by Jared Weiner | 12/31/2025
ServiceNow’s announced acquisition of Armis marks a significant moment in the evolution of the OT and extended IoT (XIoT) cybersecurity market. While acquisitions of OT security specialists have become more common, this deal stands out for what it signals about enterprise cybersecurity priorities and the growing centrality of cyber-physical systems.
At its core, the transaction reflects a continued move away from siloed cybersecurity tools toward unified, exposure-centric platforms spanning IT, OT, IoT, medical devices, and cloud infrastructure. As industrial organizations accelerate digital transformation and further integrate operational environments with enterprise systems, the ability to understand and manage risk across the entire attack surface has become foundational.
Historically, OT cybersecurity was treated as a specialized discipline, distinct from IT in tooling and ownership. That separation is eroding rapidly. The convergence of IT, OT, and IoT has expanded attack surfaces while dramatically increasing the potential business impact of a breach. Even brief disruptions in operational environments can halt production, compromise safety, and trigger cascading consequences.
This reality has fueled demand for asset-centric security models that deliver continuous visibility across heterogeneous environments. Armis has built its position around precisely this capability, while ServiceNow has become a system of record for enterprise workflows, risk, and governance. Bringing these together reinforces a key market truth, namely that cybersecurity decision-making increasingly occurs at the organizational level, even when risk originates deep within operations.
One of the clearest trends in OT cybersecurity is the shift from narrowly scoped point solutions toward integrated platforms that support multiple personas and use cases. Asset discovery alone is no longer sufficient, as organizations need context that ties assets to business processes, regulatory obligations, and operational criticality.
ServiceNow’s stated intent to integrate Armis into its broader security and risk portfolio aligns closely with this demand. Rather than treating OT and XIoT as adjacent concerns, the acquisition positions cyber-physical asset intelligence as a core input into enterprise exposure management and response workflows, a shift that is particularly relevant as CISOs with limited OT backgrounds assume responsibility for operational cyber risk. Earlier this year, Armis reinforced this platform-oriented strategy with its acquisition of OTORIO, extending its capabilities beyond asset intelligence into deeper OT security controls and strengthening its fit within ServiceNow’s broader exposure management vision.
The acquisition also adds momentum to an already active M&A environment. Over the past several years, leading automation vendors and IT security providers alike have moved aggressively to either acquire or tightly integrate OT cybersecurity capabilities. In this context, ServiceNow’s move mirrors recent deals such as Mitsubishi Electric’s acquisition of Nozomi Networks, while remaining distinct in its strategic orientation.
Where the Mitsubishi–Nozomi deal emphasized embedding OT cybersecurity expertise deeper into an industrial automation ecosystem, ServiceNow’s acquisition of Armis reflects the enterprise software angle of the same convergence trend. Both transactions are responses to the same underlying market forces: expanding attack surfaces, regulatory pressure, and customer demand for unified visibility across cyber-physical environments.
For Armis, the acquisition represents a clear inflection point. Becoming part of ServiceNow provides broader resources and deeper enterprise integration, while raising familiar execution questions. Preserving Armis’ ability to innovate, remain technology-agnostic, and serve complex industrial environments will be critical.
From a market perspective, the deal reinforces a central message that OT and XIoT cybersecurity are no longer peripheral concerns. They are integral to how organizations understand and manage enterprise-wide cyber exposure. As VDC’s research continues to show, the market is entering a new phase defined less by awareness and more by execution at scale.
The ServiceNow–Armis deal highlights how quickly OT and XIoT security are shifting from specialized disciplines to core components of enterprise cybersecurity strategy.
How is the convergence of OT, IT, and IoT shaping the industrial cybersecurity market? How do OT cybersecurity vendors help customers address compliance requirements? Which regulatory bodies are most influential in developing industry standards? How have SaaS-based solutions affected this market? VDC will cover these questions and more in its upcoming study on the global market for OT and XIoT cybersecurity solutions. For additional details, download our research outline or contact us for more information.