Logo
Daily Brief
Following
The Race to Build the Security Operating System

The Race to Build the Security Operating System

Enterprise software giants are spending tens of billions to become the single platform controlling cybersecurity across IT, cloud, and critical infrastructure

Overview

ServiceNow just agreed to pay $7.75 billion in cash for Armis, a cybersecurity startup that tracks vulnerabilities across hospital medical devices, factory equipment, and corporate networks. It's ServiceNow's largest acquisition ever—and its third billion-dollar security buy in 2025 alone. CEO Bill McDermott calls it building an "AI control tower" for cybersecurity. Wall Street calls it a land grab.

The deal caps a frenzied 21 months where enterprise software companies and tech giants spent over $90 billion acquiring cybersecurity firms. Google bought Wiz for $32 billion. Palo Alto grabbed CyberArk for $25 billion. Cisco swallowed Splunk for $28 billion. The common thread: companies with 83 security tools from 29 vendors are desperate to consolidate, and the winners will control the operating system layer for enterprise security.

15 Sources:
+9
ServiceNow Investor Relations TechCrunch Bloomberg CNBC Armis Google Cloud Blog Infosecurity Magazine NowBen TechTarget Help Net Security Cloud Wars Insight Partners Federal Trade Commission CNBC CNBC

Key Indicators

$90B+
Spent on cybersecurity M&A in 21 months
Cisco-Splunk ($28B), Google-Wiz ($32B), Palo Alto-CyberArk ($25B), ServiceNow's 2025 spree ($11.6B)
83
Average security tools per enterprise
From 29 different vendors—driving 70% of organizations to pursue consolidation
3
Billion-dollar acquisitions by ServiceNow in 2025
Moveworks ($2.85B), Veza ($1B), Armis ($7.75B)—transforming from IT ticketing to security platform
50%+
Armis revenue growth rate
$340M annual recurring revenue, serving 35% of Fortune 100, grew from $200M ARR in 18 months
3x
ServiceNow's security market expansion
CFO projects Armis deal will triple addressable market for security and risk solutions

People Involved

Bill McDermott
Bill McDermott
CEO, ServiceNow (Leading $11.6 billion acquisition spree in 2025, contract extended to 2030)
Yevgeny Dibrov
Yevgeny Dibrov
Co-Founder and CEO, Armis (Leading Armis through $7.75 billion ServiceNow acquisition, second major exit)
Assaf Rappaport
Assaf Rappaport
Co-Founder and CEO, Wiz (Sold Wiz to Google for $32 billion after rejecting $23 billion offer in 2024)
Marc Benioff
Marc Benioff
CEO, Salesforce (Competing with ServiceNow by entering IT service management market)

Organizations Involved

ServiceNow, Inc.
ServiceNow, Inc.
Enterprise Software Platform
Status: Acquiring Armis for $7.75B after $3.85B in prior 2025 security acquisitions

Enterprise workflow platform competing to become the operating system layer for business operations and security.

AR
Armis
Cybersecurity Startup
Status: Being acquired by ServiceNow for $7.75B, second-half 2026 close expected

Cyber exposure management platform providing visibility across IT, OT, IoT, and medical devices for critical infrastructure protection.

WI
Wiz
Cloud Security Startup
Status: Acquired by Google for $32 billion in March 2025

Cloud security platform acquired by Google for record $32 billion.

Palo Alto Networks
Palo Alto Networks
Cybersecurity Platform
Status: Acquiring CyberArk for $25 billion, expected close early 2026

Network security giant pursuing platformization through identity and access management acquisition.

Timeline

  1. ServiceNow Announces $7.75B Armis Acquisition

    Acquisition

    All-cash deal for asset visibility platform, ServiceNow's largest acquisition ever. Expected close second-half 2026.

  2. ServiceNow Acquires Veza for ~$1B

    Acquisition

    Identity security firm Veza adds privileged access capabilities to ServiceNow's security portfolio.

  3. Armis Closes $435M Pre-IPO Round at $6.1B

    Funding

    Goldman Sachs and CapitalG lead round as Armis prepares for 2026 IPO with $340M ARR growing 50%+.

  4. Palo Alto Confirms $25B CyberArk Deal

    Acquisition

    Second-largest cybersecurity acquisition, CyberArk shareholders get $45 cash plus 2.2 shares per share.

  5. Palo Alto-CyberArk Talks Surface

    Deal Rumors

    Reports emerge of $20B+ acquisition discussions between Palo Alto Networks and identity security firm CyberArk.

  6. Google Announces $32B Wiz Acquisition

    Acquisition

    Largest cybersecurity deal ever, Google's biggest purchase outright. DOJ clears merger after antitrust review.

  7. ServiceNow Acquires Moveworks for $2.85B

    Acquisition

    ServiceNow's first billion-dollar+ security acquisition, adding AI assistant and agentic reasoning capabilities.

  8. Armis Raises $200M at $4.2B Valuation

    Funding

    General Catalyst and Alkeon Capital lead Series D, surpassing $200M annual recurring revenue.

  9. Mastercard Buys Recorded Future for $2.65B

    Acquisition

    Financial services firm acquires threat intelligence company, expanding non-security buyers into cybersecurity.

  10. Wiz Rejects Google's $23B Offer

    Deal Rejected

    Cloud security startup Wiz turns down Google acquisition citing antitrust concerns under Biden administration.

  11. Cisco Completes $28B Splunk Acquisition

    Acquisition

    Cisco closes massive purchase of security analytics platform Splunk, signaling start of consolidation wave.

Scenarios

1

Platform Monopolies: Three Giants Control Enterprise Security by 2028

Discussed by: Gartner, Forrester, Cloud Wars analysts tracking platformization trends

The consolidation accelerates as Google-Wiz, Microsoft-security portfolio, and ServiceNow-Armis become the three dominant security operating systems. Enterprises slash from 83 tools to under 15, concentrating spending with platform vendors who offer unified visibility from endpoint to cloud. Smaller security startups either get acquired or die—venture funding dries up for point solutions. CISOs who bet early on platforms realize 101% ROI and 72-day faster incident detection. Those who don't consolidate face talent shortages managing fragmented tools and fall further behind. Regulatory pressure grows around platform market power, but agencies struggle to define remedies. The $212 billion cybersecurity market becomes winner-take-most.

2

Antitrust Crackdown Blocks Mega-Deals, Fragmentation Persists

Discussed by: Antitrust scholars, FTC observers noting 2024 serial acquisition scrutiny

Regulators reverse course after clearing Google-Wiz, blocking the Palo Alto-CyberArk and ServiceNow-Armis deals as anticompetitive roll-ups. The FTC argues that eliminating security specialists reduces innovation and locks enterprises into platform vendor ecosystems. Legal battles drag into 2027. Blocked deals chill M&A activity, forcing platforms to build capabilities organically—slower and more expensive. Armis and CyberArk pursue successful IPOs. Enterprises remain stuck managing dozens of vendors, but specialized tools advance faster without platform absorption. Security fragmentation persists, but best-of-breed solutions thrive.

3

AI Security Redefines Platforms: Agentic Defense Becomes the Game

Discussed by: Security researchers, AI analysts, enterprise CIOs experimenting with autonomous agents

The platform wars pivot from vendor consolidation to AI agent capabilities. Enterprises discover that unified dashboards matter less than autonomous AI agents that detect, investigate, and remediate threats without human intervention. ServiceNow's "AI control tower" vision plays out—Armis asset visibility feeds AI agents that automatically patch vulnerabilities, isolate compromised devices, and orchestrate incident response across IT and OT environments. Competitors rush to match agentic security capabilities. The differentiator isn't breadth of security tools but quality of AI reasoning and speed of autonomous action. Companies that win on agent intelligence capture the market regardless of how many acquisitions they made.

4

Armis Integration Disaster: ServiceNow Overpaid, Enterprise Customers Revolt

Discussed by: Technology industry observers citing historical mega-acquisition failures

ServiceNow struggles to integrate Armis's OT and IoT asset visibility with its IT service management platform. Cultural clashes emerge—Armis's startup engineers resist ServiceNow's enterprise processes. Key Armis talent leaves despite $500 million retention packages. Customers complain that Armis functionality deteriorates post-acquisition while ServiceNow bundles force them to buy unwanted products. Security-focused buyers defect to Palo Alto Networks and pure-play vendors. Wall Street punishes ServiceNow's stock as the Armis deal fails to deliver promised synergies. McDermott faces board pressure. The acquisition becomes a cautionary tale about platform overreach, and consolidation enthusiasm cools across the industry.

Historical Context

Cisco's Acquisition Binge (1993-2000)

1993-2000

What Happened

Cisco executed over 70 acquisitions during the dot-com boom to build a comprehensive networking platform, spending billions to add capabilities rather than building organically. The strategy made Cisco the most valuable company in the world by March 2000 at $555 billion market cap. Then the dot-com crash hit, integration challenges surfaced, and Cisco's value plummeted 86% in two years.

Outcome

Short term: Cisco dominated networking equipment but faced massive write-downs and integration nightmares post-crash.

Long term: Cisco remained a networking leader but never regained its growth trajectory or platform dominance aspirations.

Why It's Relevant

ServiceNow's $11.6B acquisition spree in 2025 mirrors Cisco's platform-building strategy—betting that breadth beats depth and that integration challenges are manageable. History suggests otherwise.

Salesforce Platform Consolidation (2011-2016)

2011-2016

What Happened

Salesforce acquired ExactTarget ($2.5B), Demandware ($2.8B), and dozens of smaller companies to transform from CRM into a complete marketing and commerce cloud platform. The strategy worked—Salesforce grew from $2B to $8B in revenue by expanding beyond its core product into adjacent enterprise workflows.

Outcome

Short term: Acquisitions successfully expanded Salesforce's addressable market and deepened customer relationships.

Long term: Salesforce became a $30B+ revenue platform, validating platform consolidation for enterprise software.

Why It's Relevant

ServiceNow is following Salesforce's playbook, expanding from IT service management into security and business workflows. The question: can ServiceNow execute integrations as effectively as Salesforce did?

Symantec's Failed Security Consolidation (2010-2019)

2010-2019

What Happened

Symantec acquired VeriSign ($1.28B), Clearwell ($390M), and dozens of security companies to build a unified platform protecting endpoints, networks, and data. The strategy collapsed under integration complexity and product bloat. Customers complained about buggy software and poor support. Symantec's market share eroded as nimble startups delivered better point solutions.

Outcome

Short term: Revenue grew through acquisitions but profitability and customer satisfaction declined sharply.

Long term: Symantec split into two companies in 2019, selling enterprise security to Broadcom for $10.7B at a fraction of peak value.

Why It's Relevant

A cautionary tale for ServiceNow and Palo Alto: buying security companies is easy, integrating them into a coherent platform that customers actually want is brutally hard.