Announced just before Christmas, the acquisition of Armis, an Israeli-founded specialist in cyber-physical security established in 2015, for $7.75 billion in cash, marks ServiceNow’s largest deal to date.
The operation, which is expected to close in the second half of the year, aims to triple ServiceNow’s cybersecurity footprint, which surpassed $1 billion in revenue in the third quarter of 2025, by extending its newly unified platform of “Cyber Exposure Management” to critical sectors such as manufacturing, healthcare, and infrastructure.
Complementarity of Technologies
Built on an agentless approach, Armis has established itself as a key player in real-time asset discovery and cyber exposure management. Its platform covers IT, OT, IoT environments and connected medical devices, providing continuous visibility into the cyber-physical attack surface.
Armis’ real-time visibility into unmanaged assets (OT, IoT, cloud) will enrich ServiceNow’s Configuration Management Database (CMDB) with contextual data on vulnerabilities and anomalous behaviors. This data will then feed ServiceNow workflows to automate risk prioritization, incident management, and remediation, all while taking business criticality into account.
For example, this could shorten the average time to resolve OT incidents in manufacturing, strengthen real-time protection for medical devices, or anticipate threats to sensitive assets.
“We are building the security platform of tomorrow for the AI era,” sums up Amit Zavery, Chief Operating Officer of ServiceNow.
By combining IT workflows, automation, and cyber-physical visibility, the publisher positions itself against specialized players such as Palo Alto Networks or CrowdStrike, with a more cross-cutting and business-oriented approach.
Armis and ServiceNow were already partners, which should facilitate a faster integration.
