# Compare — Whisper vs OT visibility &amp; Xage zero-trust · additive to your OT stack

> Your OT platform sees *what's* on the network — not whether anyone can prove this asset is who it claims.
> Dragos, Claroty, Nozomi, Armis, Forescout, Xage — each is good; keep running every one.
> Whisper is the two layers no one else owns — cross-org attribution that survives egress rotation,
> and a publicly verifiable, key-derived asset identity — and it feeds your SOC rather than replacing it.

The OT intrusion survives the whole stack, because it walks two seams no single tool was built to
close: **attribution that crosses the org boundary when the egress rotates**, and **an asset identity
a third party can verify without logging into anyone's platform**. Whisper is those two layers — and
only those. Additive, never a replacement: it turns your inferred inventory into cryptographic
identity, closes both gaps, and makes the `MUD` your devices already declare actually enforceable.
**The address is the asset — provable, from the key it already holds, and no one can forge it.**

`whisper verify --trustless` — the one differentiator every tool here lacks: you never have to trust *our* API.

- **2 gaps** — publicly-verifiable identity + cross-org attribution: the two seams no OT tool closes
- **0** — rip-and-replace; Whisper rides on top of your OT visibility and SOC
- **RFC 8520** — the MUD a device already declares, made enforceable at its own /128
- **STIX 2.1** — a machine-readable feed (CEF · ECS today) — TAXII export on the roadmap
- **flat** — per-asset, per-year — not per-connection, not usage-metered
- **trustless** — verify an asset's identity without trusting our API

---

## Every tool here is good. The incident survives in the seams *between* them.

The OT intrusion — reach an exposed asset, ride a converged IT foothold across the Purdue boundary,
issue a valid-looking command over shared, rotating egress — passes every perimeter check on purpose.
Strip it down and it leans on exactly two structural gaps. Here's which category of tool leaves each
one open, and why.

### Gap 1 · attribution stops at the firewall

The visibility vendors baseline behavior beautifully *inside* your network — but a hostile session
arrives over shared, rotating egress, and behavioral fingerprinting stops at the Purdue boundary. You
see the last IP inside your own DMZ; it was never the operator. Rate-limit it and they spin up a fresh
cloud IP or a residential exit, and you correlate nothing across the vendor/integrator boundary.

**Only Whisper closes it — the graph.** A live internet-infrastructure graph — **7.44B**
nodes and **39.3B** relationships of fused BGP, DNS, WHOIS, TLS, hosting and threat
intel, answering in under 300 ms — fingerprints the *operator*, not the IP. Cloud rotation collapses
into one infrastructure genealogy (shared ASN, hosting, certificate lineage); a residential swarm
collapses on a `JA4/JA3` client fingerprint that travels with the tooling regardless of the exit.
Every answer is a reproducible evidence chain your auditors, your integrator and a regulator can
replay — the one thing we never rely on is the last IP.

### Gap 2 · no one outside your fabric can prove the asset

In OT a device cannot prove who it is, and a controller cannot verify what it is told — a valid-looking
command from anywhere with reachability is obeyed as if it came from the plant operator. Visibility
vendors *infer* identity from behavior — a probabilistic label, scoped to the monitored network,
non-revocable off-box. Even the good key-derived names the industry already has stay trapped locally:
OPC UA binds an `ApplicationUri` into the app-instance certificate, but trust is a per-site TrustList —
public CAs are *explicitly discouraged*, and revocation is a local CRL edit no one across the boundary
ever sees.

**Only Whisper closes it — identity.** Take the identifier the asset already carries — its OPC UA
**ApplicationUri**, its 802.1AR IDevID, or its nameplate serial — and bind it to a routable,
forge-proof **/128** derived from the asset's own public key, DNSSEC-anchored and **DANE-EE** pinned.
Now a regulator, an insurer or a peer operator can verify it against the IANA root *without ever
logging into your platform* — and the `MUD` the device already declares becomes an egress rule
enforced at that /128, not a suggestion at the nearest switch. The declaration finally becomes proof.

Gap 1 is detection made durable across rotation and across the org boundary. Gap 2 is the root cause
removed — an identity anyone can check and you can revoke worldwide in one call. No tool you already
run was built to close either; that's the white space, and it's exactly the two seams the 2023–25 wave
of opportunistic OT intrusions walks through.

---

## The intrusion asks three questions. Your stack answers only the first.

Line the categories up against the questions an incident actually forces you to answer, and the
picture is honest and simple: the network layer is well covered, and the two layers underneath it —
attribution across the boundary, and identity anyone can verify — are the seams.

```
① What's on my OT network — and is it behaving?      ──▶  covered — OT visibility / detection
                                                          (Dragos · Claroty · Nozomi, inside your fabric)
② Who's behind this connection, across rotation?     ──▶  GAP 1 — behavioral fingerprint stops at
                                                          the Purdue / firewall boundary
③ Can anyone outside prove this asset is who it       ──▶  GAP 2 — no tool spans the org boundary
   claims?                                                 (inferred from behavior, or private-rooted)

                          Whisper spans ② + ③, adds MUD egress governance, and feeds ①
                          operator fingerprint · JA4 · DANE-EE /128 from the asset's own key
                          evidence chain → your SIEM (STIX 2.1 · TAXII · CEF · ECS)
```

Additive by construction: Whisper owns the two layers no one else does, and hands the first layer a
sharper feed. Keep your OT visibility and your SOC — Whisper closes what they can't reach.

---

## Visibility tells you *what* is on the network. Xage roots identity *privately*. Whisper makes it *publicly verifiable*.

Two neighboring categories, and us. The **OT visibility & detection** incumbents — Dragos, Claroty
xDome, Nozomi, Armis, Forescout, Tenable OT, Microsoft Defender for IoT — own protocol visibility and
anomaly detection; their identity is *inferred from behavior*, appliance- or SaaS-scoped, and their
attribution stops at the firewall. **Xage** is the one genuine identity peer: real OT identity and a
zero-trust fabric, now extending to AI-agent identity — but *private-rooted* and overlay-scoped. Here
is the honest grid.

| Capability | OT visibility / detection | OT zero-trust identity (Xage) | Whisper |
|---|---|---|---|
| OT protocol visibility / discovery / inventory | ✓ | — | additive feed · consumes their inventory |
| OT anomaly / threat detection | ✓ | — | — |
| Remote / privileged access control to assets | — | ✓ | complements |
| **Per-asset device identity — how rooted** | inferred from behavior | private CA / ledger / appliance overlay | ✓ DNSSEC + DANE, publicly rooted |
| **Publicly verifiable by a 3rd party** — no vendor platform in the loop | — | — | ✓ |
| **Identity from the asset's existing key** — no new agent / appliance inline | — | — needs mesh / broker / sensor | ✓ |
| **Cross-org attribution** across rotating cloud / residential egress | — in-network only | — | ✓ |
| Cross-org revocation at DNS-TTL | — | ✓ within its own fabric only | ✓ internet-wide |
| **MUD (RFC 8520) egress** bound to a globally-verifiable identity | partial · local allowlists | partial · policy at the broker | ✓ |

> **"My visibility platform already discovers every asset and flags anomalies. Isn't that identity?"**
> It's an inference, not a proof. A behavioral inventory gives you an excellent probabilistic label —
> *this looks like a Siemens S7 on line 3* — scoped to the network you can see, and it evaporates the
> moment you ask a party *outside* that network to trust it. Whisper turns that inferred label into a
> cryptographic fact anyone can check against the IANA root, from the key the asset already holds, and
> revoke in one call. We don't replace the discovery — we consume it and make it verifiable.

---

## Xage secures identity *inside* your fabric. Whisper makes identity verifiable *outside* it.

Xage is the closest neighbor on this page, and a serious one: real OT identity, a zero-trust fabric
with local enforcement that survives site isolation, credential vaulting and session control, and —
like us — a move into non-human, AI-agent identity. We respect it. The difference is the *root of
trust*: Xage anchors identity in its own distributed ledger and enforces it at Xage nodes in the path;
Whisper anchors identity in the public DNS and puts nothing in the path at all.

Same zero-trust spirit, opposite root of trust. With Xage, a regulator, insurer or peer operator has
to join or log into the fabric to verify an asset. With Whisper, they run `dig` and
`whisper verify --trustless` against the IANA root — no platform to join, no appliance to trust, and
our own API deliberately outside the trust path. And because the /128 is derived from the key the asset
*already* holds, there's no mesh to put in-line and no new agent to flash onto a fielded, brownfield
fleet.

```
             the same OT asset · its own existing key
                  │                          │
   private root — inside the fabric   public root — on the internet
                  │                          │
        Xage fabric · mesh nodes      /128 · DNSSEC · DANE-EE · RDAP
   private ledger/CA · in-path        public DNS · nothing in the path
                  │                          │
        must join the fabric              no account
                  ▼                          ▼
     regulator · insurer · peer     regulator · insurer · peer
     verifies from inside only      dig + whisper verify --trustless

              same zero-trust spirit — opposite root of trust
```

Xage's in-path enforcement is a real strength — it survives site isolation. Whisper's out-of-path
public anchor is a different strength — anyone can verify the asset without your platform, and you can
revoke it internet-wide in one call. They are complementary roots, not the same one.

The rest of the neighborhood secures something adjacent, not the asset's own identity. **Cyolo, Dispel,
Claroty xDome Secure Access, Cisco Cyber Vision + Secure Equipment Access, Zscaler PRA** broker the
human, privileged *session* to an asset — user, role and session-centric — and they complement us:
they authorize the operator, we prove the machine. **TXOne** allowlists and auto-segments at the host
and segment — local by design. None of them makes an asset's identity verifiable across the org
boundary, and none makes MUD enforceable at the asset's own address.

### Every platform here, you must trust. Ours, you don't have to.

Every console and fabric on this page asks you to trust its verdict. Whisper's core claim — *this
address is that asset* — is checkable by anyone against the IANA DNS root, with our own API
deliberately outside the trust path. No account required. And the same names give you a reconnaissance
tripwire the private registries never did: see who's enumerating your plant before the write lands.

```sh
# keyless — re-derive and verify any asset's identity, trustless
$ whisper verify --trustless 2a04:2a01:71c::a55e
  ✓ DNSSEC chain valid to the IANA root
  ✓ DANE-EE (TLSA) leaf matches the asset's OPC UA app-instance key
  ✓ RDAP: registered under AS219419 · 2a04:2a01::/32
  identity: VERIFIED — and our own API was never trusted

# the address is the asset — reverse DNS names it
$ dig -x 2a04:2a01:71c::a55e +short
  plc-line3-04.ot.acme-plant.whisper.online.

# who's enumerating your plant — a recon tripwire, before the write lands (keyless)
$ curl -s https://whisper.online/ip/2a04:2a01:71c::a55e/lookups
  17 TLSA + PTR lookups in 6 min from one operator across 3 clouds → flagged

# who really operates a suspicious controller — the public graph API, with your key
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
    -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}'
  operator:  <fingerprinted> · seen across AWS / GCP / Azure
  residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator
```

```sh
# bind the asset to the OPC UA ApplicationUri it already carries
$ export WHISPER_API_KEY=whisper_live_xxx
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: $WHISPER_API_KEY" --data-urlencode "q=CALL whisper.agents({op:'connect', args:{tier:'wireguard',
       identity_public_key:'<base64 SPKI of the asset key>',
       device_id:'urn:acme-plant.example:opcua:LINE3-PLC-04'}})"   # device_id = the OPC UA ApplicationUri
  → identity 2a04:2a01:71c::a55e   DNSSEC + DANE live

# the MUD the device already declares — now enforced at its own /128, default-deny
$ whisper policy set --default deny \
      --allow mud.acme-controls.example,scada.acme-plant.example   # its maker's cloud + its controller
$ whisper kill --revoke 2a04:2a01:71c::a55e   # cross-org, worldwide, at DNS-TTL
```

---

## Whisper is one layer, done well. It sits beside these — not over them.

Plenty of good vendors own the sensor, the session and the segment. That's a different lane, and we
don't claim it. Naming the boundary is the point: it's how you know exactly what you're buying.

- **OT protocol visibility, discovery & anomaly detection.** Passive and active discovery across 600+ ICS protocols, CMDB inventory, ML process-baselining, KEV and CVE management — Dragos, Claroty xDome, Nozomi, Armis, Forescout, Tenable OT, Microsoft Defender for IoT. Whisper does none of it and doesn't pretend to; it *consumes* that inventory and turns an inferred label into a verifiable, revocable identity. Additive; it runs beside us.
- **Remote & privileged access brokering.** Securing the human, privileged *session* to an asset — MFA, vaulting, session recording, jump-hosts — Cyolo, Dispel, Claroty Secure Access, Cisco SEA, Zscaler PRA. That authorizes the operator; Whisper proves the machine and attributes the connection. Fully complementary — they gate the human, we identify the asset.
- **In-path protocol enforcement & segmentation.** Host allowlisting, auto-segmentation and protocol-aware firewalling in the command path — TXOne and the broker-gateways. Honest scope: Whisper changes *who* may reach and speak to a device, and attributes who did — it does **not** add authentication to Modbus / DNP3 / PROFINET on the wire, and it can't stop a purely-internal write once an attacker already holds an OT-segment foothold. That last inch must be enforced in-path; we say so plainly.

We don't do OT protocol visibility, anomaly detection, asset discovery, or remote-access brokering —
the incumbents are excellent at those, and we consume and complement them. Whisper is the
publicly-verifiable, key-derived, internet-attributable identity layer — the one thing on this page
that closes both seams — and it's honest about being exactly that.

---

## No new silo. Mapped to your standards. Availability-safe by construction.

The additive posture isn't just tidy architecture — it's what makes the buy defensible. Nothing you
already run gets torn out; one line item closes two gaps, makes MUD enforceable, and feeds everything
else.

- **A feed, not another console.** The Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings map to CEF and ECS, with **STIX 2.1 over TAXII** export on the roadmap. Zero analysts babysitting a new pane of glass — the finding lands where the SOC already looks.
- **Speaks your compliance language.** A verifiable per-asset identifier maps to **IEC 62443-4-2 CR 1.2** and the zones-and-conduits of **62443-3-3**; a one-call revoke and default-deny egress evidence **EU CRA** Annex I 2(d)/(j)/(l) (the 2027 CE deadline), **CISA CPG 2.0** IPv6-inventory (near-verbatim), and TSA / NERC segmentation. Honest: identity ≠ full auth — the asset still does its OPC UA / TLS handshake; we make it globally verifiable and attributable, we don't replace it.
- **Flat, forecastable TCO.** Per-asset, per-year and flat — not per-connection, not usage-metered. ROI in analyst-hours saved correlating disposable IPs, blast radius reduced to a single asset, and one `revoke` instead of a site-wide reset across the vendor boundary. [See pricing →](/pricing)
- **On-prem or your own tenant.** Data residency by construction — the graph and the per-asset logs stay where your regulator needs them. The identity plane is built to **fail open**: a Whisper outage never bricks a PLC; checks degrade to your existing anchors, and there's no inline OT chokepoint to add.
- **Nothing issued in the dark.** Every identity mint and every revoke lands in a public, append-only **RFC 6962 Merkle transparency log**, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — an auditable, non-repudiable trail for NERC, the CRA and your insurer. *Honest status:* tamper-evident today; independent witnessing is the next step.
- **A vendor built to outlast the question.** Real routable address space (**AS219419**), run by people who ran the internet's regional address registry and operated one of its root DNS servers. Keyless to prove, one call to adopt — run `whisper verify --trustless` today with no account, then POC → pilot → enterprise.

> **"Will you still be here in five years — and does adopting you touch my firmware or my uptime?"**
> Real address space, your tenant, zero firmware change. AS219419 and founders who operated core
> internet registries and DNS aren't a burn-rate story. The graph and logs run on-prem or in your own
> tenant, the identity plane fails open so our uptime never gates an asset, and the identity is derived
> from the key the asset already holds — no re-flashing a brownfield fleet. Every mint and revoke is in
> the Bitcoin-anchored transparency log, and the trustless verify path lets you audit the core claim
> without trusting us at all. *Additive* also means low switching cost in both directions — the safest
> way to start.

---

## Keep your stack. Close the two seams.

Whisper is the attribution and identity layer that sits on top of the OT visibility and SOC you already
run — additive, mapped to your standards, flat to price, and it makes the MUD your devices already
declare enforceable. Keyless to try, one call to provision, one more to revoke.

Secure your assets → <https://console.whisper.security/sign-up> · [For OT security →](/for-ot-security)

Or run `whisper verify --trustless` right now — our API isn't in the trust path.

---

*Whisper for OT · Identity on the wire for industrial assets · AS219419 · 2a04:2a01::/32*
*© viaGraph B.V. (dba Whisper Security)*
