ServiceNow Buys Cybersecurity Company Armis for $7.75 Billion—Here's What That Means

ServiceNow, a company that helps large organizations manage their work and security, has agreed to buy Armis, a smaller cybersecurity firm, for $7.75 billion, according to Reuters. The deal should close in the second half of 2026. This is one of the biggest purchases ServiceNow has ever made.

ServiceNow says this deal will triple the size of the potential market for its security business. If that happens, security would become much more important to the company overall, not just a side feature.

What Armis Does

Armis specializes in something called "device visibility" — essentially, it helps companies see and track all the devices connected to their networks without having to install software on each one. This matters because many organizations have devices that can't easily run standard security software: machines on factory floors, medical equipment in hospitals, smart building systems, and other specialized devices that run for years without updates.

Armis watches what these devices do, builds a picture of normal behavior, and flags when something looks wrong. The key advantage: it does all this without needing permission to install an agent (software) on the device itself.

Most large companies today run a mix of different types of devices and systems: computers in offices, servers in the cloud, machines in factories, and equipment in buildings. Putting all that information in one place — seeing everything at once — has been a persistent headache. Armis offered a way to solve that problem for some of the hardest cases: industrial, healthcare, and critical infrastructure sectors.

Why ServiceNow Wanted Armis

ServiceNow has spent the last several years building up its security capabilities. The company's core strength is automating business processes — the workflows and rules that help organizations run smoothly. Its strategy has been to apply that same strength to security: detecting threats, deciding what to fix first, actually fixing them, and keeping records of it all.

The addition of Armis gives ServiceNow something it did not have before: the raw data about what devices are on the network. Instead of relying on information from other companies' security tools — and dealing with messy connections between systems — ServiceNow would now own this foundational piece. Think of it like the difference between a restaurant that receives ingredients from many different suppliers versus owning its own farm: you have more control and better quality.

The claim about tripling the market size makes sense in one specific way. Right now, ServiceNow mostly sells to IT departments and security teams in offices. Armis's strength is in places like power plants, factories, and hospitals — places that have very different security needs and where ServiceNow has not had much presence before.

How This Fits the Bigger Picture

The enterprise security market has been consolidating for years, with the biggest security companies buying up smaller ones to get new capabilities. Palo Alto Networks, CrowdStrike, and Microsoft have all pursued similar strategies — buying companies to offer more complete security solutions.

ServiceNow is not trying to outdo the pure security companies on threat detection. Instead, it is betting that organizations want one platform that connects all their security work into their broader business processes. The Armis acquisition deepens that bet: now ServiceNow would own both the data about what is on your network and the systems to actually respond to problems.

This is a pattern we have seen in enterprise software before. When Salesforce bought MuleSoft for $6.5 billion in 2018, the idea was similar: own the layer that connects everything together, so customers rely less on third-party add-ons and stick with your platform longer.

Challenges Ahead

A deal this big and this complex is risky. Armis has spent years building software that works with industrial equipment and medical devices. ServiceNow uses a different underlying system for managing data. Making these fit together without losing what made Armis valuable is a serious engineering challenge.

There is also the sales side to consider. Armis has spent years building relationships with people who work on industrial and healthcare security — a very different crowd from ServiceNow's usual customers. ServiceNow will need to keep those relationships going or risk losing customers as the two companies merge.

Regulators in the United States and Europe will also need to approve the deal. With the merger not expected to close until late 2026, there is time for this review to happen.

What This Means for Organizations Using These Tools

If your company already uses Armis alongside ServiceNow's security software, you will want to understand what happens next. Which features get built first? How do the two products connect? What happens to your existing contracts with Armis? Getting clear answers on these points will matter.

The longer-term opportunity here is worth watching. If ServiceNow successfully combines Armis's device visibility with its workflow automation, it would solve a real problem: the gap between knowing something is broken and actually fixing it through a formal, documented process. For many organizations, that gap is still filled with spreadsheets and manual work that should be automated.

The real test will come after the deal closes, when we see what ServiceNow and Armis actually build together. The company's strategy is clear — betting that the future of enterprise security runs through a single platform that handles both seeing the problem and fixing it. Whether that bet pays off will depend on the hard work of integrating these two companies into one coherent product.