ServiceNow Acquires Armis for 7-Billion-Device IoT Visibility Play

ServiceNow Bets on Asset-Centric Security at Scale

ServiceNow completed its acquisition of Armis on April 22, 2026, pulling 7 billion tracked devices—spanning OT, IoT, medical equipment, and cloud assets—into its AI-powered security operations platform. The deal combines Armis's non-invasive asset discovery with Veza's identity mapping, acquired in March 2026, creating a unified view of what's connected and who can access it. For enterprise buyers, this means one less vendor relationship and a clearer path to visibility across previously siloed environments.

The integration targets a persistent gap: legacy security tools miss OT and IoT devices because they sit outside traditional IT networks. Armis fills that void with real-time asset intelligence that doesn't require agents or network disruption. Pairing this with Veza's identity governance closes the loop on pre- and post-breach scenarios, a critical requirement as agentic AI environments blur the line between IT and operational technology.

What This Means for Vendor Consolidation

ServiceNow's move shifts the competitive landscape toward platforms that bundle asset discovery, threat detection, and identity management. Microsoft updated Defender for IoT in January 2026 with enhanced vulnerability management and anomaly detection, leaning into its Azure-centric ecosystem. Fortinet expanded FortiGate and FortiNAC in October 2025 to automate IoT/OT segmentation at the network layer. Standalone players like Forescout now face pressure to prove differentiated value against integrated offerings.

The trend favors buyers already committed to ServiceNow's ecosystem. If your security operations center runs on ServiceNow, adding Armis-powered asset intelligence reduces integration friction and vendor sprawl. The alternative—stitching together point solutions from Forescout, Tenable, or Claroty—carries higher operational overhead and multiplies API dependencies. The 7-billion-device scale matters because it signals maturity in asset classification, a foundation for automated response workflows.

Market Dynamics Favor Platforms Over Point Tools

The global IoT security market hit $28.67 billion in 2025 and is projected to reach $80.30 billion by 2031, a compound annual growth rate of 18.7%. In the U.S., the segment touched $43.1 billion in 2025, with forecasts climbing to $302.4 billion by 2034 at a 23.21% CAGR. Growth is driven by industrial environments adding connected sensors, medical devices proliferating in healthcare networks, and manufacturers digitizing production lines.

Buyers face a choice: pay for depth in a single domain or accept broader coverage with less customization. ServiceNow's bet is that breadth wins when the alternative is managing six vendor relationships to cover IT, OT, identity, and cloud. Microsoft makes the same argument with Defender for IoT bundled into existing licensing. Fortinet pitches network-integrated security that doesn't require a separate asset database. Each model works, but the economics tilt toward platforms when total cost of ownership includes integration labor and analyst training.

KORE's Sale Adds Vendor Stability Risk

KORE Group Holdings, a managed IoT connectivity and security provider, faces a shareholder investigation into its proposed $1 billion-plus sale to Searchlight Capital Partners and Abry Partners, announced in late April 2026. The probe questions board conduct and deal fairness, introducing uncertainty around leadership continuity and customer roadmaps. For enterprises running distributed IoT deployments on KORE's platform, this raises immediate questions about service-level agreement enforcement and data migration planning.

Competitors like Twilio, Aeris, 1NCE, and Telit stand to gain from any KORE customer defections. Buyers dependent on KORE for cellular connectivity, device onboarding, or fleet security should model alternative providers now rather than during a forced transition. The risk premium in RFPs shifts toward vendors with stable ownership and transparent governance. Multi-carrier platforms that abstract away provider lock-in become more attractive when single-vendor relationships carry execution risk.

What to Watch

ServiceNow hasn't disclosed Armis deal terms or pricing for the integrated platform. Buyers should expect bundled offers that tie asset intelligence to existing ServiceNow seats, likely through module add-ons rather than standalone SKUs. The value case depends on whether your environment has meaningful OT or IoT exposure—if 90% of your assets are traditional IT endpoints, Armis adds marginal value. If you manage industrial control systems, medical devices, or building automation, the visibility gap is real.

Microsoft's January update to Defender for IoT signals continued investment in cloud-native security stacks. Buyers committed to Azure should compare feature parity with ServiceNow's offering, particularly around anomaly detection and automated remediation. Fortinet's October 2025 expansions target network-first buyers who prefer segmentation over asset catalogs.

The KORE investigation warrants close monitoring if you're a customer. Request written confirmation of service continuity guarantees and verify escrow arrangements for source code and configuration data. If KORE's sale collapses or drags into 2027, customer attrition could accelerate, creating service degradation risk. Budget discretionary spend toward multi-homing IoT connectivity across two providers to reduce single points of failure.