ServiceNow has announced its intent to acquire proactive security platform vendor Armis in a cash deal valued at $7.75 billion. The move highlights continued consolidation in the proactive security market, with yet another vendor that was on a trajectory for the next cyber IPO being acquired. The deal is expected to close in late 2026.

Why The Armis Acquisition Makes Sense

Proactive security platforms support the three principles of proactive security: visibility, prioritization, and remediation. While ServiceNow’s Vulnerability Response product already has strengths in remediation, Armis provides more visibility on different types of asset classes and modern prioritization methods, notably OT and IoT. Armis began as an IoT company before offering OT and IoMT coverage and has been offering exposure management since 2024 through its Centrix platform. Coupled with ServiceNow’s recent acquisition of IAM vendor Veza, the Armis deal drastically expands ServiceNow’s ability to support different asset classes.

These acquisitions place ServiceNow on the path to becoming a legitimate proactive security platform vendor — but buyers first need to see how ServiceNow can successfully onboard and integrate Armis into its SecOps and Vulnerability Response products. Armis will allow users to collect visibility on more asset types, prioritize exposures in a modern and dynamic way with Armis’ attack path mapping, and further improve remediation and response with Armis’ remediation augmentation capabilities through its 2025 Silk Security acquisition.

How ServiceNow onboards Armis remains to be seen. ServiceNow typically builds products natively and has been undergoing projects to refactor its data architecture, which will add more complexity to the integration. This is the largest acquisition ServiceNow has made, with Armis growing into a large company supporting thousands of customers using Centrix to manage millions of assets. The acquisition makes sense, but how the integrations and licensing play out is paramount to its success.

On the OT side, ServiceNow previously acquired Mission Secure in 2024 to improve ServiceNow’s asset discovery and classification within ICS/OT networks. Although it improved workflows from an ICS operator perspective and slightly expanded ServiceNow’s security capabilities, it did not gain much customer traction. With Armis, ServiceNow is acquiring a Leader in the IoT security sector and a Strong Performer in the OT security space, according to Forrester’s evaluative research. This will make the integration of the Armis platform into the greater ServiceNow offering more significant, as ServiceNow can leverage the existing ICS workflows it has from Mission Secure and provide value to both operators and security analysts. Just as we’ve seen an integration of management and security operations platforms improving collaboration with IT, this type of platform could improve collaboration between operations and OT SecOps.

Existing ServiceNow customers should view this as a positive — but current Armis customers must recognize that features they currently utilize, such as vulnerability management and threat intelligence, are at risk of being sunsetted or buried into ServiceNow’s SKUs and big product ecosystem. Touted benefits for Armis customers, like integrations with ServiceNow’s ITSM and CMDB products, are already available in Armis Centrix and widespread in most of today’s UVM products.

We know that not every acquisition of a cyber company by a tech company plays out. Just because big companies buy good products doesn’t mean the good product will integrate well, continue to gain traction, fit into the culture or SKUs, or complement that vendor’s go-to-market and sales teams. These are all factors to consider when weighing the success of the ServiceNow and Armis merger.

To discuss your options and strategize on how to make the best use out of this announcement, Forrester clients can set up a guidance session or inquiry with either of us.