ServiceNow Expands Cybersecurity Stack with Armis Acquisition
The $7.75 billion deal brings asset visibility, identity mapping, and workflow automation into a single set of operations.
News
- ServiceNow Expands Cybersecurity Stack with Armis Acquisition
- UK Banks to Get Mythos Access Amid Global Cybersecurity Concerns
- UAE Cyber Security Council Flags Human Error as Primary Cyber Risk
- Dario Is Wrong: Yann LeCun Refutes Anthropic CEO's AI Job Apocalypse Prediction
- DDoS Attacks Jumped 8x in March, GCC Nations Among Key Targets
- AI Dispatch | 10–16 April 2026
[Image source: Krishna Prasad/MITSMR Middle East]
ServiceNow has completed the acquisition of Armis, a cybersecurity firm specializing in cyber exposure management. The move extends ServiceNow’s platform beyond traditional IT environments into operational and physical asset layers—areas increasingly exposed as organizations deploy agentic AI systems that act autonomously across networks.
The acquisition, valued at approximately $7.75 billion in cash and funded through a mix of existing reserves and debt, brings Armis’ technology and its workforce fully into ServiceNow’s operating structure. The deal follows closely on the heels of ServiceNow’s March 2026 acquisition of Veza, highlighting a buildout of identity and exposure management as foundational layers for AI-driven enterprises.
By integrating Armis’ intelligence with its own workflow and automation stack, ServiceNow aims to close a long-standing gap between visibility and execution in cybersecurity.
At the core of this strategy is a structural problem that has long defined enterprise security: fragmentation. Detection systems generate alerts but lack enforcement capabilities; remediation tools act without full situational awareness. This separation has produced a “detection-to-response gap,” one that becomes more acute as machine identities proliferate and decision-making shifts toward autonomous agents.
In environments where machine identities now vastly outnumber human users, traditional perimeter-based models are increasingly inadequate.
Armis addresses one side of this equation by providing continuous, real-time visibility into all connected assets, including unmanaged and previously opaque devices. Veza complements this by mapping identity relationships—human, machine, and AI—across systems.
Together, these capabilities feed into ServiceNow’s orchestration layer, where context can be translated into action. The company’s framing is explicit: security outcomes should not end at detection but extend through automated remediation, governance, and auditability.
“Most security platforms stop at the alert. ServiceNow closes the loop,” says Amit Zavery, emphasizing the company’s ambition to operationalize security decisions rather than merely surface them. The integration of Armis’ telemetry into ServiceNow’s Context Engine and AI Control Tower reflects this approach, positioning the platform as a control plane for enterprise-wide risk.
The announcement also mentions an AI Center for Cyber Defense, intended as a global hub for developing an architecture of systems capable of autonomous detection, decision-making, and response.
By combining visibility, identity intelligence, and execution within a single platform, ServiceNow is attempting to realign cybersecurity around outcomes rather than tools. Whether this integration can meaningfully reduce the systemic lag between risk detection and response—and at enterprise scale—will define the success of this strategy.
