ServiceNow Expands Security Control Plane With Armis Acquisition

/ Application Development, Cyber Security, Enterprise Applications

The News

ServiceNow announced its intent to acquire Armis to expand cyber exposure and cyber-physical security across IT, OT, IoT, and medical devices. 

Analysis

Security Exposure Management Becomes an Operational Requirement

Enterprise security teams are operating in an environment where the attack surface is expanding faster than traditional controls can keep up. AI adoption, cloud-native architectures, connected devices, and cyber-physical systems are converging into a single, continuously changing risk domain. theCUBE Research and ECI data shows that over 70% of organizations are actively investing in AI and automation, while security and compliance remain among the top spending priorities, signaling that innovation and risk are scaling together.

ServiceNow’s planned acquisition of Armis reflects a broader market realization: visibility alone is insufficient without the ability to operationalize response. Exposure management is increasingly viewed as an always-on capability that must integrate directly with operational workflows rather than remain siloed within security tooling.

Impact on the Application Development and Platform Ecosystem

For application developers and platform teams, security is no longer confined to application code or cloud infrastructure. Modern applications increasingly interact with operational systems, edge devices, and regulated environments such as healthcare and manufacturing. This expands the definition of “application security” to include assets and systems developers may not directly control but still depend on.

By pairing Armis’ real-time asset discovery and exposure intelligence with ServiceNow’s workflow automation and CMDB context, the combined platform aims to shorten the path from detection to remediation. For developers, this may translate into clearer prioritization signals (what vulnerabilities actually matter to service reliability, customer experience, and compliance) rather than long lists of abstract findings.

Current Market Challenges and Insights

The dominant challenge in security operations today is prioritization. Organizations struggle with tool sprawl, alert fatigue, and limited ability to correlate risk across domains. AI-powered attacks further complicate this landscape by increasing speed, scale, and unpredictability.

Armis’ strength in cyber-physical and IoT visibility aims to address a growing blind spot as organizations digitize physical environments. When combined with ServiceNow’s AI Control Tower and business-context CMDB, the focus shifts toward understanding exposure in terms of business impact, not just technical severity. This aligns with a broader industry move toward security platforms that “see, decide, and act” within operational timeframes.

Security and Development Practices Going Forward

Looking ahead, exposure management is likely to become more tightly embedded into platform engineering and application lifecycle workflows. Rather than treating vulnerabilities as isolated security issues, teams may increasingly manage them as operational risks tied to services, SLAs, and customer outcomes.

The introduction of more autonomous, AI-driven security workflows does not eliminate human oversight. Instead, it shifts emphasis toward defining policy, acceptable risk thresholds, and response automation. For developers, this could mean fewer manual escalations and clearer feedback loops when architectural or dependency choices introduce meaningful risk.

Looking Ahead

The ServiceNow–Armis combination highlights a broader industry shift toward unified security control planes that span digital and physical environments. As enterprises deploy AI across applications, infrastructure, and operational systems, exposure management is becoming foundational to maintaining trust and resilience.

Going forward, the market is likely to reward platforms that can translate raw security data into prioritized, automated action aligned with business context. If executed effectively, this acquisition positions ServiceNow to extend its workflow-centric model deeper into cybersecurity operations, influencing how organizations manage risk across increasingly complex, AI-enabled environments.

Author

  • Paul Nashawaty

    Paul Nashawaty, Practice Leader and Lead Principal Analyst, specializes in application modernization across build, release and operations. With a wealth of expertise in digital transformation initiatives spanning front-end and back-end systems, he also possesses comprehensive knowledge of the underlying infrastructure ecosystem crucial for supporting modernization endeavors. With over 25 years of experience, Paul has a proven track record in implementing effective go-to-market strategies, including the identification of new market channels, the growth and cultivation of partner ecosystems, and the successful execution of strategic plans resulting in positive business outcomes for his clients.

    View all posts