ServiceNow is reportedly in advanced talks to buy Israeli cybersecurity startup Armis in a deal that could top $7 billion, according to people briefed on the matter. The reported price would top a $435 million funding round Armis closed last month that valued the company at about $6.1 billion.
Founded in 2016, Armis has built a reputation for discovering and protecting unmanaged and connected devices across corporate networks — everything from industrial controllers to IoT sensors and laptops. The company says it now protects more than 40% of the Fortune 100 and recently crossed $300 million in annual recurring revenue, a figure it has said it expects to grow quickly toward $500 million within the next 18 months.
Why Armis is an attractive buy
For ServiceNow, the logic is straightforward: extend the Now Platform’s reach deeper into security telemetry and device-level visibility. Organizations increasingly expect a single pane for IT operations, security incidents and service workflows; adding Armis’ real-time device-fingerprinting and threat-detection capabilities would plug a clear gap.
The timing also reflects broader market dynamics. Cyber incidents this year have sharpened boardroom focus on resilience, and governments and regulators are nudging—or forcing—companies to treat cyber risk as a strategic, enterprise-wide issue. Practical examples of ongoing risk show up in everything from the recent additions to CISA’s KEV catalog to a string of supply-chain and developer-tool vulnerabilities. Even widely used developer tools aren’t immune: researchers published details about a React Native CLI remote-code execution flaw this year that could let attackers run OS commands. On the Windows side, enterprise updates have sometimes led to unexpected security headaches — like the BitLocker recovery prompts that tripped businesses after a Windows update — underscoring how operational complexity and security are tightly coupled.
Put another way: buyers are paying not only for software, but for the visibility and automation that turn alerts into action across sprawling, mixed environments.
Details, stakes and what might derail the deal
According to reporting, the deal could be announced within days — but that can change. M&A talks of this size often include competing suitors and last-minute shifts in valuation or structure. Armis had been preparing for a potential IPO in 2026–27 even as it expanded through acquisitions and faster ARR growth, and some investors may prefer a public path. Still, the recent private financing led by Goldman Sachs Growth Equity sent a signal that Armis had options and appetite for rapid scaling.
The price tag — up to $7 billion — would modestly top Armis’ latest private valuation. For ServiceNow, the outlay is an investment in security capabilities that map neatly onto its enterprise workflow strengths. For Armis’ founders and staff (the company employs roughly 850 people worldwide), an acquisition would bring immediate liquidity and the infrastructure of a much larger corporate buyer.
Competitors would watch closely. Armis competes in categories that include asset-visibility, cloud and agentless security and OT/IoT protection — spaces where players such as Claroty, Axonius, Rapid7 and Tenable operate. An integration with ServiceNow could shift competitive dynamics by folding device-level signals into incident management and response playbooks at scale.
This is also a moment of consolidation in cybersecurity markets. High-profile breaches, regulatory pressure and the complexity of multi-cloud and edge environments are encouraging companies to buy breadth as well as depth.
If the deal closes, expect a focus on product integration (how quickly Armis’ telemetry lands inside ServiceNow Security Operations and IT workflows), customer retention and cross-selling. If it does not close, Armis still has the hallmarks of a strong standalone growth story: rising ARR, substantial enterprise customers and fresh capital.
Either way, the story is a reminder that device and operational visibility — once a niche conversation — is now central to enterprise security strategy. Keep an eye on official announcements from ServiceNow and Armis over the coming days; given the speed of the sector, quiet talks can become public news almost overnight.