ServiceNow’s Amit Zavery: Armis, Veza Acquisitions Aim To Strengthen Platform Cybersecurity Posture

ServiceNow agreed to acquire cyber exposure management vendor Armis for $7.75 billion in an all-cash deal, strengthening its AI-native security workflow platform and adding real-time asset visibility and risk prioritization as ServiceNow expands its end-to-end cybersecurity and governance strategy, says ServiceNow President, COO and Chief Product Officer Amit Zavery.

ServiceNow is making one of its biggest security bets to date with its move to acquire cyber exposure management vendor Armis for $7.75 billion in an all-cash transaction.

The deal, slated to close in mid-2026, aims to significantly expand ServiceNow’s push to build an AI-native, end-to-end security platform that spans IT, OT, cloud, and connected devices.

The acquisition, unveiled Tuesday, aims to strengthen ServiceNow’s security workflow portfolio by tightly integrating Armis’ real-time asset discovery, threat intelligence and risk prioritization capabilities with ServiceNow’s automation, remediation and response workflows, said ServiceNow President, COO and Chief Product Officer Amit Zavery.

ServiceNow’s core business continues to grow, and it has delivered 20-plus percent revenue growth every fiscal quarter of the last decade, Zavery told CRN. On top of that is the opportunity ServiceNow sees with AI and security, he said.

“AI is creating a lot of customer concern around security,” he said. “How do you protect the environment? How do you protect things which are machine-oriented or which are agent-driven? And how do you take on AI in a secure manner? That is the thinking we’ve been having with many of our customer discussions. Our security business crossed a billion dollars last quarter. It has been growing very fast because of the concerns customers have around managing incidents and protecting themselves proactively.”

ServiceNow has a vision around the idea of autonomous cybersecurity, with ServiceNow AI Control Tower to provide discovery, visibility, management, and associated auditing and risk compliance, Zavery said.

“If you look at the opportunity with Armis, they really create this ability for us to do this exposure management,” he said. “We already been integrated with Armis via a lot of joint customers. The space they are in complements very much where we are seeing a lot of demand with the rest of our ServiceNow portfolio, and specifically the security portfolio.”

Exposure management is basically any kind of vulnerability in an environment, Zavery said.

“How do you understand a vulnerability and what is the exposure to you so that you can manage it from the security posture, remediation, and threat detection, and then take care of it so that all the exposures from any kind of threats are completely contained and you have full visibility and control over it,” he said. “It’s a pretty broad set of capabilities required to do this holistically and together with the ecosystem by working with a lot of third parties. Providing a full end-to-end solution is really where Armis is a prize. They are a leader in the Magic Quadrant from Gartner. And they are an extension to what we do with our CMDB (Configuration Management Database).”

With the capabilities that Armis brings, ServiceNow will see a significant boost in its business, Zavery said.

“With the combination of Armis with exposure management, managing all the different devices be it IT or OT, as well as agents and the security postures around that, we can collect all the data, proactively monitor everything, proactively remediate issues, and integrate that into our workflow,” he said. “We now will have a full end-to-end solution which triples our security camp, increasing it from $30 billion to $100 billion, which gives us another growth trajectory and a vector in a space which is changing drastically.”

A lot of that has traditionally been done in a fragmented way with multiple vendors, Zavery said.

“We’re bringing those pieces together into a platform perspective, just like we’ve done with other things at ServiceNow,” he said. “We’re bringing that data, that unique understanding of all the different devices and OT operational elements and the agent part, and then combining that with ServiceNow. We believe it’s a game changer and a great opportunity for ServiceNow and a great value for our customers, because they really need the solutions today.”

ServiceNow plans to fund the transaction using a mix of cash on hand and debt. The deal is expected to close in the second half of 2026, subject to regulatory approvals and customary closing conditions. Once finalized, Armis’ approximately 950 employees will join ServiceNow.

Integration should be fast, Zavery said.

“We already integrate with Armis,” he said. “We have a lot of joint customers. We will, of course, make it even more seamless. There are also a lot of areas where we believe we can extend that capability and provide even more solutions which Armis has been building out and we’ve been building out. We can jointly speed up our roadmaps as well.”

The timing of the acquisition is notable. Armis announced just last month that it had raised $435 million in new funding at a $6.1 billion valuation, while continuing to prepare for a long-anticipated IPO. Armis executives have publicly discussed IPO readiness for several years, and the company has shown strong financial momentum. Armis recently surpassed $300 million in annual recurring revenue, representing more than 50 percent year-over-year growth, and said it is on a path toward $1 billion in ARR.

Founded in 2016 and based in San Francisco, Armis has been one of the most heavily funded cybersecurity vendors in recent years, raising more than $1.06 billion across four funding rounds since early 2021. Its most recent funding round was led by Growth Equity at Goldman Sachs Alternatives. The vendor has focused on delivering deep visibility into IT, OT and unmanaged devices, a growing concern as enterprises contend with expanding attack surfaces.

ServiceNow, meanwhile, has steadily expanded its security portfolio through both product development and acquisitions. Earlier this month, the company disclosed plans to acquire identity security startup Veza in a deal reportedly valued at least $1 billion.

Zavery declined to comment on the acquisition cost around Veza, other than to say it was a much smaller transaction than with Armis.

Veza is the market leader for incident management, remediation, and triaging, usually post-breach, he said.

“What we expect to do with Veza is to really get awareness of identity associated with any kind of non-humans as well as humans in terms of what kind of access they have,” he said. “Veza has something called Access Graph which keeps track of every access on any kind of systems, looking at whether things people are trying to access are allowed or not, especially around AI agents. Millions of AI agents are running around without any kind of control. You can end up with security issues. Veza protects you from those assets by providing the right privileges, revoking privileges, maintaining and managing them, auditing all those privilege issues, and providing full insight so that your governance around human and non-human identities can be managed properly.”

Veza provides identity governance, while Armis provides exposure management, Zavery said.

“This is a full end-to-end play on the cybersecurity space, and allows us to expand our platform capabilities to meet some of these newer emerging requirements,” he said.

David Harris contributed to this report.