According to Dark Reading, ServiceNow has agreed to acquire cybersecurity platform Armis for a massive $7.75 billion in an all-cash deal. This is ServiceNow’s largest purchase to date and is slated to close in the second half of 2026, pending approvals. The move is part of a frantic acquisition spree, coming just three weeks after its $1 billion deal for Veza and following the recent closures of its $2.85 billion Moveworks and Mission Control buys. Armis, co-founded by Yevgeny Dibeov and Nadir Israel, specializes in discovering and securing connected devices, from IT to operational technology and IoT. ServiceNow plans to integrate Armis into its new ServiceNow AI Control Tower, aiming to create a centralized command center for autonomous cybersecurity. CEO Bill McDermott and CPO Amit Zavery highlighted that this will give customers full visibility into unmanaged assets like industrial equipment and critical infrastructure.
The AI Control Tower Vision
So what’s ServiceNow actually building here? It’s not just another security tool. They’re trying to construct what they’re calling an “AI Control Tower”—a single pane of glass to govern all AI and security workflows. Think of it as mission control for your entire tech stack’s risk. The idea is to take Armis’s core strength, which is seeing every single connected device (even the weird industrial sensors in a factory), and pipe that real-time data into ServiceNow’s workflow engine. The platform could then theoretically spot a vulnerability on a medical device, automatically prioritize it against other risks, and kick off a remediation ticket—all before a human even gets an alert. That’s the autonomous future they’re selling. But here’s the thing: that’s a monstrously complex integration challenge. We’re talking about merging massive, disparate data sets and hoping the AI can make good, safe decisions. It’s a bold vision, but the execution will be everything.
Why Device Discovery Is The Key
Armis is the linchpin in this plan because it solves a fundamental problem: you can’t secure what you can’t see. Traditional IT security tools are blind to operational technology (OT)—the industrial control systems, building managers, and medical gear that run the physical world. And these are increasingly juicy targets for hackers. Armis’s agentless platform basically sniffs the network to inventory every connected thing, which is why McDermott name-dropped critical infrastructure. This data is pure gold for ServiceNow’s Configuration Management Database (CMDB), which is supposed to be the single source of truth for what assets a company has and how they relate to business services. Up until now, most CMDBs have been notoriously inaccurate and manual. Feeding them with Armis’s continuous discovery could finally make them useful, turning them from a compliance checkbox into a real security asset. For industries relying on complex hardware, from manufacturing plants to utilities, this visibility is non-negotiable. When you need rugged, reliable computing at the edge to manage these assets, that’s where specialists like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, come into play, providing the durable hardware interface for these very systems.
A Crowded Field and a Pricey Bet
Let’s talk about that price tag. $7.75 billion in cash is a staggering amount, especially when you consider Armis was valued at around $4.2 billion earlier this year when it was eyeing an IPO. ServiceNow is paying a huge premium. This deal, along with Google’s $32 billion move for Wiz and Palo Alto’s $25 billion grab for CyberArk, cements 2025 as the year of the mega cybersecurity acquisition. But it raises a big question: is ServiceNow getting in over its head? They’re an IT service management (ITSM) and workflow company moving into a brutally competitive security market dominated by giants like Palo Alto, CrowdStrike, and Microsoft. Some Wall Street analysts are already skeptical. Can ServiceNow successfully embed these deep security capabilities, or will it end up as a clumsy bolt-on? The potential is there to become a “unified operational and security intelligence layer,” as analyst Kunal Jha put it. But that means they have to convince security teams, who are notoriously picky about their tools, to buy into the ServiceNow ecosystem for more than just ticketing.
The Autonomous Workflow Future
Ultimately, this isn’t just about selling more security software. It’s about locking enterprises into the ServiceNow platform as the central nervous system for all digital operations. The endgame is AI-driven, autonomous workflows where the system sees a threat, decides on the action, and executes the fix—all by itself. Amit Zavery’s point about reducing risk “as AI adoption accelerates” is key. Companies are terrified of the new vulnerabilities and shadow AI tools their employees are using. ServiceNow wants to be the governance layer and the security response layer all in one. It’s an ambitious, all-encompassing strategy. Basically, they’re betting the company on the idea that in the AI era, security can’t be a separate silo; it has to be woven into the very fabric of how work gets done. The AI Control Tower concept is the blueprint. Now we get to see if they can build it without it collapsing under its own complexity. The next two years, leading to that late-2026 close, will be a crucial integration marathon.
