ServiceNow acquired Armis, a cybersecurity exposure management company, for $7.75 billion in cash in a move that will triple the company's addressable market in security.
For ServiceNow, the Armis deal expands its cybersecurity reach and can accelerate growth for its Security, Risk and Operations Technology (OT) portfolio, which delivered more than $1 billion annual contract value in the third quarter. Armis flagship offering is Centrix, a cyber exposure management platform that has real-time visibility, risk assessment and proactive protection. Centrix aims to secure IT, OT, internet of things and medical devices.
Armis has more than $340 million in annual recurring revenue and growth of 50%. Armis, founded in 2015, has about 950 employees that will join ServiceNow.
ServiceNow will be able to integrate Armis Centrix with its AI agents and workflow tools. ServiceNow Autonomous Risk and Security aims to unify cybersecurity and risk operations on one platform. “Autonomous IT only works if platforms can see, decide, and act in one system. Armis gives ServiceNow the ‘see’ layer it needed to make that vision credible," said Constellation Research analyst Chirag Mehta.
Armis, which competes with Nozomi Networks, Claroty, Dragos, Microsoft, Palo Alto Networks and Fortinet among others, is on multiple Constellation Shortlists:
- Constellation ShortList™ Healthcare Medical Device Security
- Constellation ShortList™ Operational Technology Security
- Constellation ShortList™ Healthcare IT Security
With the Armis deal, ServiceNow also gets a cybersecurity platform that reaches multiple industries including manufacturing, telecom, retail, logistics, automotive, energy and health care. Armis also has a public sector footprint.
In a statement, ServiceNow said the plan is to create a unified security exposure and operations stack. Amit Zavery, president, chief operating officer and chief product officer at ServiceNow, said "together with Armis, we will deliver an industry-defining strategic cybersecurity shield for real-time, end-to-end proactive protection across all technology estates."
Yevgeny Dibrov, co-founder and CEO of Armis, said ServiceNow will help its security platform scale.
ServiceNow said Armis will provide cybersecurity data to ServiceNow AI Control Tower, which manages and governs enterprise AI, and pair up with various components of the ServiceNow AI Platform.
Constellation Research's take
Mehta handicapped the ServiceNow and Armis deal and the implications.
“ServiceNow’s acquisition of Armis reflects a clear recognition that workflow orchestration alone is no longer sufficient to manage cyber risk in an AI-driven enterprise. As AI adoption expands the attack surface beyond traditional IT into operational technology, medical devices, and unmanaged assets, ServiceNow needed deeper, real-time visibility into what is actually connected and exposed. Armis fills this gap by bringing continuous, agentless asset intelligence and exposure management that extends across IT, OT, and cyber-physical environments. The strategic value lies in pairing Armis’ real-time exposure context with ServiceNow’s ability to prioritize, govern, and act through workflows, moving customers from reactive security operations toward measurable, continuous risk reduction. This deal positions ServiceNow to compete not as another security point product, but as an AI-native control plane where exposure intelligence is directly translated into enterprise action.
ServiceNow had already established itself as a strong orchestration layer for security, risk, and IT operations, supported by CMDB and AI-driven workflows. However, it depended heavily on external tools for asset discovery and exposure data, especially for unmanaged, non-IT, and cyber-physical environments. This created a structural gap: ServiceNow could route and govern work, but it did not natively “see” the full attack surface with sufficient fidelity or timeliness to support autonomous decision-making. Armis brings precisely what ServiceNow lacked: real-time, agentless discovery and classification across IT, OT, IoT, and medical devices, combined with deep exposure analytics. Its strong adoption across Fortune 100 enterprises and public-sector organizations demonstrates that this capability is already trusted at scale.”
More:
