CTOLCTOL Solutions
CTOL Digital SolutionsCTOL Digital Solutions FRCTOL Digital Solutions DACHCTOL 디지털 솔루션希图科技シートーデジタル解決Soluções Digitais CTOLCTOL Soluciones Digitales
News
Services CIO/CTO AdvisoryCloud ComputingDigital Marketing and SalesData Science and Business IntelligenceGenerative AI for BusinessWeb3 and Defi for EnterpriseWeb and Mobile Apps DevelopmentDigital Business ConsultancyLegacy App ModernizationWeb Design and User Experience
Industries Aerospace and DefenseAutomotiveBankingCapital MarketsCommunications and MediaConsumer Goods and ServicesEnergyHealth and Health CareInternetManufacturingInsurancePublic & Social SectorRetailTravelTelecommunicationsPharmaPrivate Equity & venture CapitalEducationOil and GasReal EstateConstruction and Building MaterialLegal ServicesGastronomy and Hospitality
InsightsSoftwareAI Tools
Contact Us

Armis’ $435 Million Pre-IPO Gamble: Is “Exposure Management” the Real Deal or Just Hype?

By
Tomorrow Capital
5 min read
InternetPrivate Equity & venture CapitalApp

Armis’ $435 Million Pre-IPO Gamble: Is “Exposure Management” the Real Deal or Just Hype?

Goldman Sachs and CapitalG are betting $6.1 billion that connecting every corner of cybersecurity could build the next CrowdStrike. The market’s about to find out if they’re right.

SAN FRANCISCO — When Armis CEO Yevgeny Dibrov turned down buyout offers earlier this year, he wasn’t simply defending his company’s independence. He was doubling down on a vision — that “cyber exposure management,” the unglamorous but vital job of spotting every device, every risk, and every blind spot inside an organization, could grow into a $100 billion industry of its own instead of just another add-on to Microsoft’s security suite.

That conviction just got a massive endorsement. On November 5, Goldman Sachs Alternatives and Alphabet’s CapitalG led a $435 million pre-IPO round valuing Armis at a hefty $6.1 billion — up 45% from October 2024. The company now pulls in over $300 million in annual recurring revenue, growing at more than 50% year-over-year, and counts 40% of the Fortune 100 as customers, including seven of the top ten.

But the timing is tricky. Cybersecurity has never looked more crowded, yet 70% of data breaches still come from assets companies didn’t even know existed. Internet-connected devices, factory control systems, cloud servers, and AI infrastructure keep multiplying, leaving security teams chasing shadows. As Irit Kahan, Managing Director at Goldman Sachs Alternatives, puts it, “The blind spots are outpacing the known vulnerabilities.”

The Twenty-Times Question

Armis’ valuation — about twenty times its current ARR — assumes a lot. To justify that number, the company must keep growing north of 40%, absorb three acquisitions made in just 18 months, and sprint toward $1 billion ARR within three years. For context, even CrowdStrike, the darling of cybersecurity, only hit a 22x ARR multiple at its height — and it didn’t juggle operational technology, cloud, and AI security acquisitions all at once.

“The number says as much as the pitch deck,” reads one internal investment memo. “Goldman and CapitalG aren’t just buying growth; they’re buying the flexibility to keep rolling up the edges of OT, IoT, and cloud while the market rewards anyone claiming to secure the entire surface.”

That’s a tall order. Armis faces competitors on three fronts: specialized OT players like Claroty and Nozomi (which Mitsubishi bought for $1 billion), asset management upstarts like Axonius, and tech giants like Microsoft and Palo Alto Networks, both of which now include IoT visibility at no extra cost. Armis’ advantage lies in its neutrality — it doesn’t tie customers to a single ecosystem. But that edge narrows with every update Microsoft makes to Defender for IoT.

What $435 Million Really Buys

Beneath the buzzwords, this new capital has three jobs to do. First, Armis needs to fuse its recent acquisitions into a single platform, Armis Centrix™, that genuinely shows every asset “from ground to cloud.” Second, it must expand overseas — especially in Europe, where new DORA and NIS2 rules require critical infrastructure operators to know every inch of their attack surface. Third, it has to fuel more acquisitions.

“If they use this cash to scoop up a few more niche teams — maybe in identity exposure, AI infrastructure security, or OT remediation — they can tell IPO investors, ‘We already did the consolidation you were expecting,’” says one investor. “That story earns a premium.”

Technology isn’t the worry. Armis scores 4.7 out of 5 on Gartner Peer Insights and topped Forrester’s Q3 2025 Wave for unified vulnerability management. The real challenge is go-to-market sprawl. Selling “ground to cloud” security means dealing with IT teams, factory engineers, and even facilities managers — each with its own slow decision cycle. Below $300 million ARR, that lag hides under new-customer growth. Above $500 million, it doesn’t.

CapitalG’s Derek Zanutto, who’s backed Armis since 2019, sees it differently: “Armis is building a multi-generational cybersecurity titan.” That phrase — “multi-generational” — says everything about how CapitalG views the company: as infrastructure, not just another feature.

The Ripple Effect

This round resets the bar for every late-stage cybersecurity startup. If Armis can command a $6.1 billion valuation at $300 million ARR with Fortune 100 penetration, smaller OT or IoT players chasing $3 billion valuations at half that revenue will need something truly unique to justify it. The bar just moved higher.

It also shows investors where not to play. Generic agentless discovery? Armis already owns it. Broad OT visibility? They bought Otorio. Exposure dashboards? That’s yesterday’s problem. The smarter move now is building tools that go from “exposure” to “action” — especially in factories or infrastructure systems where patching the wrong device could halt production. There’s also room for AI-driven environment mapping, compliance modules for Europe’s DORA and NIS2, and affordable mid-market versions that deliver most of Armis’ power at a fraction of the price.

But big players won’t stay idle. Microsoft and Palo Alto Networks could bundle IoT and OT visibility into their existing suites for next to nothing. If that happens, investors may question Armis’ ability to keep margins high. On the flip side, if Armis maintains 90% gross margins while growing 40% or more, it will prove “exposure management” isn’t just a buzzword — it’s a market worth billions.

What Comes Next

Armis aims to go public in late 2026 or early 2027. That gives the company roughly six quarters to prove it can pull all these moving parts together. Investors will be watching three key signs: how quickly it spends its war chest on acquisitions, whether it can close high-value deals in Europe and Asia at U.S. pricing levels, and how strong its customer retention looks — even though that metric wasn’t disclosed.

The ultimate question is simple: do enterprises really want one unified exposure platform, or is “platform” just fancy marketing for several stitched-together tools? Dibrov is betting on the first answer. Goldman and CapitalG clearly agree — they just wired $435 million to prove it.

By the end of 2026, we’ll know if “cyber exposure management” is the next great cybersecurity category or just another catchy slogan in the history books.

NOT INVESTMENT ADVICE

You May Also Like

This article is submitted by our user under the News Submission Rules and Guidelines. The cover photo is computer generated art for illustrative purposes only; not indicative of factual content. If you believe this article infringes upon copyright rights, please do not hesitate to report it by sending an email to us. Your vigilance and cooperation are invaluable in helping us maintain a respectful and legally compliant community.

Subscribe to our Newsletter

Get the latest in enterprise business and tech with exclusive peeks at our new offerings

We use cookies on our website to enable certain functions, to provide more relevant information to you and to optimize your experience on our website. Further information can be found in our Privacy Policy and our Terms of Service . Mandatory information can be found in the legal notice