{"id":6336,"date":"2025-12-24T03:30:20","date_gmt":"2025-12-24T03:30:20","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=6336"},"modified":"2025-12-24T03:30:20","modified_gmt":"2025-12-24T03:30:20","slug":"servicenows-7-75-billion-cash-deal-for-armis-illustrates-shifting-strategies","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=6336","title":{"rendered":"ServiceNow\u2019s $7.75 billion cash deal for Armis illustrates shifting strategies"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

ServiceNow has agreed to buy cybersecurity vendor Armis for $7.75 billion in cash, it announced Tuesday. \u00a0This builds on its December purchase of identity security vendor Veza, and the closing of its acquisition of AI vendor Moveworks.<\/p>\n

Analysts and cybersecurity practitioners mostly applauded the move, but cautioned that this could force CIOs and CISOs away from a best-of-breed strategy and into a classic suite approach, where the individual elements may be merely good enough.<\/p>\n

\u201cThis is an extension of what we have been seeing at the ERP application layer,\u201d said Scott Bickley<\/a>, an advisory fellow at the Info-Tech Research Group. \u201cServiceNow is basically saying \u2018We don\u2019t want to be a point solution. We want to be the platform by which you coordinate and solve all of your problems.\u2019\u201d<\/p>\n

Bickley noted that this trend has been ongoing for a few years, with many of the largest vendors trying to offer suites that deliver everything. \u201cMicrosoft was the initial poster child of this,\u201d he said. \u201cThey are going to start to embed [AI and cybersecurity] capabilities into their suites and bundles, where you don\u2019t necessarily have an opt-out solution. You will get \u2018maybe good enough\u2019 versus best of breed.\u201d<\/p>\n

But looking at ServiceNow\u2019s two other recent acquisitions, Veza<\/a> and Moveworks<\/a>, could suggest parallel strategies. \u201cServiceNow has hedged their bets without saying that they are hedging their bets,\u201d Bickley said.\u00a0<\/p>\n

Pablo Stern<\/a>, EVP and general manager of tech workflow products at ServiceNow, confirmed in an interview that the Armis acquisition is the largest in ServiceNow\u2019s history. He added that the companies have been partnering \u201cfor well more than two years.\u201d<\/p>\n

ServiceNow\u2019s statement about the Armis deal<\/a> described the two firms as creating \u201ca unified, end-to-end security exposure and operations stack that can see, decide, and act across the entire technology footprint.\u201d It said that it expects to fund the transaction through a combination of cash on hand and debt. The deal is expected to close in the second half of 2026, subject, as always, to regulatory approvals and closing conditions.<\/p>\n

Pressure from Agentic AI<\/h2>\n

The statement quoted ServiceNow COO Amit Zavery suggesting that agentic developments are a key part of the strategy.<\/p>\n

\u201cIn the agentic AI era, intelligent trust and governance that span any cloud, any asset, any AI system, and any device are non-negotiable if companies want to scale AI for the long-term,\u201d Zavery said in the announcement. \u201c<\/strong>Together with Armis, we will deliver an industry-defining strategic cybersecurity shield for real-time, end-to-end proactive protection across all technology estates. Modern cyber risk doesn\u2019t stay neatly confined to a single silo, and with security built into the ServiceNow AI Platform, neither will we.\u201d<\/p>\n

The soaring popularity of autonomous agents that figure out on their own how to perform various tasks has concerned many cybersecurity executives, as the risk of security holes created by enterprise agentic trials<\/a> is becoming clear.\u00a0<\/p>\n

Most cybersecurity practitioners saw the move as the latest indicator that CIOs and CISOs must rethink how they do their jobs, given how AI is forcing changes in data management and data leakage.\u00a0<\/p>\n

Visibility is the key<\/h2>\n

\u201cFor decades, the CIO\u2019s white whale has been a precise, real-time Configuration Management Database [CMDB]. Most are outdated the moment they are populated,\u201d said Whisper Security CEO Kaveh Ranjbar<\/a>. The Armis acquisition \u201cis an admission that in an era of IoT, OT, and edge computing, you cannot rely on manual entry or standard agents anymore. The system of action needs to own the system of record for the unmanaged world. For CIOs, this signals that automated, continuous discovery is now the only acceptable standard for IT asset management. You can\u2019t automate workflows on assets you don\u2019t know exist.\u201d<\/p>\n

The lesson, Ranjbar said, is different for the CISO. \u201cCISOs have historically suffered from the swivel-chair problem: one screen shows the vulnerability and another screen is needed to patch it. This deal collapses that gap. It validates that visibility is the new perimeter. As OT and IT converge, the attack surface has become too complex for fragmented tools. CISOs should view this as a mandate to consolidate their visibility stacks.\u201d<\/p>\n

Sanchit Vir Gogia<\/a>, the chief analyst at Greyhound Research, agreed that this acquisition will likely accelerate IT and security structural changes.\u00a0<\/p>\n

\u201cThis acquisition represents a fundamental repositioning of ServiceNow from a coordination layer into an operational authority. Buying Armis is not about expanding a security portfolio. It is about owning the upstream constraint that determines whether modern enterprises can govern complexity at all,\u201d Gogia said. But without knowing what is connected across IT, OT, IoT, and other physical environments, \u201cworkflow automation, AI governance, and risk prioritization all collapse into theatre,\u201d he observed, adding that the deal could remove long standing fragmentation between discovery tools, CMDBs, service mapping, ticketing, change management, and remediation. \u201cIf executed well, it could finally address one of the enterprise\u2019s most persistent failures,\u201d he said.<\/p>\n

Gogia added, \u201ccontinuous discovery tied to business context has the potential to turn the CMDB from a negotiated artefact into a living system. That would change how incidents are resolved, how changes are governed, how audits are passed, and how accountability is assigned.\u201d<\/p>\n

Reveals architectural debt<\/h2>\n

Given that the deal is not expected to be closed until next summer, executives should temper their timeline expectations.<\/p>\n

The 2026 second half closing date \u201cimplies a prolonged transition period where integration depth, roadmap clarity, and packaging decisions will evolve. CIOs should plan for ambiguity, not assume instant unification. Early value will come from visibility, [therefore] full platform value will take time,\u201d Gogia said.\u00a0<\/p>\n

Another consultant, Yvette Schmitter<\/a>, CEO of the Fusion Collective consulting firm, said the deal is sitting atop years of bad enterprise\u00a0IT strategy.<\/p>\n

\u201cThis acquisition exposes more than ServiceNow\u2019s strategy. It reveals the architectural debt hiding in every enterprise security stack that CIOs have been promising to address \u2018next quarter\u2019 for the past three years,\u201d Schmitter said. \u201cServiceNow just signaled that platform plays will dominate over point solutions, and they\u2019re willing to fund it with debt to move quickly while enterprises are still running budget committee meetings about tool sprawl.\u201d<\/p>\n

She observed, \u201cthe valuation for Armis tells you the market assigns premium multiples to cyber-physical capabilities spanning IT, OT, and<\/em> medical devices. Translation: that patchwork of legacy security tools you\u2019ve been defending as \u2018best of breed\u2019 just became technical debt you can\u2019t explain to the board. CIOs need to audit their current security tool sprawl and map total cost of ownership before vendors make that case for them with renewal pricing that reflects your lack of alternatives.\u201d<\/p>\n

The question, she said, \u201cis no longer whether to consolidate, but whether your organization controls the timing and terms of that consolidation.\u201d<\/p>\n

Cybersecurity consultant Brian Levine<\/a>, a former federal prosecutor who today serves as executive director of FormerGov, said that Armis executives were evaluating going public before they decided to accept the ServiceNow offer.<\/p>\n

\u201cFor Armis, skipping the IPO and joining ServiceNow is a signal that the market for standalone device\u2011security platforms is consolidating fast, and scale wins,\u201d Levine said. \u201cThe line between workflow, risk, and security is disappearing, and ServiceNow wants to own the convergence point.\u201d\u00a0<\/p>\n

Aaron Painter<\/a>, CEO of authentication vendor Nametag, added that part of the IT confusion is that product names no longer mean what they once meant.\u00a0<\/p>\n

\u201cMany of the workflows ServiceNow already automates are now security workflows, even if they\u2019re still labeled as operations. Onboarding and offboarding, incident response, asset exceptions, vendor access, and change management all involve decisions that directly shape security outcomes,\u201d Painter said. \u201cLooked at alongside ServiceNow\u2019s earlier acquisition of Veza, the strategy becomes clearer: ServiceNow is trying to connect asset visibility with identity and access intelligence, so the platform understands not just what devices exist, but who has access, why they have it, and whether that trust still makes sense over time.\u201d<\/p>\n

This article originally appeared on CIO.com<\/a>.<\/em><\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

ServiceNow has agreed to buy cybersecurity vendor Armis for $7.75 billion in cash, it announced Tuesday. \u00a0This builds on its December purchase of identity security vendor Veza, and the closing of its acquisition of AI vendor Moveworks. Analysts and cybersecurity practitioners mostly applauded the move, but cautioned that this could force CIOs and CISOs away […]<\/p>\n","protected":false},"author":0,"featured_media":6330,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-6336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6336"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6336"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6336\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/6330"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}