Sacra estimates that Armis hit $300M in annual recurring revenue (ARR) in July 2025, up from $200M in August 2024. The company had previously reached $100M ARR in early 2023.

Armis sells software that helps organizations identify and secure connected devices across their networks, including laptops, industrial machines, and medical equipment. In 2024, its medical device security product accounted for roughly a quarter of revenue. Armis reports serving over 40% of the Fortune 100 and has added enterprise customers across industries.

Armis recently completed an employee tender offer of approximately $100 million that valued the company at $4.5 billion, up from a $4.2 billion valuation in October 2024. The tender was participated in by Georgian and G Squared, providing liquidity to employees ahead of the company's planned 2026 IPO.

The company has raised over $800 million in total funding across six rounds since 2015. The most recent Series D round in October 2024 brought in $200 million led by General Catalyst and Alkeon Capital, with participation from Brookfield Growth and Georgian. Other key investors across previous rounds include Insight Partners, CapitalG, and One Equity Partners.

Armis is an agentless cybersecurity platform that acts as a real-time radar system for every device connected to an organization's network, including assets that cannot run traditional security software like MRI scanners, industrial robots, and smart building systems.

The platform works by mirroring network traffic from taps and SPAN ports, deploying lightweight virtual appliances across subnets, and connecting to cloud APIs from AWS, Azure, and ServiceNow. No software needs to be installed on endpoints, allowing Armis to discover and monitor even fragile programmable logic controllers and IoT devices. The system compares packet streams against its Asset Intelligence Engine, an AI-trained catalog of billions of device fingerprints crowdsourced across customers, to identify each asset and assign dynamic risk scores.

The Centrix platform offers modular capabilities including asset management with complete enterprise inventory and software bills of materials, OT/IoT security with deep protocol parsing for industrial systems, medical device security with FDA-aligned risk models, and vulnerability prioritization that correlates CVEs with live exploitability data. The 2025 release adds actionable threat intelligence from dark web monitoring and a generative AI assistant that lets analysts query their environment in natural language.

Armis operates a B2B SaaS model with subscription-based pricing tied to the number of devices under management and enterprise deployment scale. The company monetizes through tiered pricing that scales with asset count, allowing customers to start with smaller deployments and expand coverage as they discover more devices across their infrastructure.

The platform's agentless architecture creates a significant competitive moat by eliminating the operational overhead of agent deployment and maintenance that traditional endpoint security solutions require. This approach enables rapid customer onboarding and reduces the total cost of ownership, particularly for organizations with large numbers of unmanaged IoT and OT devices.

Armis has built a multi-channel go-to-market strategy combining direct sales with a growing partner ecosystem. The company launched its ARC reseller program to expand reach through channel partners, while also maintaining strategic partnerships with major cloud providers and security vendors. The business model benefits from strong expansion revenue as customers typically start with specific use cases like medical device security or OT visibility, then expand to comprehensive asset management across their entire infrastructure.

Claroty leads the industrial OT security market with deep packet inspection capabilities and has successfully pivoted to SaaS with 80% of new revenue coming from cloud deployments. The company differentiates through comprehensive industrial protocol support and micro-segmentation capabilities, though it faces challenges with complex pricing and limited international reach. Nozomi Networks competes directly with wireless asset detection and OT endpoint agents, commanding premium pricing but showing slower cloud adoption rates.

Dragos focuses exclusively on industrial environments with managed threat hunting services, building a strong brand in utilities but offering narrower device coverage than Armis. Hospital-centric players like Ordr, Cylera, and Asimily target the medical IoT market with lower pricing but lack the cross-vertical depth that enterprise customers increasingly demand.

Cisco bundles device visibility into its Catalyst switches and ThousandEyes platform, offering native network segmentation enforcement that pure-play vendors cannot match. This integration advantage allows Cisco to include IoT security as part of broader infrastructure refreshes, creating pricing pressure on standalone solutions.

Palo Alto Networks and Fortinet are embedding asset discovery into their firewall and SASE platforms, leveraging existing customer relationships to expand into device security. These incumbents can offer IoT visibility as an add-on to existing security contracts, making it difficult for specialized vendors to justify separate budget allocations.

CrowdStrike has expanded beyond endpoint detection to include asset discovery through its Falcon platform, leveraging its strong brand in threat detection to capture IoT security budgets. The company's AI-driven analytics and incident response capabilities create a compelling integrated offering for security operations teams.

Tanium specializes in endpoint management with tailored solutions for both IT operations and security, offering real-time asset inventory and configuration management that competes with Armis's core value proposition in managed device environments.

The acquisition of OTORIO for $120 million brings on-premises OT security capabilities that enable Armis to serve air-gapped environments in defense, utilities, and nuclear facilities that cannot use cloud-based tools. This expands addressable market into the $12 billion critical infrastructure security segment where data sovereignty requirements previously blocked cloud solutions.

Armis Secure Remote Access, developed through partnership with Xage, layers zero-trust identity and privileged access management on top of the Centrix platform. This creates a second major product line targeting operators of remote assets like wind farms and satellite networks, opening new revenue streams beyond traditional asset discovery.

The Silk Security acquisition adds vulnerability prioritization and automated remediation capabilities, positioning Armis as a comprehensive exposure management platform spanning IT, IoT, OT, and cloud environments rather than just an asset discovery tool.

The on-premises deployment model unlocks government agencies and defense contractors that cannot send data to cloud platforms, representing a significant expansion beyond Armis's traditional enterprise customer base. Healthcare organizations with 230+ bed hospitals represent another high-value expansion opportunity, as Centrix already integrates with FDA recall databases and medical device risk frameworks.

Mid-market manufacturing represents substantial growth potential as zero-trust remote access capabilities remove the truck roll costs that previously made comprehensive asset management prohibitively expensive for smaller factories. The platform's agentless architecture makes it particularly attractive to manufacturers with legacy industrial systems.

European and Middle Eastern utilities represent major expansion opportunities as on-premises deployment options combined with GDPR-compliant policy engines meet data sovereignty requirements under NIS2 and regional critical infrastructure regulations. The Xage partnership provides channel access in Brazil and Asia-Pacific markets through existing relationships with energy companies and transportation hubs.

International expansion is supported by $200 million in Series D funding specifically earmarked for geographic market development and localized go-to-market capabilities.

Incumbent bundling: Major network and security vendors like Cisco, Palo Alto Networks, and Fortinet are embedding asset discovery capabilities into existing infrastructure platforms, allowing them to offer IoT security as part of broader contract renewals rather than separate budget line items. This bundling strategy could compress standalone pricing and make it difficult for Armis to justify dedicated security budgets.

Synthetic data emergence: The rapid advancement of AI-generated synthetic data and automated vulnerability assessment tools could reduce demand for comprehensive real-time asset discovery platforms. If organizations can effectively model their device environments and security posture through synthetic means, the value proposition of continuous network monitoring may diminish significantly.

Regulatory fragmentation: Increasing data sovereignty requirements and divergent cybersecurity regulations across regions create operational complexity for a global platform approach. As countries implement distinct requirements for critical infrastructure protection and data handling, Armis may need to maintain separate regional deployments and compliance frameworks, increasing costs and reducing operational efficiency.