ServiceNow to buy Armis for $7.75B to expand device security

Gregory Zuckerman
By Gregory Zuckerman
Business
7 Min Read

ServiceNow announced its intent to acquire the cybersecurity startup Armis in an all-cash deal valued at $7.75 billion that will help strengthen the cloud computing giant’s massive but rapidly evolving workplace software portfolio across digital workflows.

The deal also puts ServiceNow squarely into device and operational technology security, extending its footprint from cloud assets to network endpoints within enterprise risk and critical infrastructure protection.

Table of Contents
The ServiceNow logo, featuring servicenow in black lowercase letters with the o in now replaced by a green circle, set against a professional light gray background with a subtle geometric pattern.

Nine-year-old Armis, which is probably best known for its agentless device security and asset intelligence platform, says it has an annual recurring revenue of $340 million with year-over-year growth clocking in at over 50%. Its technology is deployed by Fortune 500 organizations and leading government agencies to discover, monitor, maintain, and secure unmanaged devices within IT/OT, IoT/M2M, medical, and industrial control networks.

Why Armis is a fit with ServiceNow’s platform

“The power of ServiceNow is the orchestration of workflow across a single system of record,” said Ms. Cecil, who added that the company is working with eLife Sciences on an implementation for grant requests and has been involved early in discussions but has yet to adopt it into its products. Armis essentially slides into that and helps feed its asset intelligence to ServiceNow’s Configuration Management Database as well as Security Operations, Vulnerability Response, and Operational Technology. The net effect is fewer blind spots for when a vulnerable PLC (programmable logic controller) on a factory line or an unpatched medical device connects to the network and instant, automated response.

Armis staked its reputation on agentless discovery at an enormous scale, mapping device behavior and risk with a large device knowledge base. Attaching that telemetry to ServiceNow’s playbook can have real-world consequences: automatic ticket creation for high-risk findings, maintenance work orders for OT assets, coordinated change windows to fix things without taking production down.

The merger also fills a chronic void for enterprises fighting to align IT and OT security. As boards demand a holistic view of cyber risk, integrating Armis’ asset context into ServiceNow’s risk dashboards and third-party risk modules enables security leaders to have a more defensible, audit-ready view on exposure.

The multiple equates to a theoretical ARR valuation of around 23x, which represents a premium for Armis’ growth profile and the dearth of OT and IoT security assets at scale. It also highlights a broader wave of consolidation in cybersecurity. In a recent Gartner survey, 75 percent of organizations said that they are consolidating how many security vendors they work with, compared to 29 percent in 2020, and the firm is projecting global spending on security and risk management to hit over $215 billion in 2024.

Armis had already raised $435 million in a pre-IPO round at a $6.1 billion valuation, but after the rocky path to public markets for many cybersecurity issuers in recent years, selling now was appealing. A cash exit at a larger valuation provides certainty, and gives ServiceNow something that the competition cannot easily copy.

The deal comes at a time of increasing demand for data-rich security platforms. Cisco’s purchase of Splunk underscored the hunger for end-to-end visibility into IT operations and security. ServiceNow, on the other hand, is weaving together workflow, AI-guided automation, and now deep device intelligence to emerge as the operating system for security and resilience.

Effect on customers and competitors across security markets

For existing ServiceNow customers, the near-term upside is closer integration between asset discovery and remediation workflows. Anticipate:

A hand holding a shield icon with AI on it, representing artificial intelligence security, alongside a password field and a lock icon, all surrounded by binary code.
  • Out-of-the-box integrations that automatically map Armis’ device insights to vulnerability and incident response playbooks
  • Policy-driven actions that facilitate seamless collaboration across SecOps, IT, and OT without manual handoffs

For Armis customers, the deal means richer enterprise-wide reporting capabilities, better risk scoring based on business service, and access to ServiceNow’s global support and partner ecosystem. It can also drive cross-sell into identity, access, and data security flows as companies will be looking for platform coverage over point solutions.

Competitive dynamics will sharpen. Players such as Claroty, Nozomi Networks, and Dragos have already built up sizable footprints in the OT security space. In larger endpoint and XDR markets, CrowdStrike, Palo Alto Networks, Microsoft, and Cisco are bundling together endpoint, identity, and network analytics. ServiceNow’s wager is that workflow-native automation plus best-in-class device intelligence will drive differentiation on time-to-remediation and total cost of ownership.

Deal dynamics and backers behind the acquisition strategy

The deal brings ServiceNow to the end of a frenzied buying spree; it has also agreed recently to acquire Moveworks for $2.85 billion and Veza for $1 billion, in what indicates its intention to meld AI assistants, authorization security, and device intelligence into a single platform.

Armis had raised about $1.45 billion from investors including Sequoia, CapitalG, and Insight Partners, developing both product breadth and a massive go-to-market engine.

The cash structure is sending a clear message: ServiceNow will pay for category leaders that expand the reach of the Now Platform into adjacent high-growth markets. With Armis’ presence in regulated industries and critical infrastructure, look to integration governance, data residency, and certifications as the companies consolidate offerings under one umbrella.

What to watch next as integration and approvals progress

Are there going to be trigger points you are looking at that will tell you this is on track, such as regulatory approvals, more product integration, or mass-market bundling?

Stay on the lookout for:

  • Early releases that feed Armis asset intelligence directly into ServiceNow’s CMDB and SecOps suites
  • OT-specific playbooks that accelerate remediation and maintenance workflows
  • Pricing linked to enterprise platform commitments

If ServiceNow resells it, the integrated stack would likely become a default for companies that want to adopt a single operating model for IT, security, and OT — one that reduces device risk to a workflow problem and shortens time from detection to fix.

Gregory Zuckerman
ByGregory Zuckerman
Gregory Zuckerman is a veteran investigative journalist and financial writer with decades of experience covering global markets, investment strategies, and the business personalities shaping them. His writing blends deep reporting with narrative storytelling to uncover the hidden forces behind financial trends and innovations. Over the years, Gregory’s work has earned industry recognition for bringing clarity to complex financial topics, and he continues to focus on long-form journalism that explores hedge funds, private equity, and high-stakes investing.
Latest News