One Discovery, Zero Redundancy
How Zensar's integration architecture unifies ServiceNow ITOM Discovery and Armis — without enterprises paying twice for the same asset
Zensar Technologies | Cloud, Infrastructure & Security Practice
Enterprises deploying both ServiceNow ITOM Discovery and Armis face a costly and often overlooked problem: each platform independently discovers and licenses the same physical and virtual assets — effectively charging twice for the same device in your environment.
Zensar's innovative integration architecture eliminates this duplication. By establishing Armis as the authoritative source of truth for OT, IoT, and unmanaged device discovery, and feeding that enriched asset inventory directly into ServiceNow CMDB, enterprises achieve a single, unified asset record — with license consumption optimized across both platforms.
The result: up to 40% reduction in combined licensing costs, a richer CMDB, and a dramatically shorter path to IT/OT convergence.
The licensing redundancy problem Organizations investing in both ServiceNow ITOM Discovery and Armis quickly discover an uncomfortable financial reality: they are paying for the same assets twice. Both tools are exceptional at what they do individually — but their default deployment configurations treat discovery as a parallel, independent activity. How the duplication occurs ServiceNow ITOM Discovery uses pattern-based probes and sensors to scan IP ranges, authenticate into devices, and populate the CMDB with configuration items (CIs). Armis, by contrast, employs agentless, passive network traffic analysis to detect every connected device — including those that ServiceNow cannot reach due to authentication constraints, protocol limitations, or air-gapped network segments. When both tools run simultaneously without integration:
A Windows server is discovered by ServiceNow ITOM and licensed as a managed CI
The same server is detected by Armis via network fingerprinting and counted against the Armis asset license
An unmanaged IoT sensor is found only by Armis — but if ITOM later discovers it, it gets double-counted
OT devices in manufacturing may appear in both inventories, driving up license tiers in both platforms
ServiceNow ITOM Discovery strengths | Armis strengths |
Deep configuration data for managed IT assets via authenticated probes | Passive, agentless detection — no credentials required |
Native CMDB population and relationship mapping | Full visibility into IoT, OT, BMS, and unmanaged devices |
Process automation via workflows and change management | Real-time risk scoring and behavioral analysis |
Strong for servers, databases, cloud instances, and applications | Strong for medical devices, PLCs, cameras, HVAC, and shadow IT |
Licensed per CI count in the CMDB | Licensed per managed asset or device count |
The hidden cost
In a 10,000-device enterprise, a typical overlap analysis reveals that 55 – 70% of assets are discovered by both platforms. At average combined licensing costs of $30–$80 per asset annually, the redundant spend can reach $1.5Mn – $4Mn per year for identical asset records in two systems.
Zensar's integration architecture: One asset, one record
Zensar's CIS practice has developed a proven integration pattern that establishes a clear division of labor between ServiceNow ITOM Discovery and Armis, eliminating redundant discovery while enriching the CMDB beyond what either tool can achieve alone.
The core principle: Source-of-truth zoning
Rather than running both discovery engines over the same asset population, Zensar's architecture segments the discovery surface into zones, each with a designated authoritative source:
Asset zone | Authoritative source | Rationale |
Managed IT (servers, VMs, cloud instances, workstations) | ServiceNow ITOM Discovery | Deep config data, authenticated access, native CMDB integration |
IoT /smart devices (cameras, printers, BMS, access control) | Armis | Agentless detection; most devices lack SSH/WMI support |
OT/ICS /SCADA (PLCs, RTUs, HMIs, industrial sensors) | Armis | Air-gapped or protocol-isolated; passive monitoring is safer |
Medical/healthcare devices (if applicable) | Armis | FDA compliance requirements; no active scanning permitted |
Unmanaged/shadow IT (BYOD, rogue endpoints) | Armis | Not enrolled in any management platform; only detectable passively |
Cloud-native assets (containers, serverless, PaaS) | ServiceNow ITOM Discovery + CSDM | Dynamic provisioning; native cloud integrations in ITOM |
The integration flow Zensar implements a bi-directional, event-driven integration between Armis and ServiceNow using a three-layer architecture: Layer 1: Armis as the OT/IoT Discovery Engine Armis continuously discovers and classifies all network-connected devices via passive traffic analysis. Its asset inventory is enriched with device type, manufacturer, firmware version, vulnerability score, and network behavior profile. Critically, Armis does not require agents, credentials, or active probing — making it safe for sensitive OT and medical environments. Layer 2: Selective CMDB Population via the ServiceNow Armis Connector Zensar configures the native ServiceNow Armis Connector (available on the ServiceNow Store) with custom scoping rules that define which Armis-discovered devices should be promoted into the CMDB as authoritative CIs, and which should remain in Armis only. This prevents Armis-sourced records from bloating CMDB CI counts unnecessarily. Key configuration decisions Zensar helps clients make:
Which Armis device categories map to existing CI classes (cmdb_ci_ip_switch, cmdb_ci_iot_device, etc.).
De-duplication rules: if ServiceNow ITOM has already discovered an asset via IP/MAC matching, Armis enriches that existing CI rather than creating a new one.
Reconciliation priority: ServiceNow ITOM configuration data takes precedence for IT assets; Armis data takes precedence for OT/IoT assets.
License suppression: Armis-sourced CIs that duplicate ITOM-managed records are flagged to avoid double-counting in ITOM license consumption.
Layer 3: CMDB Reconciliation and License Governance Zensar deploys a custom ServiceNow Scheduled Script that runs CMDB health checks against a purpose-built Asset Overlap Dashboard. This dashboard identifies:
Assets present in both Armis and ITOM discovery scope — candidates for source rationalization
Assets where Armis and ITOM hold conflicting attribute values — requiring reconciliation rules
Assets discovered only by Armis that have been unnecessarily promoted into the ITOM-licensed CI count
License optimization recommendations: assets that can be removed from the ITOM scan scope because Armis provides sufficient coverage
Zensar innovation: The Overlap Suppression Flag
Zensar's architects have developed a custom CMDB attribute — u_armis_primary_source — that marks Armis-sourced CIs that are outside the ITOM Discovery scan scope. When this flag is set, the CI is maintained by Armis data but explicitly excluded from ITOM license calculations.
This elegant solution preserves full CMDB visibility while ensuring customers are billed only once — by the tool that actually owns discovery for that asset class.
Implementation approach: Zensar's phased delivery model
Zensar's CIS practice delivers this integration through a structured engagement designed to achieve quick wins while building toward full IT/OT convergence:
Phase | Activities | Outcomes |
Phase 1: Weeks 1–3 Discovery and overlap analysis | • Asset population audit across ITOM and Armis • License consumption analysis • Overlap quantification by device class • Source-of-truth zoning workshop | • Overlap report with cost impact • Agreed zoning model • Business case for integration |
Phase 2: Weeks 4–7 Connector configuration | • ServiceNow Armis Connector deployment • CI class mapping and de-duplication rules • ITOM scan scope refinement • Overlap suppression flag deployment | • Live integration between Armis and CMDB • Elimination of duplicate CI creation • Measurable license reduction |
Phase 3: Weeks 8–11 Reconciliation and governance | • CMDB Health dashboard deployment • Asset Overlap Dashboard • Runbook and governance playbook • ServiceNow CSDM alignment | • Ongoing overlap prevention • Audit-ready CMDB • Platform for future IT/OT use cases |
Phase 4: Weeks 12+ Advanced use cases | • Vulnerability management integration (Armis CVE → ServiceNow VR) • Incident enrichment with Armis device context • OT change management workflows • Security Operations Center (SOC) integration | • Unified risk posture • Faster MTTR for OT incidents • IT/OT convergence realized |
Value delivered: Beyond licensing savings While the immediate financial benefit of eliminating duplicate licensing is compelling, Zensar's integration architecture delivers value across four dimensions: Financial value
Typically, a 30 – 45% reduction in combined ITOM + Armis licensing costs
Elimination of manual reconciliation effort between two separate asset inventories
Avoidance of CMDB bloat that inflates per-CI pricing tiers
Faster ROI on both platform investments by maximizing utilization of each tool's unique capabilities
Operational value
A single, authoritative CMDB as the system of record for all asset types — IT, OT, IoT, cloud
Richer CI records that combine ITOM's deep configuration data with Armis's real-time behavioral and risk context
Reduced MTTR: incidents automatically enriched with full asset context from both sources
Change management extended to OT environments previously invisible to ServiceNow
Risk and compliance value
Complete asset visibility eliminates blind spots that attackers exploit in OT and IoT environments
Armis vulnerability data surfaced in ServiceNow Vulnerability Response for unified remediation workflows
Audit-ready CMDB with clear data lineage — every CI traced to its authoritative discovery source
NERC CIP, IEC 62443, and NIST CSF compliance supported through unified OT asset inventory
Strategic value
Foundation for IT/OT convergence — the CMDB becomes the common operating picture for both IT and OT teams
Enables security operations to correlate IT alerts with OT device behavior in a single platform
Positions the organization to adopt ServiceNow OT management and Armis Centrix advanced capabilities without architectural rework
Reduces dependency on manual spreadsheet-based asset tracking in manufacturing and facilities teams
Client scenario: Manufacturing enterprise
Illustrative scenario
A global manufacturing client with 18 production facilities was running ServiceNow ITOM Discovery for its 12,000 IT assets and Armis for its 8,500 OT/IoT devices — with 3,200 assets appearing in both inventories.
Before Zensar's engagement: Combined platform licensing was $2.8Mn annually, with significant overlap cost and two separate teams maintaining disconnected asset inventories.
After Zensar's integration: The 3,200 overlapping assets were rationalized — ITOM continued managing 2,100 as IT assets, while 1,100 were reclassified as Armis-primary OT devices and removed from ITOM scan scope. The remaining 900 Armis-only devices were selectively promoted to the CMDB with the overlap suppression flag set.
Outcome: $780,000 in annual licensing savings, a 94% reduction in CMDB reconciliation effort, and a unified asset view enabling the client's first OT-aware Change Advisory Board process.
Why Zensar Zensar's Cloud, Infrastructure, and Security practice brings a rare combination of deep ServiceNow ITOM expertise and OT/IoT security knowledge that most integrators cannot match:
ServiceNow Elite Partner with specialized ITOM and CMDB practice — certified architects and implementation specialists
Armis integration experience across manufacturing, healthcare, energy, and financial services verticals
Proprietary integration accelerators: pre-built CI class mappings, de-duplication rulesets, and the Overlap Suppression framework
CMDB governance methodology aligned to ServiceNow CSDM 4.0 — ensuring the integration supports long-term platform health
Flexible engagement models: fixed-price Phase 1 overlap assessment available for rapid business case development
Ongoing managed services for CMDB governance and Armis-ServiceNow data quality assurance
Ready to stop paying twice?
Zensar's CIS practice offers a complimentary Asset Overlap Assessment — a two-week engagement that quantifies your duplicate licensing exposure and produces a business case for integration.
Contact your Zensar account team or reach out to the CIS practice directly to schedule your assessment.
zensar.com/CIS | Cloud, Infrastructure & Security Practice
ServiceNow and ITOM Discovery are trademarks of ServiceNow, Inc. Armis and Armis Centrix are trademarks of Armis Security, Inc. All other trademarks are the property of their respective owners. Cost savings and outcome figures cited are illustrative estimates based on Zensar client engagement experience and should not be construed as guaranteed results.