ServiceNow has agreed to acquire cybersecurity startup Armis for $7.75 billion in cash, marking its largest acquisition to date and a defining moment in the company’s evolution beyond IT service management. The deal represents a major expansion into full-spectrum security and cyber exposure management across IT, operational technology (OT), Internet of Things (IoT), and connected medical devices, significantly reshaping ServiceNow’s role in the enterprise technology stack.
At the heart of the acquisition is Armis’ strength in real-time, agentless asset discovery and exposure management across both managed and unmanaged environments. This capability complements ServiceNow’s existing portfolio of security operations, incident response, governance, risk, and compliance tools. Together, the two platforms aim to deliver deeper visibility into enterprise attack surfaces while enabling faster, more automated remediation through integrated workflows.
For enterprises, the transaction addresses a long-standing gap in ServiceNow’s offering. While the company has been widely adopted as a workflow-centric platform, proactive asset visibility and exposure management had largely sat outside its core capabilities. With Armis integrated into the ServiceNow AI Platform, organisations can now link detailed device-level context with orchestration and remediation workflows, shifting security operations from reactive response to proactive risk management.
This integration comes at a time when enterprises are grappling with rapidly expanding and fragmented attack surfaces. Beyond traditional IT and cloud environments, organisations must now secure industrial systems, healthcare devices, and other cyber-physical assets. The combined ServiceNow–Armis platform directly targets this complexity, offering a unified approach that few competitors currently match at scale.
Strategically, the acquisition accelerates ServiceNow’s transformation from a leading ITSM and workflow provider into a security-centric enterprise platform. The combined stack enables a “see–decide–act” model that connects asset telemetry to business impact, prioritisation, and response. It also strengthens ServiceNow’s position in OT-heavy industries such as manufacturing, healthcare, and critical infrastructure.
The move is expected to alter competitive dynamics across enterprise software and cybersecurity markets. While major players like Microsoft and Salesforce continue to embed security into broader platforms, ServiceNow’s approach stands out by deeply integrating exposure intelligence into operational and business workflows. For traditional point security vendors, the deal raises customer expectations around automation, contextual risk intelligence, and native workflow integration.
More broadly, the acquisition reinforces a clear industry trend: security is no longer a peripheral capability but a foundational pillar of enterprise platforms. As consolidation accelerates, platform-driven models that tightly integrate security, governance, and operations are likely to define how enterprise technology is built, sold, and consumed going forward.
