ServiceNow Acquires Armis for $7.75 Billion in Largest Security Deal of 2025

ServiceNow has agreed to acquire Armis, the asset intelligence and security platform company, for $7.75 billion in cash. The deal represents the largest cybersecurity acquisition of 2025 and signals ServiceNow's aggressive expansion from IT workflow automation into proactive security.

The transaction is expected to close in the second half of 2026, subject to regulatory approvals and standard closing conditions. Both companies' boards have approved the deal.

What Armis Brings

Armis built its reputation on agentless device discovery and security. The platform identifies and monitors connected devices—including operational technology, medical equipment, and IoT sensors—that can't run traditional endpoint agents.

Key capabilities include:

• Asset discovery across IT, OT, IoMT, and cloud environments
• Vulnerability assessment for managed and unmanaged devices
• Threat detection using behavioral analysis
• Segmentation recommendations to limit blast radius

For organizations with large fleets of connected devices—think manufacturing plants, hospitals, and smart buildings—Armis provides visibility that traditional security tools miss. You can't protect what you can't see, and most enterprises dramatically undercount their connected devices.

Armis claims over 400 enterprise customers and tracks data from approximately 5 billion devices. The company raised $200 million in 2024 at a $3.4 billion valuation, making the $7.75 billion acquisition price a significant premium.

ServiceNow's Security Ambitions

ServiceNow already offers Security Operations (SecOps) products that help security teams manage incidents, vulnerabilities, and threat intelligence within its workflow platform. The company has positioned itself as the connective tissue between security tools and business processes.

Adding Armis extends that reach into the physical infrastructure layer. Instead of just orchestrating responses to alerts from other tools, ServiceNow would generate those alerts directly from device monitoring.

In the announcement, ServiceNow emphasized AI integration. The company's Now Platform increasingly incorporates machine learning for workflow automation. Combining that with Armis's asset intelligence creates possibilities for automated remediation—identifying a vulnerable device, creating a ticket, and triggering segmentation changes without human intervention.

Whether that level of automation is desirable depends on your risk tolerance. Automated responses can contain threats faster than humans but can also cause operational disruption if the system gets it wrong.

Why Now?

Several factors make this timing logical.

Connected device security has moved from niche concern to board-level priority. Attacks on manufacturing, healthcare, and critical infrastructure have demonstrated that OT and IoT vulnerabilities translate into real-world consequences. Gartner and other analysts project strong growth in this segment.

Armis had been rumored as an acquisition target for months. The company's growth and customer base made it attractive, but the agentless approach also limits competition with established endpoint vendors. A strategic acquirer could bolt Armis onto an existing platform without cannibalizing other products.

For ServiceNow, security represents a growth vector beyond core IT service management. The company's platform approach means customers already using ServiceNow for ticketing and workflows have low friction to adopt additional modules. Armis becomes another expansion opportunity within existing accounts.

Integration Questions

The deal won't close for at least 18 months, giving both companies time to plan integration. Key questions include:

Platform convergence: Will Armis remain a standalone product, or will its capabilities merge into the Now Platform? Enterprise customers may have preferences, and forcing changes on existing Armis deployments could cause friction.

Go-to-market strategy: Armis sells directly to security teams and through channel partners. ServiceNow sells to IT leaders and has a different partner ecosystem. Aligning these approaches takes time.

Product development: With ServiceNow's resources, Armis could accelerate development. But large acquirers sometimes slow innovation through bureaucracy and shifting priorities.

Competitive Implications

The deal reshapes the competitive landscape. Armis competed with Claroty, Nozomi Networks, Forescout, and others in the OT/IoT security space. Those companies now face competition from a much larger entity.

For SIEM and SOAR vendors that integrate with both ServiceNow and Armis, the acquisition creates uncertainty. Will ServiceNow keep existing integrations, or will it favor its own ecosystem?

Palo Alto Networks, CrowdStrike, and Microsoft—all pursuing platform strategies of their own—now have another reason to watch ServiceNow. Each has made acquisitions in the security space, and ServiceNow's entry raises the stakes for consolidation.

What This Means for Customers

Existing Armis customers should expect continuity through the close. Post-close, expect gradual integration with ServiceNow's platform. Early indications suggest ServiceNow will maintain Armis as a distinct product line, at least initially.

Organizations considering Armis deployments face a decision: proceed now with a product that will soon have a new owner, or wait to see how integration develops. Both approaches have merit depending on urgency.

For ServiceNow customers not currently using Armis, the acquisition creates an eventual option for consolidated asset visibility. Whether that's worth the licensing cost depends on your connected device environment and existing tooling.

The security vendor market continues consolidating. Smaller point products get absorbed by platforms, and platforms compete for the role of central nervous system. Armis joining ServiceNow is another step in that pattern.