "compliance," "audit," or "regulatory reporting" in the job description. Those postings indicate the company is under active pressure from a regulator or insurer, not merely building a forward-looking capability. The difference is critical: a compliance-driven hire has a mandated timeline, while a capability-driven hire can be delayed. Your outreach should prioritize the former, because their procurement cycle is compressed by external deadlines, not internal roadmaps.
We covered a similar approach for predictive maintenance buyers earlier this year. The same logic applies: when a market gets a catalyst, the buyers who were already close to a decision accelerate. In CPS protection, the catalyst is often a regulatory update or a high-profile incident that triggers board-level review. Your list-building should mirror that rhythm—target the companies where the catalyst has already landed, not the ones still waiting for it.
What doesn't work here
Don't lead with "I saw Tenable got named a Challenger." Your prospect already knows. They read the same industry press you do.
Don't pitch your product as a replacement for Tenable unless you actually compete in the CPS space. Most SDRs don't. You're selling something that complements or extends what Tenable does—asset discovery, vulnerability management, compliance reporting, incident response.
Do lead with the problem the prospect is solving. Something like: "Your OT asset inventory is probably incomplete. Tenable's new engine helps, but it still needs a workflow to act on what it finds. That's where we come in."
One customer running outbound to UK energy companies tried the generic "we help with cyber security" angle and got nowhere. When they switched to "we help OT teams close the gap between discovery and remediation," reply rates went from 2% to 11%.
The deeper issue here is that most SDRs treat a Gartner mention as a credibility crutch rather than a signal of where the market is moving. Tenable being a Challenger means it has strong execution but lacks the completeness of vision for the full CPS lifecycle—specifically around operational workflows like patch scheduling in air-gapped environments or integrating with legacy PLCs that don't accept modern authentication. If your product solves for that gap, you don't need to name-drop the quadrant. You need to name the regulatory pressure that makes the gap painful. For example, NERC CIP requires evidence of remediation within a defined window, not just detection. Tenable can flag the vulnerability; your tool can prove the fix was applied and logged. That's the conversation. Lead with the compliance deadline, not the analyst report.
If you want to try this
Pull the Gartner report. Build a list of 50 companies that either partner with Tenable or are hiring for OT security roles. Write three email variations that reference the specific problem the OT discovery engine solves—not the quadrant position. Test them against a control group of 20 prospects each.
The real leverage here isn't the quadrant badge—it's the regulatory pressure that makes the OT discovery engine a compliance necessity. NERC CIP, IEC 62443, and the SEC's cyber disclosure rules all demand asset visibility in operational technology environments. A prospect who is hiring for OT security roles is already signaling they have a visibility gap they're trying to fill. Your email should anchor on that gap: "Your team is hiring for OT security—here's how our discovery engine maps assets your current tools miss." The quadrant mention only validates that Tenable is a credible vendor; the discovery engine solves the audit risk that keeps your prospect's legal team up at night. For the partner list, target MSSPs and system integrators who resell Tenable—they already understand the compliance workflow and can shortcut your sales cycle. Run your three variations against the control group, measuring reply rate and meeting booked, not open rate. The variant that references a specific regulatory deadline (e.g., "SEC rule 10D-1 compliance") will likely outperform the generic "asset visibility" angle. If you want to automate the list building and scoring part, give MiraReach a try. We handle the prospect finding and inbox scoring so you can focus on the message.
— Mira